CVE-2026-47066

Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in benoitc hackney allows Excessive Allocation. The Alt-Svc response header parser in src/hackneyaltsvc.erl does not guarantee forward progress. When parsetoken/2 receives a non-token, non-whitespace, non-comma byte e.g. !, @, =, ...

CVE-2026-47066

CVE-2026-47066 describes an Infinite Loop in the Alt-Svc header parser of benoitc’s hackney. The vulnerable component is the Alt-Svc response header parser (src/hackney_altsvc.erl); when parse_token/2 receives certain inputs, it may return the input unchanged, and skip_comma/1 can fail to progres...

ImageMagick: Heap Buffer Over-Write in json and yaml encoder of a single byte due to incorrect fix

An incorrect fix that was applied in GHSA-5592-p365-24xh could result in a heap buffer over-write of a single byte...

GHSA-533M-3WF6-C33V ImageMagick: Heap Buffer Over-Write of a single byte in the JP2 encoder.

An incorrect check in the JP2 will result in an heap buffer over-write of a single byte when specifying certain options...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write in the JP2 encoder. An attacker can cause a single-byte heap buffer overwrite by specifying certain options. Remediation A fix was pushed into the master branch but not yet published. References - GitHub Advisory -...

ImageMagick: Out-of-Bounds Read of a single byte in meta encoder

An of by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder...

PT-2026-41775

An of by one in the meta encoder could result in an out of bounds read of a single byte in the meta encoder...

Astra Linux - уязвимость в dnsmasq

A single-byte, non-arbitrary write/use-after-free flaw was discovered in dnsmasq. This flaw allows an attacker to send a crafted packet processed by dnsmasq, potentially causing a denial of service...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: spi: sun6i – reduced the DMA RX transfer width to a single byte. Through empirical testing, it has been determined that sometimes RX SPI transfers with DMA enabled may return corrupted data. This issue arises due to the loss of o...

CVE-2026-28520

arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device...

CVE-2026-28520

arduino-TuyaOpen before version 1.2.1 contains a single-byte buffer overflow vulnerability in the WiFiMulti component. When the victim's smart hardware connects to an attacker-controlled AP hotspot, the attacker can exploit the overflow to execute arbitrary code on the affected embedded device...

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...

CLSA-2025-1751271625 httpd: Fix of CVE-2020-35452

CVE-2020-35452: modauthdigest: Fix single zero byte stack overflow...

Oracle Linux 9 : php (ELSA-2025-7315)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7315 advisory. - Fix Leak partial content of the heap through heap buffer over-read CVE-2024-8929 - Fix Configuring a proxy in a stream context might allow for CRLF...

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...

php: Single byte overread with convert.quoted-printable-decode filter

A memory-related vulnerability was found in PHP’s filter handling system, particularly when processing input with convert.quoted-printable-decode filters. This issue can lead to a segmentation fault. This vulnerability is triggered through specific sequences of input data, causing PHP to crash...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2024-52533: Fixed a single byte buffer overflow in setconnectmsg bsc1233282 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the...

Security update for glib2

This update for glib2 fixes the following issues: CVE-2024-52533: Fix a single byte buffer overflow bsc1233282. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run the command listed for...