DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. The owner name of RRSIG RRs is not validated, permitting an attacker to present the RRSIG for an attacker-controlled domain in a response for...
6.5CVSS
6.3AI Score
0.001EPSS
DNSSEC validation is not performed correctly. An attacker can cause this package to report successful validation for invalid, attacker-controlled records. Root DNSSEC public keys are not validated, permitting an attacker to present a self-signed root key and delegation...
7.5CVSS
7.4AI Score
0.001EPSS
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same...
9.8CVSS
9.2AI Score
0.004EPSS
In postfix-mta-sts-resolver before 0.5.1, All users can receive incorrect response from daemon under rare conditions, rendering downgrade of effective STS...
6.9CVSS
5.6AI Score
0.001EPSS
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking...
8.8CVSS
8.4AI Score
0.013EPSS