SUSE CVE-2025-40778

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

CVE-2025-40778

Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...

aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

...

CVE-2024-29026

Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit...

Lenient Parsing of Content-Length Header When Prefixed with Plus Sign

...

GHSA-P5Q9-86W4-2XR5 SMTP smuggling in Apache James

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

HTTP Request Smuggling

squid is vulnerable to HTTP Request Smuggling. The vulnerability is caused by lenient handling of chunked decoding, which could enable a remote attacker to conduct Request/Response smuggling beyond firewall and frontend security systems...

SUSE CVE-2022-24801

Twisted is an event-based framework for internet applications, supporting Python 3.6+. Prior to version 22.4.0rc1, the Twisted Web HTTP 1.1 server, located in the twisted.web.http module, parsed several HTTP request constructs more leniently than permitted by RFC 7230. This non-conformant parsing...

CVE-2022-24771 Improper Verification of Cryptographic Signature in node-forge

Forge also called node-forge is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.3.0, RSA PKCS1 v1.5 signature verification code is lenient in checking the digest algorithm structure. This can allow a crafted structure that steals padding bytes and uses...

SUSE: Security Advisory (SUSE-SU-2014:1220-4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

A flaw was found in HAProxy before 2.0.6. In legacy mode, messages featuring a transfer-encoding header missing the "chunked" value were not being correctly rejected. The impact was limited but if combined with the "http-reuse always" setting, it could be used to help construct an HTTP request...

Hiro: Weak crossdomain.xml

The e-mail list management service used by Blockstack operated by MailChimp has a lenient cross-domain flash policy -- this is not a vulnerability, however, the crossdomain.xml used by the mailing service is more lenient than used by normal web services...

USN-2771-1 click vulnerability

It was discovered that click did not properly perform input sanitization during click package installation. If a user were tricked into installing a crafted click package, a remote attacker could exploit this to escalate privileges by tricking click into installing lenient security policy for the...

openSUSE: Security Advisory for mozilla-nss (openSUSE-SU-2014:1232-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SuSE 11.3 Security Update : mozilla-nss (SAT Patch Number 9777)

Mozilla NSS was updated to version 3.16.5 to fix a RSA certificate forgery issue. - Antoine Delignat-Lavaud, security researcher at Inria Paris in team Prosecco, reported an issue in Network Security Services NSS libraries affecting all versions. He discovered that NSS is vulnerable to a variant ...

Firefox < 32.0.3 NSS Signature Verification Vulnerability (Mac OS X)

The version of Firefox installed on the remote host is prior to 32.0.3. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificate...

Firefox < 32.0.3 NSS Signature Verification Vulnerability

The version of Firefox installed on the remote host is prior to 32.0.3. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL certificate...

Firefox ESR 31.x < 31.1.1 NSS Signature Verification Vulnerability

The version of Firefox ESR 31.x installed on the remote host is prior to 31.1.1. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL...

Mozilla Thunderbird 24.x < 24.8.1 NSS Signature Verification Vulnerability (Mac OS X)

The version of Thunderbird 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL...

Firefox ESR 24.x < 24.8.1 NSS Signature Verification Vulnerability (Mac OS X)

The version of Firefox ESR 24.x installed on the remote host is prior to 24.8.1. It is, therefore, affected by a flaw in the Network Security Services NSS library, which is due to lenient parsing of ASN.1 values involved in a signature and can lead to the forgery of RSA signatures, such as SSL...