Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
Typedeb
Namespacedebian
Namepdns-recursor
Version4.1.11-1+deb10u1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version5.2.8-0+deb13u1
Latest_non_vulnerable_version5.2.8-0+deb13u1
Affected_by_vulnerabilities
0
url VCID-12cd-ky6m-qkdg
vulnerability_id VCID-12cd-ky6m-qkdg
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12244
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26153
published_at 2026-04-18T12:55:00Z
1
value 0.00094
scoring_system epss
scoring_elements 0.26302
published_at 2026-04-01T12:55:00Z
2
value 0.00094
scoring_system epss
scoring_elements 0.26342
published_at 2026-04-02T12:55:00Z
3
value 0.00094
scoring_system epss
scoring_elements 0.26383
published_at 2026-04-04T12:55:00Z
4
value 0.00094
scoring_system epss
scoring_elements 0.26156
published_at 2026-04-07T12:55:00Z
5
value 0.00094
scoring_system epss
scoring_elements 0.26224
published_at 2026-04-08T12:55:00Z
6
value 0.00094
scoring_system epss
scoring_elements 0.26272
published_at 2026-04-09T12:55:00Z
7
value 0.00094
scoring_system epss
scoring_elements 0.26278
published_at 2026-04-11T12:55:00Z
8
value 0.00094
scoring_system epss
scoring_elements 0.26233
published_at 2026-04-12T12:55:00Z
9
value 0.00094
scoring_system epss
scoring_elements 0.26174
published_at 2026-04-13T12:55:00Z
10
value 0.00094
scoring_system epss
scoring_elements 0.26178
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12244
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244
3
reference_url https://security.archlinux.org/ASA-202005-10
reference_id ASA-202005-10
reference_type
scores
url https://security.archlinux.org/ASA-202005-10
4
reference_url https://security.archlinux.org/AVG-1163
reference_id AVG-1163
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1163
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.4.2-3
purl pkg:deb/debian/pdns-recursor@4.4.2-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ugc-uygs-hqb8
1
vulnerability VCID-66sa-bc5p-jqde
2
vulnerability VCID-7dc3-qdk8-k7b2
3
vulnerability VCID-8tar-s444-zfac
4
vulnerability VCID-cdzz-8tc8-jucu
5
vulnerability VCID-m445-c6a1-uugf
6
vulnerability VCID-mkcs-362g-t7aq
7
vulnerability VCID-pjbp-1jgm-s3cg
8
vulnerability VCID-umcq-ztbz-qfb2
9
vulnerability VCID-vprj-j7u6-zbe7
10
vulnerability VCID-wmgd-z2j3-h7d9
11
vulnerability VCID-wywf-pmyt-zud4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3
aliases CVE-2020-12244
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12cd-ky6m-qkdg
1
url VCID-3e3b-z5bh-pban
vulnerability_id VCID-3e3b-z5bh-pban
summary An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10030
reference_id
reference_type
scores
0
value 0.00029
scoring_system epss
scoring_elements 0.08041
published_at 2026-04-01T12:55:00Z
1
value 0.00029
scoring_system epss
scoring_elements 0.08131
published_at 2026-04-02T12:55:00Z
2
value 0.00029
scoring_system epss
scoring_elements 0.08174
published_at 2026-04-04T12:55:00Z
3
value 0.00029
scoring_system epss
scoring_elements 0.08121
published_at 2026-04-07T12:55:00Z
4
value 0.00029
scoring_system epss
scoring_elements 0.0819
published_at 2026-04-08T12:55:00Z
5
value 0.00029
scoring_system epss
scoring_elements 0.08208
published_at 2026-04-09T12:55:00Z
6
value 0.00029
scoring_system epss
scoring_elements 0.08198
published_at 2026-04-11T12:55:00Z
7
value 0.00029
scoring_system epss
scoring_elements 0.08178
published_at 2026-04-12T12:55:00Z
8
value 0.00029
scoring_system epss
scoring_elements 0.08161
published_at 2026-04-13T12:55:00Z
9
value 0.00029
scoring_system epss
scoring_elements 0.08061
published_at 2026-04-16T12:55:00Z
10
value 0.00029
scoring_system epss
scoring_elements 0.08046
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10030
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10030
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10030
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.4.2-3
purl pkg:deb/debian/pdns-recursor@4.4.2-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ugc-uygs-hqb8
1
vulnerability VCID-66sa-bc5p-jqde
2
vulnerability VCID-7dc3-qdk8-k7b2
3
vulnerability VCID-8tar-s444-zfac
4
vulnerability VCID-cdzz-8tc8-jucu
5
vulnerability VCID-m445-c6a1-uugf
6
vulnerability VCID-mkcs-362g-t7aq
7
vulnerability VCID-pjbp-1jgm-s3cg
8
vulnerability VCID-umcq-ztbz-qfb2
9
vulnerability VCID-vprj-j7u6-zbe7
10
vulnerability VCID-wmgd-z2j3-h7d9
11
vulnerability VCID-wywf-pmyt-zud4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3
aliases CVE-2020-10030
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3e3b-z5bh-pban
2
url VCID-htr2-rwgm-47ed
vulnerability_id VCID-htr2-rwgm-47ed
summary 
A vulnerability in PowerDNS Recursor could lead to a Denial of
    Service condition.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-25829
reference_id
reference_type
scores
0
value 0.00348
scoring_system epss
scoring_elements 0.57419
published_at 2026-04-18T12:55:00Z
1
value 0.00348
scoring_system epss
scoring_elements 0.57287
published_at 2026-04-01T12:55:00Z
2
value 0.00348
scoring_system epss
scoring_elements 0.57369
published_at 2026-04-02T12:55:00Z
3
value 0.00348
scoring_system epss
scoring_elements 0.57391
published_at 2026-04-04T12:55:00Z
4
value 0.00348
scoring_system epss
scoring_elements 0.57366
published_at 2026-04-07T12:55:00Z
5
value 0.00348
scoring_system epss
scoring_elements 0.57418
published_at 2026-04-08T12:55:00Z
6
value 0.00348
scoring_system epss
scoring_elements 0.57421
published_at 2026-04-09T12:55:00Z
7
value 0.00348
scoring_system epss
scoring_elements 0.57436
published_at 2026-04-11T12:55:00Z
8
value 0.00348
scoring_system epss
scoring_elements 0.57415
published_at 2026-04-12T12:55:00Z
9
value 0.00348
scoring_system epss
scoring_elements 0.57396
published_at 2026-04-13T12:55:00Z
10
value 0.00348
scoring_system epss
scoring_elements 0.57423
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-25829
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25829
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25829
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159
reference_id 972159
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159
3
reference_url https://security.archlinux.org/ASA-202010-6
reference_id ASA-202010-6
reference_type
scores
url https://security.archlinux.org/ASA-202010-6
4
reference_url https://security.archlinux.org/AVG-1243
reference_id AVG-1243
reference_type
scores
0
value High
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1243
5
reference_url https://security.gentoo.org/glsa/202012-19
reference_id GLSA-202012-19
reference_type
scores
url https://security.gentoo.org/glsa/202012-19
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.4.2-3
purl pkg:deb/debian/pdns-recursor@4.4.2-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ugc-uygs-hqb8
1
vulnerability VCID-66sa-bc5p-jqde
2
vulnerability VCID-7dc3-qdk8-k7b2
3
vulnerability VCID-8tar-s444-zfac
4
vulnerability VCID-cdzz-8tc8-jucu
5
vulnerability VCID-m445-c6a1-uugf
6
vulnerability VCID-mkcs-362g-t7aq
7
vulnerability VCID-pjbp-1jgm-s3cg
8
vulnerability VCID-umcq-ztbz-qfb2
9
vulnerability VCID-vprj-j7u6-zbe7
10
vulnerability VCID-wmgd-z2j3-h7d9
11
vulnerability VCID-wywf-pmyt-zud4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3
aliases CVE-2020-25829
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-htr2-rwgm-47ed
3
url VCID-n2k6-nfxs-7ydj
vulnerability_id VCID-n2k6-nfxs-7ydj
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10995
reference_id
reference_type
scores
0
value 0.00091
scoring_system epss
scoring_elements 0.25576
published_at 2026-04-18T12:55:00Z
1
value 0.00091
scoring_system epss
scoring_elements 0.25677
published_at 2026-04-09T12:55:00Z
2
value 0.00091
scoring_system epss
scoring_elements 0.25747
published_at 2026-04-02T12:55:00Z
3
value 0.00091
scoring_system epss
scoring_elements 0.25789
published_at 2026-04-04T12:55:00Z
4
value 0.00091
scoring_system epss
scoring_elements 0.25558
published_at 2026-04-07T12:55:00Z
5
value 0.00091
scoring_system epss
scoring_elements 0.25631
published_at 2026-04-08T12:55:00Z
6
value 0.00091
scoring_system epss
scoring_elements 0.25687
published_at 2026-04-11T12:55:00Z
7
value 0.00091
scoring_system epss
scoring_elements 0.25646
published_at 2026-04-12T12:55:00Z
8
value 0.00091
scoring_system epss
scoring_elements 0.2559
published_at 2026-04-13T12:55:00Z
9
value 0.00091
scoring_system epss
scoring_elements 0.25592
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10995
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244
3
reference_url https://security.archlinux.org/ASA-202005-10
reference_id ASA-202005-10
reference_type
scores
url https://security.archlinux.org/ASA-202005-10
4
reference_url https://security.archlinux.org/AVG-1163
reference_id AVG-1163
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1163
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.4.2-3
purl pkg:deb/debian/pdns-recursor@4.4.2-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ugc-uygs-hqb8
1
vulnerability VCID-66sa-bc5p-jqde
2
vulnerability VCID-7dc3-qdk8-k7b2
3
vulnerability VCID-8tar-s444-zfac
4
vulnerability VCID-cdzz-8tc8-jucu
5
vulnerability VCID-m445-c6a1-uugf
6
vulnerability VCID-mkcs-362g-t7aq
7
vulnerability VCID-pjbp-1jgm-s3cg
8
vulnerability VCID-umcq-ztbz-qfb2
9
vulnerability VCID-vprj-j7u6-zbe7
10
vulnerability VCID-wmgd-z2j3-h7d9
11
vulnerability VCID-wywf-pmyt-zud4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3
aliases CVE-2020-10995
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2k6-nfxs-7ydj
4
url VCID-s6ds-tuus-n7hr
vulnerability_id VCID-s6ds-tuus-n7hr
summary In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-14196
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.06655
published_at 2026-04-18T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.06664
published_at 2026-04-16T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.06566
published_at 2026-04-01T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.06634
published_at 2026-04-02T12:55:00Z
4
value 0.00025
scoring_system epss
scoring_elements 0.06679
published_at 2026-04-04T12:55:00Z
5
value 0.00025
scoring_system epss
scoring_elements 0.06665
published_at 2026-04-07T12:55:00Z
6
value 0.00025
scoring_system epss
scoring_elements 0.06714
published_at 2026-04-08T12:55:00Z
7
value 0.00025
scoring_system epss
scoring_elements 0.06748
published_at 2026-04-09T12:55:00Z
8
value 0.00025
scoring_system epss
scoring_elements 0.06747
published_at 2026-04-11T12:55:00Z
9
value 0.00025
scoring_system epss
scoring_elements 0.0674
published_at 2026-04-12T12:55:00Z
10
value 0.00025
scoring_system epss
scoring_elements 0.06733
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-14196
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103
reference_id 964103
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103
4
reference_url https://security.archlinux.org/AVG-1199
reference_id AVG-1199
reference_type
scores
0
value Low
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1199
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.4.2-3
purl pkg:deb/debian/pdns-recursor@4.4.2-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ugc-uygs-hqb8
1
vulnerability VCID-66sa-bc5p-jqde
2
vulnerability VCID-7dc3-qdk8-k7b2
3
vulnerability VCID-8tar-s444-zfac
4
vulnerability VCID-cdzz-8tc8-jucu
5
vulnerability VCID-m445-c6a1-uugf
6
vulnerability VCID-mkcs-362g-t7aq
7
vulnerability VCID-pjbp-1jgm-s3cg
8
vulnerability VCID-umcq-ztbz-qfb2
9
vulnerability VCID-vprj-j7u6-zbe7
10
vulnerability VCID-wmgd-z2j3-h7d9
11
vulnerability VCID-wywf-pmyt-zud4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3
aliases CVE-2020-14196
risk_score 1.4
exploitability 0.5
weighted_severity 2.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s6ds-tuus-n7hr
Fixing_vulnerabilities
0
url VCID-12cd-ky6m-qkdg
vulnerability_id VCID-12cd-ky6m-qkdg
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-12244
reference_id
reference_type
scores
0
value 0.00094
scoring_system epss
scoring_elements 0.26153
published_at 2026-04-18T12:55:00Z
1
value 0.00094
scoring_system epss
scoring_elements 0.26302
published_at 2026-04-01T12:55:00Z
2
value 0.00094
scoring_system epss
scoring_elements 0.26342
published_at 2026-04-02T12:55:00Z
3
value 0.00094
scoring_system epss
scoring_elements 0.26383
published_at 2026-04-04T12:55:00Z
4
value 0.00094
scoring_system epss
scoring_elements 0.26156
published_at 2026-04-07T12:55:00Z
5
value 0.00094
scoring_system epss
scoring_elements 0.26224
published_at 2026-04-08T12:55:00Z
6
value 0.00094
scoring_system epss
scoring_elements 0.26272
published_at 2026-04-09T12:55:00Z
7
value 0.00094
scoring_system epss
scoring_elements 0.26278
published_at 2026-04-11T12:55:00Z
8
value 0.00094
scoring_system epss
scoring_elements 0.26233
published_at 2026-04-12T12:55:00Z
9
value 0.00094
scoring_system epss
scoring_elements 0.26174
published_at 2026-04-13T12:55:00Z
10
value 0.00094
scoring_system epss
scoring_elements 0.26178
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-12244
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244
3
reference_url https://security.archlinux.org/ASA-202005-10
reference_id ASA-202005-10
reference_type
scores
url https://security.archlinux.org/ASA-202005-10
4
reference_url https://security.archlinux.org/AVG-1163
reference_id AVG-1163
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1163
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
1
url pkg:deb/debian/pdns-recursor@4.4.2-3
purl pkg:deb/debian/pdns-recursor@4.4.2-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ugc-uygs-hqb8
1
vulnerability VCID-66sa-bc5p-jqde
2
vulnerability VCID-7dc3-qdk8-k7b2
3
vulnerability VCID-8tar-s444-zfac
4
vulnerability VCID-cdzz-8tc8-jucu
5
vulnerability VCID-m445-c6a1-uugf
6
vulnerability VCID-mkcs-362g-t7aq
7
vulnerability VCID-pjbp-1jgm-s3cg
8
vulnerability VCID-umcq-ztbz-qfb2
9
vulnerability VCID-vprj-j7u6-zbe7
10
vulnerability VCID-wmgd-z2j3-h7d9
11
vulnerability VCID-wywf-pmyt-zud4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3
aliases CVE-2020-12244
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12cd-ky6m-qkdg
1
url VCID-2hee-f8gq-rycf
vulnerability_id VCID-2hee-f8gq-rycf
summary An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3807
reference_id
reference_type
scores
0
value 3e-05
scoring_system epss
scoring_elements 0.00117
published_at 2026-04-08T12:55:00Z
1
value 3e-05
scoring_system epss
scoring_elements 0.00116
published_at 2026-04-18T12:55:00Z
2
value 3e-05
scoring_system epss
scoring_elements 0.00118
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3807
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3807
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3807
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807
3
reference_url https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html
reference_id
reference_type
scores
url https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html
4
reference_url https://security.archlinux.org/ASA-201901-13
reference_id ASA-201901-13
reference_type
scores
url https://security.archlinux.org/ASA-201901-13
5
reference_url https://security.archlinux.org/AVG-856
reference_id AVG-856
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-856
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3807
reference_id CVE-2019-3807
reference_type
scores
0
value 6.4
scoring_system cvssv2
scoring_elements AV:N/AC:L/Au:N/C:P/I:P/A:N
1
value 3.7
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N
2
value 9.8
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-3807
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
aliases CVE-2019-3807
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2hee-f8gq-rycf
2
url VCID-4c2u-n7p5-nfg4
vulnerability_id VCID-4c2u-n7p5-nfg4
summary PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14626
reference_id
reference_type
scores
0
value 0.00042
scoring_system epss
scoring_elements 0.12518
published_at 2026-04-18T12:55:00Z
1
value 0.00042
scoring_system epss
scoring_elements 0.12606
published_at 2026-04-13T12:55:00Z
2
value 0.00042
scoring_system epss
scoring_elements 0.1251
published_at 2026-04-16T12:55:00Z
3
value 0.00042
scoring_system epss
scoring_elements 0.12635
published_at 2026-04-01T12:55:00Z
4
value 0.00042
scoring_system epss
scoring_elements 0.12739
published_at 2026-04-02T12:55:00Z
5
value 0.00042
scoring_system epss
scoring_elements 0.12785
published_at 2026-04-04T12:55:00Z
6
value 0.00042
scoring_system epss
scoring_elements 0.12592
published_at 2026-04-07T12:55:00Z
7
value 0.00042
scoring_system epss
scoring_elements 0.12671
published_at 2026-04-08T12:55:00Z
8
value 0.00042
scoring_system epss
scoring_elements 0.12723
published_at 2026-04-09T12:55:00Z
9
value 0.00042
scoring_system epss
scoring_elements 0.12691
published_at 2026-04-11T12:55:00Z
10
value 0.00042
scoring_system epss
scoring_elements 0.1265
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14626
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162
reference_id 913162
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163
reference_id 913163
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163
5
reference_url https://security.archlinux.org/ASA-201811-12
reference_id ASA-201811-12
reference_type
scores
url https://security.archlinux.org/ASA-201811-12
6
reference_url https://security.archlinux.org/ASA-201811-13
reference_id ASA-201811-13
reference_type
scores
url https://security.archlinux.org/ASA-201811-13
7
reference_url https://security.archlinux.org/AVG-804
reference_id AVG-804
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-804
8
reference_url https://security.archlinux.org/AVG-805
reference_id AVG-805
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-805
9
reference_url https://usn.ubuntu.com/7203-1/
reference_id USN-7203-1
reference_type
scores
url https://usn.ubuntu.com/7203-1/
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
aliases CVE-2018-14626
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4c2u-n7p5-nfg4
3
url VCID-9p7x-52ad-vbh6
vulnerability_id VCID-9p7x-52ad-vbh6
summary An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-14644
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.0524
published_at 2026-04-18T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05238
published_at 2026-04-16T12:55:00Z
2
value 0.0002
scoring_system epss
scoring_elements 0.05189
published_at 2026-04-01T12:55:00Z
3
value 0.0002
scoring_system epss
scoring_elements 0.05233
published_at 2026-04-02T12:55:00Z
4
value 0.0002
scoring_system epss
scoring_elements 0.05265
published_at 2026-04-04T12:55:00Z
5
value 0.0002
scoring_system epss
scoring_elements 0.0529
published_at 2026-04-07T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.05325
published_at 2026-04-08T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05347
published_at 2026-04-09T12:55:00Z
8
value 0.0002
scoring_system epss
scoring_elements 0.05314
published_at 2026-04-11T12:55:00Z
9
value 0.0002
scoring_system epss
scoring_elements 0.05303
published_at 2026-04-12T12:55:00Z
10
value 0.0002
scoring_system epss
scoring_elements 0.05292
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-14644
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162
reference_id 913162
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162
4
reference_url https://security.archlinux.org/ASA-201811-13
reference_id ASA-201811-13
reference_type
scores
url https://security.archlinux.org/ASA-201811-13
5
reference_url https://security.archlinux.org/AVG-805
reference_id AVG-805
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-805
6
reference_url https://usn.ubuntu.com/7203-1/
reference_id USN-7203-1
reference_type
scores
url https://usn.ubuntu.com/7203-1/
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
aliases CVE-2018-14644
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9p7x-52ad-vbh6
4
url VCID-a7xd-fyh3-xuaq
vulnerability_id VCID-a7xd-fyh3-xuaq
summary An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15094
reference_id
reference_type
scores
0
value 5e-05
scoring_system epss
scoring_elements 0.00209
published_at 2026-04-01T12:55:00Z
1
value 5e-05
scoring_system epss
scoring_elements 0.0021
published_at 2026-04-02T12:55:00Z
2
value 5e-05
scoring_system epss
scoring_elements 0.00211
published_at 2026-04-04T12:55:00Z
3
value 5e-05
scoring_system epss
scoring_elements 0.00207
published_at 2026-04-09T12:55:00Z
4
value 7e-05
scoring_system epss
scoring_elements 0.00587
published_at 2026-04-16T12:55:00Z
5
value 7e-05
scoring_system epss
scoring_elements 0.00592
published_at 2026-04-18T12:55:00Z
6
value 7e-05
scoring_system epss
scoring_elements 0.00595
published_at 2026-04-11T12:55:00Z
7
value 7e-05
scoring_system epss
scoring_elements 0.00591
published_at 2026-04-12T12:55:00Z
8
value 7e-05
scoring_system epss
scoring_elements 0.00593
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15094
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094
2
reference_url https://security.archlinux.org/ASA-201711-31
reference_id ASA-201711-31
reference_type
scores
url https://security.archlinux.org/ASA-201711-31
3
reference_url https://security.archlinux.org/AVG-520
reference_id AVG-520
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-520
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
aliases CVE-2017-15094
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7xd-fyh3-xuaq
5
url VCID-ch2d-p2ru-23ex
vulnerability_id VCID-ch2d-p2ru-23ex
summary PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-10851
reference_id
reference_type
scores
0
value 0.00108
scoring_system epss
scoring_elements 0.29091
published_at 2026-04-18T12:55:00Z
1
value 0.00108
scoring_system epss
scoring_elements 0.29088
published_at 2026-04-13T12:55:00Z
2
value 0.00108
scoring_system epss
scoring_elements 0.29114
published_at 2026-04-16T12:55:00Z
3
value 0.00108
scoring_system epss
scoring_elements 0.29135
published_at 2026-04-01T12:55:00Z
4
value 0.00108
scoring_system epss
scoring_elements 0.2921
published_at 2026-04-02T12:55:00Z
5
value 0.00108
scoring_system epss
scoring_elements 0.29262
published_at 2026-04-04T12:55:00Z
6
value 0.00108
scoring_system epss
scoring_elements 0.29075
published_at 2026-04-07T12:55:00Z
7
value 0.00108
scoring_system epss
scoring_elements 0.29138
published_at 2026-04-08T12:55:00Z
8
value 0.00108
scoring_system epss
scoring_elements 0.2918
published_at 2026-04-09T12:55:00Z
9
value 0.00108
scoring_system epss
scoring_elements 0.29186
published_at 2026-04-11T12:55:00Z
10
value 0.00108
scoring_system epss
scoring_elements 0.2914
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-10851
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162
reference_id 913162
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163
reference_id 913163
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163
5
reference_url https://security.archlinux.org/ASA-201811-12
reference_id ASA-201811-12
reference_type
scores
url https://security.archlinux.org/ASA-201811-12
6
reference_url https://security.archlinux.org/ASA-201811-13
reference_id ASA-201811-13
reference_type
scores
url https://security.archlinux.org/ASA-201811-13
7
reference_url https://security.archlinux.org/AVG-804
reference_id AVG-804
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-804
8
reference_url https://security.archlinux.org/AVG-805
reference_id AVG-805
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-805
9
reference_url https://usn.ubuntu.com/7203-1/
reference_id USN-7203-1
reference_type
scores
url https://usn.ubuntu.com/7203-1/
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
aliases CVE-2018-10851
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ch2d-p2ru-23ex
6
url VCID-d4km-jg6b-2kh3
vulnerability_id VCID-d4km-jg6b-2kh3
summary An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-16855
reference_id
reference_type
scores
0
value 0.19834
scoring_system epss
scoring_elements 0.9546
published_at 2026-04-18T12:55:00Z
1
value 0.19834
scoring_system epss
scoring_elements 0.95413
published_at 2026-04-01T12:55:00Z
2
value 0.19834
scoring_system epss
scoring_elements 0.95422
published_at 2026-04-02T12:55:00Z
3
value 0.19834
scoring_system epss
scoring_elements 0.95428
published_at 2026-04-04T12:55:00Z
4
value 0.19834
scoring_system epss
scoring_elements 0.95432
published_at 2026-04-07T12:55:00Z
5
value 0.19834
scoring_system epss
scoring_elements 0.95438
published_at 2026-04-08T12:55:00Z
6
value 0.19834
scoring_system epss
scoring_elements 0.95441
published_at 2026-04-09T12:55:00Z
7
value 0.19834
scoring_system epss
scoring_elements 0.95445
published_at 2026-04-12T12:55:00Z
8
value 0.19834
scoring_system epss
scoring_elements 0.95447
published_at 2026-04-13T12:55:00Z
9
value 0.19834
scoring_system epss
scoring_elements 0.95456
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-16855
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855
2
reference_url https://security.archlinux.org/ASA-201811-21
reference_id ASA-201811-21
reference_type
scores
url https://security.archlinux.org/ASA-201811-21
3
reference_url https://security.archlinux.org/AVG-821
reference_id AVG-821
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-821
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
aliases CVE-2018-16855
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4km-jg6b-2kh3
7
url VCID-h73s-nkfg-sqgc
vulnerability_id VCID-h73s-nkfg-sqgc
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15120
reference_id
reference_type
scores
0
value 0.00332
scoring_system epss
scoring_elements 0.55985
published_at 2026-04-01T12:55:00Z
1
value 0.00332
scoring_system epss
scoring_elements 0.56096
published_at 2026-04-07T12:55:00Z
2
value 0.00332
scoring_system epss
scoring_elements 0.56116
published_at 2026-04-04T12:55:00Z
3
value 0.00332
scoring_system epss
scoring_elements 0.56147
published_at 2026-04-08T12:55:00Z
4
value 0.00332
scoring_system epss
scoring_elements 0.56152
published_at 2026-04-09T12:55:00Z
5
value 0.00332
scoring_system epss
scoring_elements 0.56164
published_at 2026-04-11T12:55:00Z
6
value 0.00332
scoring_system epss
scoring_elements 0.5614
published_at 2026-04-12T12:55:00Z
7
value 0.00332
scoring_system epss
scoring_elements 0.56124
published_at 2026-04-13T12:55:00Z
8
value 0.00332
scoring_system epss
scoring_elements 0.56158
published_at 2026-04-16T12:55:00Z
9
value 0.00332
scoring_system epss
scoring_elements 0.56161
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15120
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15120
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15120
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
aliases CVE-2017-15120
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h73s-nkfg-sqgc
8
url VCID-mbq1-b3dr-1uc4
vulnerability_id VCID-mbq1-b3dr-1uc4
summary A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15092
reference_id
reference_type
scores
0
value 3e-05
scoring_system epss
scoring_elements 0.00062
published_at 2026-04-18T12:55:00Z
1
value 3e-05
scoring_system epss
scoring_elements 0.00061
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15092
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092
2
reference_url https://security.archlinux.org/ASA-201711-31
reference_id ASA-201711-31
reference_type
scores
url https://security.archlinux.org/ASA-201711-31
3
reference_url https://security.archlinux.org/AVG-520
reference_id AVG-520
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-520
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
aliases CVE-2017-15092
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbq1-b3dr-1uc4
9
url VCID-n2k6-nfxs-7ydj
vulnerability_id VCID-n2k6-nfxs-7ydj
summary security update
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-10995
reference_id
reference_type
scores
0
value 0.00091
scoring_system epss
scoring_elements 0.25576
published_at 2026-04-18T12:55:00Z
1
value 0.00091
scoring_system epss
scoring_elements 0.25677
published_at 2026-04-09T12:55:00Z
2
value 0.00091
scoring_system epss
scoring_elements 0.25747
published_at 2026-04-02T12:55:00Z
3
value 0.00091
scoring_system epss
scoring_elements 0.25789
published_at 2026-04-04T12:55:00Z
4
value 0.00091
scoring_system epss
scoring_elements 0.25558
published_at 2026-04-07T12:55:00Z
5
value 0.00091
scoring_system epss
scoring_elements 0.25631
published_at 2026-04-08T12:55:00Z
6
value 0.00091
scoring_system epss
scoring_elements 0.25687
published_at 2026-04-11T12:55:00Z
7
value 0.00091
scoring_system epss
scoring_elements 0.25646
published_at 2026-04-12T12:55:00Z
8
value 0.00091
scoring_system epss
scoring_elements 0.2559
published_at 2026-04-13T12:55:00Z
9
value 0.00091
scoring_system epss
scoring_elements 0.25592
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-10995
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244
3
reference_url https://security.archlinux.org/ASA-202005-10
reference_id ASA-202005-10
reference_type
scores
url https://security.archlinux.org/ASA-202005-10
4
reference_url https://security.archlinux.org/AVG-1163
reference_id AVG-1163
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-1163
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
1
url pkg:deb/debian/pdns-recursor@4.4.2-3
purl pkg:deb/debian/pdns-recursor@4.4.2-3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2ugc-uygs-hqb8
1
vulnerability VCID-66sa-bc5p-jqde
2
vulnerability VCID-7dc3-qdk8-k7b2
3
vulnerability VCID-8tar-s444-zfac
4
vulnerability VCID-cdzz-8tc8-jucu
5
vulnerability VCID-m445-c6a1-uugf
6
vulnerability VCID-mkcs-362g-t7aq
7
vulnerability VCID-pjbp-1jgm-s3cg
8
vulnerability VCID-umcq-ztbz-qfb2
9
vulnerability VCID-vprj-j7u6-zbe7
10
vulnerability VCID-wmgd-z2j3-h7d9
11
vulnerability VCID-wywf-pmyt-zud4
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3
aliases CVE-2020-10995
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2k6-nfxs-7ydj
10
url VCID-tcp4-6r2n-6uer
vulnerability_id VCID-tcp4-6r2n-6uer
summary When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15093
reference_id
reference_type
scores
0
value 5e-05
scoring_system epss
scoring_elements 0.00272
published_at 2026-04-16T12:55:00Z
1
value 5e-05
scoring_system epss
scoring_elements 0.00288
published_at 2026-04-01T12:55:00Z
2
value 5e-05
scoring_system epss
scoring_elements 0.00293
published_at 2026-04-02T12:55:00Z
3
value 5e-05
scoring_system epss
scoring_elements 0.0029
published_at 2026-04-04T12:55:00Z
4
value 5e-05
scoring_system epss
scoring_elements 0.00282
published_at 2026-04-07T12:55:00Z
5
value 5e-05
scoring_system epss
scoring_elements 0.0028
published_at 2026-04-08T12:55:00Z
6
value 5e-05
scoring_system epss
scoring_elements 0.00279
published_at 2026-04-11T12:55:00Z
7
value 5e-05
scoring_system epss
scoring_elements 0.00276
published_at 2026-04-12T12:55:00Z
8
value 5e-05
scoring_system epss
scoring_elements 0.00275
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15093
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093
2
reference_url https://security.archlinux.org/ASA-201711-31
reference_id ASA-201711-31
reference_type
scores
url https://security.archlinux.org/ASA-201711-31
3
reference_url https://security.archlinux.org/AVG-520
reference_id AVG-520
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-520
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
aliases CVE-2017-15093
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcp4-6r2n-6uer
11
url VCID-urr2-qrfd-vfeh
vulnerability_id VCID-urr2-qrfd-vfeh
summary An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-15090
reference_id
reference_type
scores
0
value 2e-05
scoring_system epss
scoring_elements 0.0005
published_at 2026-04-18T12:55:00Z
1
value 2e-05
scoring_system epss
scoring_elements 0.00049
published_at 2026-04-13T12:55:00Z
2
value 2e-05
scoring_system epss
scoring_elements 0.00048
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-15090
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090
2
reference_url https://security.archlinux.org/ASA-201711-31
reference_id ASA-201711-31
reference_type
scores
url https://security.archlinux.org/ASA-201711-31
3
reference_url https://security.archlinux.org/AVG-520
reference_id AVG-520
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-520
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
aliases CVE-2017-15090
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urr2-qrfd-vfeh
12
url VCID-vua1-5kz6-hban
vulnerability_id VCID-vua1-5kz6-hban
summary An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-3806
reference_id
reference_type
scores
0
value 0.00024
scoring_system epss
scoring_elements 0.06287
published_at 2026-04-18T12:55:00Z
1
value 0.00024
scoring_system epss
scoring_elements 0.06333
published_at 2026-04-12T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.06322
published_at 2026-04-13T12:55:00Z
3
value 0.00024
scoring_system epss
scoring_elements 0.06274
published_at 2026-04-16T12:55:00Z
4
value 0.00024
scoring_system epss
scoring_elements 0.0623
published_at 2026-04-01T12:55:00Z
5
value 0.00024
scoring_system epss
scoring_elements 0.06264
published_at 2026-04-02T12:55:00Z
6
value 0.00024
scoring_system epss
scoring_elements 0.06283
published_at 2026-04-04T12:55:00Z
7
value 0.00024
scoring_system epss
scoring_elements 0.0626
published_at 2026-04-07T12:55:00Z
8
value 0.00024
scoring_system epss
scoring_elements 0.06305
published_at 2026-04-08T12:55:00Z
9
value 0.00024
scoring_system epss
scoring_elements 0.06346
published_at 2026-04-09T12:55:00Z
10
value 0.00024
scoring_system epss
scoring_elements 0.06338
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-3806
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806
3
reference_url https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html
reference_id
reference_type
scores
url https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html
4
reference_url https://security.archlinux.org/ASA-201901-13
reference_id ASA-201901-13
reference_type
scores
url https://security.archlinux.org/ASA-201901-13
5
reference_url https://security.archlinux.org/AVG-856
reference_id AVG-856
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-856
6
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3806
reference_id CVE-2019-3806
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H
2
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
url https://nvd.nist.gov/vuln/detail/CVE-2019-3806
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
aliases CVE-2019-3806
risk_score 3.6
exploitability 0.5
weighted_severity 7.3
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vua1-5kz6-hban
13
url VCID-xxxv-krt4-tka1
vulnerability_id VCID-xxxv-krt4-tka1
summary Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-1000003
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.03954
published_at 2026-04-01T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.03993
published_at 2026-04-02T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.0401
published_at 2026-04-04T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04024
published_at 2026-04-07T12:55:00Z
4
value 0.00017
scoring_system epss
scoring_elements 0.04031
published_at 2026-04-08T12:55:00Z
5
value 0.00017
scoring_system epss
scoring_elements 0.04049
published_at 2026-04-09T12:55:00Z
6
value 0.00017
scoring_system epss
scoring_elements 0.04021
published_at 2026-04-11T12:55:00Z
7
value 0.00017
scoring_system epss
scoring_elements 0.04007
published_at 2026-04-12T12:55:00Z
8
value 0.00017
scoring_system epss
scoring_elements 0.03979
published_at 2026-04-13T12:55:00Z
9
value 0.00017
scoring_system epss
scoring_elements 0.03962
published_at 2026-04-16T12:55:00Z
10
value 0.00017
scoring_system epss
scoring_elements 0.03974
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-1000003
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003
fixed_packages
0
url pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
purl pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-12cd-ky6m-qkdg
1
vulnerability VCID-3e3b-z5bh-pban
2
vulnerability VCID-htr2-rwgm-47ed
3
vulnerability VCID-n2k6-nfxs-7ydj
4
vulnerability VCID-s6ds-tuus-n7hr
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1
aliases CVE-2018-1000003
risk_score null
exploitability 0.5
weighted_severity 0.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xxxv-krt4-tka1
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1