Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Veracode
Veracodeadded 2023/01/10 12:55 p.m.24 views

Improper Access Control

github.com/peterzen/goresolver is vulnerable to improper access control. The vulnerability exists because the owner name of RRSIG RRs is not validated which allows an attacker to gain access to other domains...

6.5CVSS6.5AI score0.00103EPSS
Exploits0References4Affected Software1
Veracode
Veracodeadded 2023/01/10 12:19 p.m.13 views

Improper Access Control

github.com/peterzen/goresolver is vulnerable to improper access control. The vulnerability exists because the root DNSSEC public keys are not properly validated which allows an attacker to gain root access privileges on an arbitrary domain...

7.5CVSS7.6AI score0.00098EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2022/12/27 9:17 p.m.15 views

CVE-2022-3347 Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain...

7.7AI score0.00098EPSS
Exploits0References2
Cvelist
Cvelistadded 2022/12/27 9:17 p.m.19 views

CVE-2022-3346 Incorrect DNSSEC validation due to unchecked owner names in github.com/peterzen/goresolver

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for...

6.6AI score0.00103EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2022/12/27 9:17 p.m.7 views

CVE-2022-3346 Incorrect DNSSEC validation due to unchecked owner names in github.com/peterzen/goresolver

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for...

6.4AI score0.00103EPSS
Exploits0References2
OSV
OSVadded 2022/09/29 5:25 p.m.17 views

GO-2022-1026 Incorrect validation of root DNSSEC public keys in github.com/peterzen/goresolver

DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation chain...

7.5CVSS7.4AI score0.00098EPSS
Exploits0References1
Rows per page
Query Builder