Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1037348?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1037348?format=api", "purl": "pkg:deb/debian/pdns-recursor@3.7.3-1~bpo8%2B1", "type": "deb", "namespace": "debian", "name": "pdns-recursor", "version": "3.7.3-1~bpo8+1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.2.8-0+deb13u1", "latest_non_vulnerable_version": "5.2.8-0+deb13u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90807?format=api", "vulnerability_id": "VCID-12cd-ky6m-qkdg", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26153", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26302", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26342", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26383", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26156", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26224", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26272", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26278", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26233", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26174", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00094", "scoring_system": "epss", "scoring_elements": "0.26178", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244" }, { "reference_url": "https://security.archlinux.org/ASA-202005-10", "reference_id": "ASA-202005-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-10" }, { "reference_url": "https://security.archlinux.org/AVG-1163", "reference_id": "AVG-1163", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1163" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994394?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.4.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ugc-uygs-hqb8" }, { "vulnerability": "VCID-66sa-bc5p-jqde" }, { "vulnerability": "VCID-7dc3-qdk8-k7b2" }, { "vulnerability": "VCID-8tar-s444-zfac" }, { "vulnerability": "VCID-cdzz-8tc8-jucu" }, { "vulnerability": "VCID-m445-c6a1-uugf" }, { "vulnerability": "VCID-mkcs-362g-t7aq" }, { "vulnerability": "VCID-pjbp-1jgm-s3cg" }, { "vulnerability": "VCID-umcq-ztbz-qfb2" }, { "vulnerability": "VCID-vprj-j7u6-zbe7" }, { "vulnerability": "VCID-wmgd-z2j3-h7d9" }, { "vulnerability": "VCID-wywf-pmyt-zud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3" } ], "aliases": [ "CVE-2020-12244" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-12cd-ky6m-qkdg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81507?format=api", "vulnerability_id": "VCID-1jzb-z2bs-vbeb", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00414", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00418", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00433", "published_at": "2026-04-01T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00435", "published_at": "2026-04-02T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00434", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00426", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00423", "published_at": "2026-04-08T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00424", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00419", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074" }, { "reference_url": "https://security.archlinux.org/ASA-201701-29", "reference_id": "ASA-201701-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-29" }, { "reference_url": "https://security.archlinux.org/ASA-201701-30", "reference_id": "ASA-201701-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-30" }, { "reference_url": "https://security.archlinux.org/AVG-147", "reference_id": "AVG-147", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-147" }, { "reference_url": "https://security.archlinux.org/AVG-148", "reference_id": "AVG-148", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-148" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037349?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-2hee-f8gq-rycf" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-4c2u-n7p5-nfg4" }, { "vulnerability": "VCID-9p7x-52ad-vbh6" }, { "vulnerability": "VCID-a7xd-fyh3-xuaq" }, { "vulnerability": "VCID-ch2d-p2ru-23ex" }, { "vulnerability": "VCID-d4km-jg6b-2kh3" }, { "vulnerability": "VCID-h73s-nkfg-sqgc" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-mbq1-b3dr-1uc4" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" }, { "vulnerability": "VCID-tcp4-6r2n-6uer" }, { "vulnerability": "VCID-urr2-qrfd-vfeh" }, { "vulnerability": "VCID-vua1-5kz6-hban" }, { "vulnerability": "VCID-xxxv-krt4-tka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1" } ], "aliases": [ "CVE-2016-7073" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1jzb-z2bs-vbeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94183?format=api", "vulnerability_id": "VCID-2hee-f8gq-rycf", "summary": "An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3807", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00117", "published_at": "2026-04-08T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00116", "published_at": "2026-04-18T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00118", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3807" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807" }, { "reference_url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html" }, { "reference_url": "https://security.archlinux.org/ASA-201901-13", "reference_id": "ASA-201901-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-13" }, { "reference_url": "https://security.archlinux.org/AVG-856", "reference_id": "AVG-856", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-856" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3807", "reference_id": "CVE-2019-3807", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:N" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N" }, { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3807" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2019-3807" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hee-f8gq-rycf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81505?format=api", "vulnerability_id": "VCID-2m6r-ztcg-gbgu", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24667", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24675", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24743", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.2482", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24858", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.2463", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24699", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24747", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.2476", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24719", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24662", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074" }, { "reference_url": "https://security.archlinux.org/ASA-201701-29", "reference_id": "ASA-201701-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-29" }, { "reference_url": "https://security.archlinux.org/ASA-201701-30", "reference_id": "ASA-201701-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-30" }, { "reference_url": "https://security.archlinux.org/AVG-147", "reference_id": "AVG-147", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-147" }, { "reference_url": "https://security.archlinux.org/AVG-148", "reference_id": "AVG-148", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-148" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037349?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-2hee-f8gq-rycf" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-4c2u-n7p5-nfg4" }, { "vulnerability": "VCID-9p7x-52ad-vbh6" }, { "vulnerability": "VCID-a7xd-fyh3-xuaq" }, { "vulnerability": "VCID-ch2d-p2ru-23ex" }, { "vulnerability": "VCID-d4km-jg6b-2kh3" }, { "vulnerability": "VCID-h73s-nkfg-sqgc" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-mbq1-b3dr-1uc4" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" }, { "vulnerability": "VCID-tcp4-6r2n-6uer" }, { "vulnerability": "VCID-urr2-qrfd-vfeh" }, { "vulnerability": "VCID-vua1-5kz6-hban" }, { "vulnerability": "VCID-xxxv-krt4-tka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1" } ], "aliases": [ "CVE-2016-7068" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2m6r-ztcg-gbgu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94319?format=api", "vulnerability_id": "VCID-3e3b-z5bh-pban", "summary": "An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\\0' termination.) Under some conditions, this issue can lead to the writing of one '\\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08041", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08131", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08174", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08121", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0819", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08208", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08178", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08161", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08061", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08046", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10030" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10030" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994394?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.4.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ugc-uygs-hqb8" }, { "vulnerability": "VCID-66sa-bc5p-jqde" }, { "vulnerability": "VCID-7dc3-qdk8-k7b2" }, { "vulnerability": "VCID-8tar-s444-zfac" }, { "vulnerability": "VCID-cdzz-8tc8-jucu" }, { "vulnerability": "VCID-m445-c6a1-uugf" }, { "vulnerability": "VCID-mkcs-362g-t7aq" }, { "vulnerability": "VCID-pjbp-1jgm-s3cg" }, { "vulnerability": "VCID-umcq-ztbz-qfb2" }, { "vulnerability": "VCID-vprj-j7u6-zbe7" }, { "vulnerability": "VCID-wmgd-z2j3-h7d9" }, { "vulnerability": "VCID-wywf-pmyt-zud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3" } ], "aliases": [ "CVE-2020-10030" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3e3b-z5bh-pban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93561?format=api", "vulnerability_id": "VCID-4c2u-n7p5-nfg4", "summary": "PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12518", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12606", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1251", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12635", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12739", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12785", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12592", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12671", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12723", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12691", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1265", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162", "reference_id": "913162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163", "reference_id": "913163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163" }, { "reference_url": "https://security.archlinux.org/ASA-201811-12", "reference_id": "ASA-201811-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-12" }, { "reference_url": "https://security.archlinux.org/ASA-201811-13", "reference_id": "ASA-201811-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-13" }, { "reference_url": "https://security.archlinux.org/AVG-804", "reference_id": "AVG-804", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-804" }, { "reference_url": "https://security.archlinux.org/AVG-805", "reference_id": "AVG-805", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-805" }, { "reference_url": "https://usn.ubuntu.com/7203-1/", "reference_id": "USN-7203-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7203-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-14626" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4c2u-n7p5-nfg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93562?format=api", "vulnerability_id": "VCID-9p7x-52ad-vbh6", "summary": "An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14644", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0524", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05238", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05189", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05233", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05265", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.0529", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05325", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05347", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05314", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05303", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05292", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14644" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162", "reference_id": "913162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162" }, { "reference_url": "https://security.archlinux.org/ASA-201811-13", "reference_id": "ASA-201811-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-13" }, { "reference_url": "https://security.archlinux.org/AVG-805", "reference_id": "AVG-805", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-805" }, { "reference_url": "https://usn.ubuntu.com/7203-1/", "reference_id": "USN-7203-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7203-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-14644" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9p7x-52ad-vbh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93141?format=api", "vulnerability_id": "VCID-a7xd-fyh3-xuaq", "summary": "An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15094", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00209", "published_at": "2026-04-01T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.0021", "published_at": "2026-04-02T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00211", "published_at": "2026-04-04T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00207", "published_at": "2026-04-09T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00587", "published_at": "2026-04-16T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00592", "published_at": "2026-04-18T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00595", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00591", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00593", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15094" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094" }, { "reference_url": "https://security.archlinux.org/ASA-201711-31", "reference_id": "ASA-201711-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-31" }, { "reference_url": "https://security.archlinux.org/AVG-520", "reference_id": "AVG-520", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-520" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15094" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a7xd-fyh3-xuaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93458?format=api", "vulnerability_id": "VCID-ch2d-p2ru-23ex", "summary": "PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10851", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29091", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29088", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29114", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29135", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.2921", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29262", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29075", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29138", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.2918", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.29186", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.2914", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162", "reference_id": "913162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163", "reference_id": "913163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163" }, { "reference_url": "https://security.archlinux.org/ASA-201811-12", "reference_id": "ASA-201811-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-12" }, { "reference_url": "https://security.archlinux.org/ASA-201811-13", "reference_id": "ASA-201811-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-13" }, { "reference_url": "https://security.archlinux.org/AVG-804", "reference_id": "AVG-804", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-804" }, { "reference_url": "https://security.archlinux.org/AVG-805", "reference_id": "AVG-805", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-805" }, { "reference_url": "https://usn.ubuntu.com/7203-1/", "reference_id": "USN-7203-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7203-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-10851" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ch2d-p2ru-23ex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93581?format=api", "vulnerability_id": "VCID-d4km-jg6b-2kh3", "summary": "An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.19834", "scoring_system": "epss", "scoring_elements": "0.9546", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.19834", "scoring_system": "epss", "scoring_elements": "0.95413", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.19834", "scoring_system": "epss", "scoring_elements": "0.95422", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.19834", "scoring_system": "epss", "scoring_elements": "0.95428", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.19834", "scoring_system": "epss", "scoring_elements": "0.95432", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.19834", "scoring_system": "epss", "scoring_elements": "0.95438", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.19834", "scoring_system": "epss", "scoring_elements": "0.95441", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.19834", "scoring_system": "epss", "scoring_elements": "0.95445", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.19834", "scoring_system": "epss", "scoring_elements": "0.95447", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.19834", "scoring_system": "epss", "scoring_elements": "0.95456", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855" }, { "reference_url": "https://security.archlinux.org/ASA-201811-21", "reference_id": "ASA-201811-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-21" }, { "reference_url": "https://security.archlinux.org/AVG-821", "reference_id": "AVG-821", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-821" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16855" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d4km-jg6b-2kh3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69426?format=api", "vulnerability_id": "VCID-h73s-nkfg-sqgc", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.55985", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56096", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56116", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56147", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56152", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56164", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.5614", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56124", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56158", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56161", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15120" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15120" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h73s-nkfg-sqgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49241?format=api", "vulnerability_id": "VCID-htr2-rwgm-47ed", "summary": "A vulnerability in PowerDNS Recursor could lead to a Denial of\n Service condition.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57419", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57287", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57369", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57391", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57366", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57418", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57421", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57436", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57415", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57396", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57423", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25829" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159", "reference_id": "972159", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159" }, { "reference_url": "https://security.archlinux.org/ASA-202010-6", "reference_id": "ASA-202010-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202010-6" }, { "reference_url": "https://security.archlinux.org/AVG-1243", "reference_id": "AVG-1243", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1243" }, { "reference_url": "https://security.gentoo.org/glsa/202012-19", "reference_id": "GLSA-202012-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994394?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.4.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ugc-uygs-hqb8" }, { "vulnerability": "VCID-66sa-bc5p-jqde" }, { "vulnerability": "VCID-7dc3-qdk8-k7b2" }, { "vulnerability": "VCID-8tar-s444-zfac" }, { "vulnerability": "VCID-cdzz-8tc8-jucu" }, { "vulnerability": "VCID-m445-c6a1-uugf" }, { "vulnerability": "VCID-mkcs-362g-t7aq" }, { "vulnerability": "VCID-pjbp-1jgm-s3cg" }, { "vulnerability": "VCID-umcq-ztbz-qfb2" }, { "vulnerability": "VCID-vprj-j7u6-zbe7" }, { "vulnerability": "VCID-wmgd-z2j3-h7d9" }, { "vulnerability": "VCID-wywf-pmyt-zud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3" } ], "aliases": [ "CVE-2020-25829" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htr2-rwgm-47ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93139?format=api", "vulnerability_id": "VCID-mbq1-b3dr-1uc4", "summary": "A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15092", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00062", "published_at": "2026-04-18T12:55:00Z" }, { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00061", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092" }, { "reference_url": "https://security.archlinux.org/ASA-201711-31", "reference_id": "ASA-201711-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-31" }, { "reference_url": "https://security.archlinux.org/AVG-520", "reference_id": "AVG-520", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-520" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15092" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mbq1-b3dr-1uc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90806?format=api", "vulnerability_id": "VCID-n2k6-nfxs-7ydj", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25576", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25677", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25747", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25789", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25558", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25631", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25687", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25646", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.2559", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00091", "scoring_system": "epss", "scoring_elements": "0.25592", "published_at": "2026-04-16T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10995" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244" }, { "reference_url": "https://security.archlinux.org/ASA-202005-10", "reference_id": "ASA-202005-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-10" }, { "reference_url": "https://security.archlinux.org/AVG-1163", "reference_id": "AVG-1163", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1163" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/994394?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.4.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ugc-uygs-hqb8" }, { "vulnerability": "VCID-66sa-bc5p-jqde" }, { "vulnerability": "VCID-7dc3-qdk8-k7b2" }, { "vulnerability": "VCID-8tar-s444-zfac" }, { "vulnerability": "VCID-cdzz-8tc8-jucu" }, { "vulnerability": "VCID-m445-c6a1-uugf" }, { "vulnerability": "VCID-mkcs-362g-t7aq" }, { "vulnerability": "VCID-pjbp-1jgm-s3cg" }, { "vulnerability": "VCID-umcq-ztbz-qfb2" }, { "vulnerability": "VCID-vprj-j7u6-zbe7" }, { "vulnerability": "VCID-wmgd-z2j3-h7d9" }, { "vulnerability": "VCID-wywf-pmyt-zud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3" } ], "aliases": [ "CVE-2020-10995" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n2k6-nfxs-7ydj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80920?format=api", "vulnerability_id": "VCID-nwfa-n5f2-abe7", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5470", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00421", "published_at": "2026-04-16T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00435", "published_at": "2026-04-01T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00439", "published_at": "2026-04-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00431", "published_at": "2026-04-07T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00428", "published_at": "2026-04-08T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.0043", "published_at": "2026-04-11T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00425", "published_at": "2026-04-18T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00424", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470" }, { "reference_url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/07/07/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/07/07/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2015/07/10/8", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2015/07/10/8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5470", "reference_id": "CVE-2015-5470", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5470" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037349?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-2hee-f8gq-rycf" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-4c2u-n7p5-nfg4" }, { "vulnerability": "VCID-9p7x-52ad-vbh6" }, { "vulnerability": "VCID-a7xd-fyh3-xuaq" }, { "vulnerability": "VCID-ch2d-p2ru-23ex" }, { "vulnerability": "VCID-d4km-jg6b-2kh3" }, { "vulnerability": "VCID-h73s-nkfg-sqgc" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-mbq1-b3dr-1uc4" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" }, { "vulnerability": "VCID-tcp4-6r2n-6uer" }, { "vulnerability": "VCID-urr2-qrfd-vfeh" }, { "vulnerability": "VCID-vua1-5kz6-hban" }, { "vulnerability": "VCID-xxxv-krt4-tka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1" } ], "aliases": [ "CVE-2015-5470" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwfa-n5f2-abe7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94371?format=api", "vulnerability_id": "VCID-s6ds-tuus-n7hr", "summary": "In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06655", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06664", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06566", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06634", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06679", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06665", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06714", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06748", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06747", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.0674", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.06733", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103", "reference_id": "964103", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103" }, { "reference_url": "https://security.archlinux.org/AVG-1199", "reference_id": "AVG-1199", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1199" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994394?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.4.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2ugc-uygs-hqb8" }, { "vulnerability": "VCID-66sa-bc5p-jqde" }, { "vulnerability": "VCID-7dc3-qdk8-k7b2" }, { "vulnerability": "VCID-8tar-s444-zfac" }, { "vulnerability": "VCID-cdzz-8tc8-jucu" }, { "vulnerability": "VCID-m445-c6a1-uugf" }, { "vulnerability": "VCID-mkcs-362g-t7aq" }, { "vulnerability": "VCID-pjbp-1jgm-s3cg" }, { "vulnerability": "VCID-umcq-ztbz-qfb2" }, { "vulnerability": "VCID-vprj-j7u6-zbe7" }, { "vulnerability": "VCID-wmgd-z2j3-h7d9" }, { "vulnerability": "VCID-wywf-pmyt-zud4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3" } ], "aliases": [ "CVE-2020-14196" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6ds-tuus-n7hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93140?format=api", "vulnerability_id": "VCID-tcp4-6r2n-6uer", "summary": "When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15093", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00272", "published_at": "2026-04-16T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00288", "published_at": "2026-04-01T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00293", "published_at": "2026-04-02T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.0029", "published_at": "2026-04-04T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00282", "published_at": "2026-04-07T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.0028", "published_at": "2026-04-08T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00279", "published_at": "2026-04-11T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00276", "published_at": "2026-04-12T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00275", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093" }, { "reference_url": "https://security.archlinux.org/ASA-201711-31", "reference_id": "ASA-201711-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-31" }, { "reference_url": "https://security.archlinux.org/AVG-520", "reference_id": "AVG-520", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-520" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15093" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tcp4-6r2n-6uer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93137?format=api", "vulnerability_id": "VCID-urr2-qrfd-vfeh", "summary": "An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15090", "reference_id": "", "reference_type": "", "scores": [ { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.0005", "published_at": "2026-04-18T12:55:00Z" }, { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00049", "published_at": "2026-04-13T12:55:00Z" }, { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00048", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090" }, { "reference_url": "https://security.archlinux.org/ASA-201711-31", "reference_id": "ASA-201711-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-31" }, { "reference_url": "https://security.archlinux.org/AVG-520", "reference_id": "AVG-520", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-520" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15090" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-urr2-qrfd-vfeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94182?format=api", "vulnerability_id": "VCID-vua1-5kz6-hban", "summary": "An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3806", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06287", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06333", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06322", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06274", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0623", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06264", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06283", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.0626", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06305", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06346", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00024", "scoring_system": "epss", "scoring_elements": "0.06338", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3806" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806" }, { "reference_url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html" }, { "reference_url": "https://security.archlinux.org/ASA-201901-13", "reference_id": "ASA-201901-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-13" }, { "reference_url": "https://security.archlinux.org/AVG-856", "reference_id": "AVG-856", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-856" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3806", "reference_id": "CVE-2019-3806", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3806" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2019-3806" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vua1-5kz6-hban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/93417?format=api", "vulnerability_id": "VCID-xxxv-krt4-tka1", "summary": "Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03954", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03993", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.0401", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04024", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04031", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04049", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04021", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.04007", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03979", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03962", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00017", "scoring_system": "epss", "scoring_elements": "0.03974", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000003" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037350?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-1000003" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xxxv-krt4-tka1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81508?format=api", "vulnerability_id": "VCID-zdzj-q58r-5uby", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00162", "published_at": "2026-04-08T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00164", "published_at": "2026-04-12T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00165", "published_at": "2026-04-18T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00161", "published_at": "2026-04-02T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00163", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074" }, { "reference_url": "https://security.archlinux.org/ASA-201701-29", "reference_id": "ASA-201701-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-29" }, { "reference_url": "https://security.archlinux.org/ASA-201701-30", "reference_id": "ASA-201701-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-30" }, { "reference_url": "https://security.archlinux.org/AVG-147", "reference_id": "AVG-147", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-147" }, { "reference_url": "https://security.archlinux.org/AVG-148", "reference_id": "AVG-148", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-148" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037349?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-2hee-f8gq-rycf" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-4c2u-n7p5-nfg4" }, { "vulnerability": "VCID-9p7x-52ad-vbh6" }, { "vulnerability": "VCID-a7xd-fyh3-xuaq" }, { "vulnerability": "VCID-ch2d-p2ru-23ex" }, { "vulnerability": "VCID-d4km-jg6b-2kh3" }, { "vulnerability": "VCID-h73s-nkfg-sqgc" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-mbq1-b3dr-1uc4" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" }, { "vulnerability": "VCID-tcp4-6r2n-6uer" }, { "vulnerability": "VCID-urr2-qrfd-vfeh" }, { "vulnerability": "VCID-vua1-5kz6-hban" }, { "vulnerability": "VCID-xxxv-krt4-tka1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1" } ], "aliases": [ "CVE-2016-7074" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zdzj-q58r-5uby" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92701?format=api", "vulnerability_id": "VCID-d13q-prqh-buge", "summary": "The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1868", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66161", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66202", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66229", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66198", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66246", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66259", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66279", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66266", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66235", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6627", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66285", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037348?format=api", "purl": "pkg:deb/debian/pdns-recursor@3.7.3-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-12cd-ky6m-qkdg" }, { "vulnerability": "VCID-1jzb-z2bs-vbeb" }, { "vulnerability": "VCID-2hee-f8gq-rycf" }, { "vulnerability": "VCID-2m6r-ztcg-gbgu" }, { "vulnerability": "VCID-3e3b-z5bh-pban" }, { "vulnerability": "VCID-4c2u-n7p5-nfg4" }, { "vulnerability": "VCID-9p7x-52ad-vbh6" }, { "vulnerability": "VCID-a7xd-fyh3-xuaq" }, { "vulnerability": "VCID-ch2d-p2ru-23ex" }, { "vulnerability": "VCID-d4km-jg6b-2kh3" }, { "vulnerability": "VCID-h73s-nkfg-sqgc" }, { "vulnerability": "VCID-htr2-rwgm-47ed" }, { "vulnerability": "VCID-mbq1-b3dr-1uc4" }, { "vulnerability": "VCID-n2k6-nfxs-7ydj" }, { "vulnerability": "VCID-nwfa-n5f2-abe7" }, { "vulnerability": "VCID-s6ds-tuus-n7hr" }, { "vulnerability": "VCID-tcp4-6r2n-6uer" }, { "vulnerability": "VCID-urr2-qrfd-vfeh" }, { "vulnerability": "VCID-vua1-5kz6-hban" }, { "vulnerability": "VCID-xxxv-krt4-tka1" }, { "vulnerability": "VCID-zdzj-q58r-5uby" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.7.3-1~bpo8%252B1" } ], "aliases": [ "CVE-2015-1868" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d13q-prqh-buge" } ], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.7.3-1~bpo8%252B1" }