Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4907?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4907?format=api", "purl": "pkg:deb/debian/pdns@2.9.21.2-1%2Blenny1", "type": "deb", "namespace": "debian", "name": "pdns", "version": "2.9.21.2-1+lenny1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.9.14-0+deb13u1", "latest_non_vulnerable_version": "4.9.14-0+deb13u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97705?format=api", "vulnerability_id": "VCID-1aex-5g1j-6ycu", "summary": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24697", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24794", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074" }, { "reference_url": "https://security.archlinux.org/ASA-201701-29", "reference_id": "ASA-201701-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-29" }, { "reference_url": "https://security.archlinux.org/ASA-201701-30", "reference_id": "ASA-201701-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-30" }, { "reference_url": "https://security.archlinux.org/AVG-147", "reference_id": "AVG-147", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-147" }, { "reference_url": "https://security.archlinux.org/AVG-148", "reference_id": "AVG-148", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-148" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4912?format=api", "purl": "pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8" } ], "aliases": [ "CVE-2016-7068" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1aex-5g1j-6ycu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97710?format=api", "vulnerability_id": "VCID-4sbu-xd68-1kg1", "summary": "An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15091", "reference_id": "", "reference_type": "", "scores": [ { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00051", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15091" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15091", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15091" }, { "reference_url": "https://security.archlinux.org/ASA-201711-30", "reference_id": "ASA-201711-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-30" }, { "reference_url": "https://security.archlinux.org/AVG-519", "reference_id": "AVG-519", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-519" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6030?format=api", "purl": "pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15091" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sbu-xd68-1kg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97714?format=api", "vulnerability_id": "VCID-5jbx-s8nk-jyg3", "summary": "A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10163", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00186", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10163" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10163" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4917?format=api", "purl": "pkg:deb/debian/pdns@4.0.3-1%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/6030?format=api", "purl": "pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1" } ], "aliases": [ "CVE-2019-10163" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5jbx-s8nk-jyg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97709?format=api", "vulnerability_id": "VCID-b7yf-chf7-23bn", "summary": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00175", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074" }, { "reference_url": "https://security.archlinux.org/ASA-201701-29", "reference_id": "ASA-201701-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-29" }, { "reference_url": "https://security.archlinux.org/ASA-201701-30", "reference_id": "ASA-201701-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-30" }, { "reference_url": "https://security.archlinux.org/AVG-147", "reference_id": "AVG-147", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-147" }, { "reference_url": "https://security.archlinux.org/AVG-148", "reference_id": "AVG-148", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-148" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4912?format=api", "purl": "pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8" } ], "aliases": [ "CVE-2016-7074" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7yf-chf7-23bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97713?format=api", "vulnerability_id": "VCID-b8rd-9xpk-7qck", "summary": "A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10162", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00343", "published_at": "2026-06-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00345", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10163", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10163" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4917?format=api", "purl": "pkg:deb/debian/pdns@4.0.3-1%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/6030?format=api", "purl": "pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1" } ], "aliases": [ "CVE-2019-10162" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b8rd-9xpk-7qck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97694?format=api", "vulnerability_id": "VCID-dbhs-hkzz-6yb4", "summary": "common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0206", "reference_id": "", "reference_type": "", "scores": [ { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.00231", "published_at": "2026-06-04T12:55:00Z" }, { "value": "5e-05", "scoring_system": "epss", "scoring_elements": "0.0023", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-0206" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0206", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0206" }, { "reference_url": "https://security.gentoo.org/glsa/201202-04", "reference_id": "GLSA-201202-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201202-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4909?format=api", "purl": "pkg:deb/debian/pdns@3.1-4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1aex-5g1j-6ycu" }, { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b7yf-chf7-23bn" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-jvrb-gawg-ufg7" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-pn7j-7cbx-wbhj" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.1-4.1" } ], "aliases": [ "CVE-2012-0206" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dbhs-hkzz-6yb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97712?format=api", "vulnerability_id": "VCID-dmsw-hy5g-pug3", "summary": "PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12937", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13018", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162", "reference_id": "913162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163", "reference_id": "913163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163" }, { "reference_url": "https://security.archlinux.org/ASA-201811-12", "reference_id": "ASA-201811-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-12" }, { "reference_url": "https://security.archlinux.org/ASA-201811-13", "reference_id": "ASA-201811-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-13" }, { "reference_url": "https://security.archlinux.org/AVG-804", "reference_id": "AVG-804", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-804" }, { "reference_url": "https://security.archlinux.org/AVG-805", "reference_id": "AVG-805", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-805" }, { "reference_url": "https://usn.ubuntu.com/7203-1/", "reference_id": "USN-7203-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7203-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6030?format=api", "purl": "pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1" } ], "aliases": [ "CVE-2018-14626" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsw-hy5g-pug3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97716?format=api", "vulnerability_id": "VCID-gbfa-2n6q-cbfz", "summary": "PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05986", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06013", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10203" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10203" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970729", "reference_id": "970729", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970729" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196074?format=api", "purl": "pkg:deb/debian/pdns@4.4.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sq8-16v4-yydc" }, { "vulnerability": "VCID-bsvk-tw8r-9qe5" }, { "vulnerability": "VCID-e1js-9ute-3kf8" }, { "vulnerability": "VCID-e5n6-qn1d-nkg7" }, { "vulnerability": "VCID-gq3g-suwj-qfc4" }, { "vulnerability": "VCID-hvtq-ncfb-p3ck" }, { "vulnerability": "VCID-m5vb-nhcv-wka3" }, { "vulnerability": "VCID-meum-uqx6-e3bs" }, { "vulnerability": "VCID-rs9f-44nz-z3fc" }, { "vulnerability": "VCID-u1rs-bywf-zbaf" }, { "vulnerability": "VCID-yjx9-kpdu-cfb7" }, { "vulnerability": "VCID-zqkm-3evt-pycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.4.1-1" } ], "aliases": [ "CVE-2019-10203" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbfa-2n6q-cbfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97701?format=api", "vulnerability_id": "VCID-gfwm-fnp9-d7e1", "summary": "PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.3697", "scoring_system": "epss", "scoring_elements": "0.97243", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.3697", "scoring_system": "epss", "scoring_elements": "0.97247", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4912?format=api", "purl": "pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/4916?format=api", "purl": "pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1" } ], "aliases": [ "CVE-2016-5426" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gfwm-fnp9-d7e1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97700?format=api", "vulnerability_id": "VCID-hp38-vkna-xbbf", "summary": "An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32125", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00131", "scoring_system": "epss", "scoring_elements": "0.32196", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074" }, { "reference_url": "https://security.archlinux.org/ASA-201701-29", "reference_id": "ASA-201701-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-29" }, { "reference_url": "https://security.archlinux.org/AVG-147", "reference_id": "AVG-147", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-147" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4912?format=api", "purl": "pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/4916?format=api", "purl": "pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1" } ], "aliases": [ "CVE-2016-2120" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hp38-vkna-xbbf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97719?format=api", "vulnerability_id": "VCID-hxzt-1jtf-huft", "summary": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31922", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00129", "scoring_system": "epss", "scoring_elements": "0.31995", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24697" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196074?format=api", "purl": "pkg:deb/debian/pdns@4.4.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sq8-16v4-yydc" }, { "vulnerability": "VCID-bsvk-tw8r-9qe5" }, { "vulnerability": "VCID-e1js-9ute-3kf8" }, { "vulnerability": "VCID-e5n6-qn1d-nkg7" }, { "vulnerability": "VCID-gq3g-suwj-qfc4" }, { "vulnerability": "VCID-hvtq-ncfb-p3ck" }, { "vulnerability": "VCID-m5vb-nhcv-wka3" }, { "vulnerability": "VCID-meum-uqx6-e3bs" }, { "vulnerability": "VCID-rs9f-44nz-z3fc" }, { "vulnerability": "VCID-u1rs-bywf-zbaf" }, { "vulnerability": "VCID-yjx9-kpdu-cfb7" }, { "vulnerability": "VCID-zqkm-3evt-pycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.4.1-1" } ], "aliases": [ "CVE-2020-24697" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxzt-1jtf-huft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97708?format=api", "vulnerability_id": "VCID-jvrb-gawg-ufg7", "summary": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00474", "published_at": "2026-06-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00476", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074" }, { "reference_url": "https://security.archlinux.org/ASA-201701-29", "reference_id": "ASA-201701-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-29" }, { "reference_url": "https://security.archlinux.org/ASA-201701-30", "reference_id": "ASA-201701-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-30" }, { "reference_url": "https://security.archlinux.org/AVG-147", "reference_id": "AVG-147", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-147" }, { "reference_url": "https://security.archlinux.org/AVG-148", "reference_id": "AVG-148", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-148" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4912?format=api", "purl": "pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8" } ], "aliases": [ "CVE-2016-7073" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvrb-gawg-ufg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97702?format=api", "vulnerability_id": "VCID-n5n2-xvth-uqd5", "summary": "PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5427", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.85547", "scoring_system": "epss", "scoring_elements": "0.99385", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.85547", "scoring_system": "epss", "scoring_elements": "0.99386", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5427" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4912?format=api", "purl": "pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/4916?format=api", "purl": "pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1" } ], "aliases": [ "CVE-2016-5427" ], "risk_score": 1.6, "exploitability": "2.0", "weighted_severity": "0.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n5n2-xvth-uqd5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6108?format=api", "vulnerability_id": "VCID-n8kr-mt65-13gj", "summary": "insufficient validation", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3871", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07747", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07778", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3871" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3871", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3871" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924966", "reference_id": "924966", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924966" }, { "reference_url": "https://security.archlinux.org/ASA-201903-13", "reference_id": "ASA-201903-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201903-13" }, { "reference_url": "https://security.archlinux.org/AVG-927", "reference_id": "AVG-927", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-927" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4917?format=api", "purl": "pkg:deb/debian/pdns@4.0.3-1%2Bdeb9u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1%252Bdeb9u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/6030?format=api", "purl": "pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1" } ], "aliases": [ "CVE-2019-3871" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n8kr-mt65-13gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97707?format=api", "vulnerability_id": "VCID-ph4w-9w5r-hqdk", "summary": "An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7072", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0881", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.0885", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074" }, { "reference_url": "https://security.archlinux.org/ASA-201701-29", "reference_id": "ASA-201701-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-29" }, { "reference_url": "https://security.archlinux.org/AVG-147", "reference_id": "AVG-147", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-147" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4912?format=api", "purl": "pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/4916?format=api", "purl": "pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1" } ], "aliases": [ "CVE-2016-7072" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ph4w-9w5r-hqdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97703?format=api", "vulnerability_id": "VCID-pn7j-7cbx-wbhj", "summary": "PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6172", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05384", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05405", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6172" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830808", "reference_id": "830808", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830808" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4912?format=api", "purl": "pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8" } ], "aliases": [ "CVE-2016-6172" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pn7j-7cbx-wbhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6304?format=api", "vulnerability_id": "VCID-qg7g-sudd-hue1", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1046", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00072", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1046" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1046", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1046" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898255", "reference_id": "898255", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898255" }, { "reference_url": "https://security.archlinux.org/ASA-201805-1", "reference_id": "ASA-201805-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-1" }, { "reference_url": "https://security.archlinux.org/AVG-686", "reference_id": "AVG-686", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-686" }, { "reference_url": "https://usn.ubuntu.com/7203-1/", "reference_id": "USN-7203-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7203-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6030?format=api", "purl": "pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1" } ], "aliases": [ "CVE-2018-1046" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qg7g-sudd-hue1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97711?format=api", "vulnerability_id": "VCID-rpze-v2md-4uca", "summary": "PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10851", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28665", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28737", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162", "reference_id": "913162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163", "reference_id": "913163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163" }, { "reference_url": "https://security.archlinux.org/ASA-201811-12", "reference_id": "ASA-201811-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-12" }, { "reference_url": "https://security.archlinux.org/ASA-201811-13", "reference_id": "ASA-201811-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-13" }, { "reference_url": "https://security.archlinux.org/AVG-804", "reference_id": "AVG-804", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-804" }, { "reference_url": "https://security.archlinux.org/AVG-805", "reference_id": "AVG-805", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-805" }, { "reference_url": "https://usn.ubuntu.com/7203-1/", "reference_id": "USN-7203-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7203-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/6030?format=api", "purl": "pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1" } ], "aliases": [ "CVE-2018-10851" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rpze-v2md-4uca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97699?format=api", "vulnerability_id": "VCID-tmg6-gqrq-2uc9", "summary": "The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5470", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00478", "published_at": "2026-06-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00481", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4912?format=api", "purl": "pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/4914?format=api", "purl": "pkg:deb/debian/pdns@3.4.6-1~bpo7%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.6-1~bpo7%252B1" } ], "aliases": [ "CVE-2015-5470" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tmg6-gqrq-2uc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97697?format=api", "vulnerability_id": "VCID-v1f6-qdrh-4fcz", "summary": "The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52861", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00292", "scoring_system": "epss", "scoring_elements": "0.52922", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5230" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5230" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4912?format=api", "purl": "pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8" }, { "url": "http://public2.vulnerablecode.io/api/packages/4915?format=api", "purl": "pkg:deb/debian/pdns@3.4.7-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.7-1~bpo8%252B1" } ], "aliases": [ "CVE-2015-5230" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v1f6-qdrh-4fcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97720?format=api", "vulnerability_id": "VCID-venu-tvd9-dqgx", "summary": "An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24698", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10222", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10267", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24698" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24698", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24698" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196074?format=api", "purl": "pkg:deb/debian/pdns@4.4.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3sq8-16v4-yydc" }, { "vulnerability": "VCID-bsvk-tw8r-9qe5" }, { "vulnerability": "VCID-e1js-9ute-3kf8" }, { "vulnerability": "VCID-e5n6-qn1d-nkg7" }, { "vulnerability": "VCID-gq3g-suwj-qfc4" }, { "vulnerability": "VCID-hvtq-ncfb-p3ck" }, { "vulnerability": "VCID-m5vb-nhcv-wka3" }, { "vulnerability": "VCID-meum-uqx6-e3bs" }, { "vulnerability": "VCID-rs9f-44nz-z3fc" }, { "vulnerability": "VCID-u1rs-bywf-zbaf" }, { "vulnerability": "VCID-yjx9-kpdu-cfb7" }, { "vulnerability": "VCID-zqkm-3evt-pycj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.4.1-1" } ], "aliases": [ "CVE-2020-24698" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-venu-tvd9-dqgx" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97691?format=api", "vulnerability_id": "VCID-f3qq-z3eb-nfaw", "summary": "PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3337.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3337.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3337", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05843", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05865", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-3337" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3337", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3337" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=458122", "reference_id": "458122", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458122" }, { "reference_url": "https://security.gentoo.org/glsa/200812-19", "reference_id": "GLSA-200812-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200812-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4907?format=api", "purl": "pkg:deb/debian/pdns@2.9.21.2-1%2Blenny1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1aex-5g1j-6ycu" }, { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b7yf-chf7-23bn" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dbhs-hkzz-6yb4" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-jvrb-gawg-ufg7" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-pn7j-7cbx-wbhj" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@2.9.21.2-1%252Blenny1" } ], "aliases": [ "CVE-2008-3337" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f3qq-z3eb-nfaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97692?format=api", "vulnerability_id": "VCID-sbcz-g3gg-ybfh", "summary": "PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5277.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0905", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09091", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-5277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5277" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=475440", "reference_id": "475440", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=475440" }, { "reference_url": "https://security.gentoo.org/glsa/200812-19", "reference_id": "GLSA-200812-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200812-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4907?format=api", "purl": "pkg:deb/debian/pdns@2.9.21.2-1%2Blenny1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1aex-5g1j-6ycu" }, { "vulnerability": "VCID-4sbu-xd68-1kg1" }, { "vulnerability": "VCID-5jbx-s8nk-jyg3" }, { "vulnerability": "VCID-b7yf-chf7-23bn" }, { "vulnerability": "VCID-b8rd-9xpk-7qck" }, { "vulnerability": "VCID-dbhs-hkzz-6yb4" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-gbfa-2n6q-cbfz" }, { "vulnerability": "VCID-gfwm-fnp9-d7e1" }, { "vulnerability": "VCID-hp38-vkna-xbbf" }, { "vulnerability": "VCID-hxzt-1jtf-huft" }, { "vulnerability": "VCID-jvrb-gawg-ufg7" }, { "vulnerability": "VCID-n5n2-xvth-uqd5" }, { "vulnerability": "VCID-n8kr-mt65-13gj" }, { "vulnerability": "VCID-ph4w-9w5r-hqdk" }, { "vulnerability": "VCID-pn7j-7cbx-wbhj" }, { "vulnerability": "VCID-qg7g-sudd-hue1" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-v1f6-qdrh-4fcz" }, { "vulnerability": "VCID-venu-tvd9-dqgx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@2.9.21.2-1%252Blenny1" } ], "aliases": [ "CVE-2008-5277" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sbcz-g3gg-ybfh" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@2.9.21.2-1%252Blenny1" }