Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/dnsdist@2.0.3-1
Typedeb
Namespacedebian
Namednsdist
Version2.0.3-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.0.4-1
Latest_non_vulnerable_version2.0.4-1
Affected_by_vulnerabilities
0
url VCID-1mgq-74b9-4bcg
vulnerability_id VCID-1mgq-74b9-4bcg
summary A client can trigger excessive memory allocation by generating a lot of errors responses over a single DoQ and DoH3 connection, as some resources were not properly released until the end of the connection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33595
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01113
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33595
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33595
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33595
2
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
reference_id powerdns-advisory-for-dnsdist-2026-04.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:40:24Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-33595
risk_score 1.3
exploitability 0.5
weighted_severity 2.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1mgq-74b9-4bcg
1
url VCID-744k-b7s7-kbh5
vulnerability_id VCID-744k-b7s7-kbh5
summary A rogue backend can send a crafted SVCB response to a Discovery of Designated Resolvers request, when requested via either the autoUpgrade (Lua) option to newServer or auto_upgrade (YAML) settings. DDR upgrade is not enabled by default.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33599
reference_id
reference_type
scores
0
value 5e-05
scoring_system epss
scoring_elements 0.00277
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33599
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33599
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33599
2
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
reference_id powerdns-advisory-for-dnsdist-2026-04.html
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:50:15Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-33599
risk_score 0.8
exploitability 0.5
weighted_severity 1.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-744k-b7s7-kbh5
2
url VCID-7xds-447f-qufr
vulnerability_id VCID-7xds-447f-qufr
summary A client might theoretically be able to cause a mismatch between queries sent to a backend and the received responses by sending a flood of perfectly timed queries that are routed to a TCP-only or DNS over TLS backend.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33596
reference_id
reference_type
scores
0
value 5e-05
scoring_system epss
scoring_elements 0.00279
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33596
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33596
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33596
2
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
reference_id powerdns-advisory-for-dnsdist-2026-04.html
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:43:12Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-33596
risk_score 0.8
exploitability 0.5
weighted_severity 1.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7xds-447f-qufr
3
url VCID-a65j-y7z3-fudk
vulnerability_id VCID-a65j-y7z3-fudk
summary A rogue backend can send a crafted UDP response with a query ID off by one related to the maximum configured value, triggering an out-of-bounds write leading to a denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33602
reference_id
reference_type
scores
0
value 5e-05
scoring_system epss
scoring_elements 0.00235
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33602
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33602
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33602
2
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
reference_id powerdns-advisory-for-dnsdist-2026-04.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:46:39Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-33602
risk_score 1.6
exploitability 0.5
weighted_severity 3.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a65j-y7z3-fudk
4
url VCID-afun-gxhy-rbed
vulnerability_id VCID-afun-gxhy-rbed
summary A client can trigger a divide by zero error leading to crash by sending a crafted DNSCrypt query.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33593
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.05546
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33593
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33593
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33593
2
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
reference_id powerdns-advisory-for-dnsdist-2026-04.html
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:29:04Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-33593
risk_score 1.9
exploitability 0.5
weighted_severity 3.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-afun-gxhy-rbed
5
url VCID-chzq-qej6-rkdq
vulnerability_id VCID-chzq-qej6-rkdq
summary An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33257
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.00988
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33257
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33257
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33257
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html
reference_id powerdns-advisory-2026-05.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:48Z/
url https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html
4
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
reference_id powerdns-advisory-for-dnsdist-2026-04.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:48Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
5
reference_url https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html
reference_id powerdns-advisory-powerdns-2026-03.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:48Z/
url https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-33257
risk_score 1.3
exploitability 0.5
weighted_severity 2.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chzq-qej6-rkdq
6
url VCID-fbsf-bbw7-kyah
vulnerability_id VCID-fbsf-bbw7-kyah
summary PRSD detection denial of service
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33597
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01911
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33597
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33597
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33597
2
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
reference_id powerdns-advisory-for-dnsdist-2026-04.html
reference_type
scores
0
value 3.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:41:11Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-33597
risk_score 0.9
exploitability 0.5
weighted_severity 1.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fbsf-bbw7-kyah
7
url VCID-nrex-hpxg-ekhs
vulnerability_id VCID-nrex-hpxg-ekhs
summary A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released until the end of the connection.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33594
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01113
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33594
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33594
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33594
2
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
reference_id powerdns-advisory-for-dnsdist-2026-04.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:36:44Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-33594
risk_score 1.3
exploitability 0.5
weighted_severity 2.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nrex-hpxg-ekhs
8
url VCID-pfhu-1qdf-p7d5
vulnerability_id VCID-pfhu-1qdf-p7d5
summary An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33260
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.00988
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33260
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33260
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33260
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html
reference_id powerdns-advisory-2026-05.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:50Z/
url https://docs.powerdns.com/authoritative/security-advisories/powerdns-advisory-2026-05.html
4
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
reference_id powerdns-advisory-for-dnsdist-2026-04.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:50Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
5
reference_url https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html
reference_id powerdns-advisory-powerdns-2026-03.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T17:54:50Z/
url https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-powerdns-2026-03.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-33260
risk_score 1.3
exploitability 0.5
weighted_severity 2.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pfhu-1qdf-p7d5
9
url VCID-qc7c-1d8j-hfha
vulnerability_id VCID-qc7c-1d8j-hfha
summary A cached crafted response can cause an out-of-bounds read if custom Lua code calls getDomainListByAddress() or getAddressListByDomain() on a packet cache.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33598
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.01005
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33598
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33598
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33598
2
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
reference_id powerdns-advisory-for-dnsdist-2026-04.html
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:49:38Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-33598
risk_score 1.2
exploitability 0.5
weighted_severity 2.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qc7c-1d8j-hfha
10
url VCID-ytdy-s1ug-dkh7
vulnerability_id VCID-ytdy-s1ug-dkh7
summary An attacker can create a large number of concurrent DoQ or DoH3 connections, causing unlimited memory allocation in DNSdist and leading to a denial of service. DOQ and DoH3 are disabled by default.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33254
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01103
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33254
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33254
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33254
2
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
reference_id powerdns-advisory-for-dnsdist-2026-04.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-22T14:51:24Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-04.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-33254
risk_score 1.3
exploitability 0.5
weighted_severity 2.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ytdy-s1ug-dkh7
Fixing_vulnerabilities
0
url VCID-3qce-a24m-yue1
vulnerability_id VCID-3qce-a24m-yue1
summary An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27853
reference_id
reference_type
scores
0
value 0.0002
scoring_system epss
scoring_elements 0.0535
published_at 2026-04-04T12:55:00Z
1
value 0.0002
scoring_system epss
scoring_elements 0.05319
published_at 2026-04-02T12:55:00Z
2
value 0.00024
scoring_system epss
scoring_elements 0.0646
published_at 2026-04-12T12:55:00Z
3
value 0.00024
scoring_system epss
scoring_elements 0.06382
published_at 2026-04-07T12:55:00Z
4
value 0.00024
scoring_system epss
scoring_elements 0.0643
published_at 2026-04-08T12:55:00Z
5
value 0.00024
scoring_system epss
scoring_elements 0.06466
published_at 2026-04-11T12:55:00Z
6
value 0.00024
scoring_system epss
scoring_elements 0.06473
published_at 2026-04-09T12:55:00Z
7
value 0.00024
scoring_system epss
scoring_elements 0.06449
published_at 2026-04-13T12:55:00Z
8
value 0.00025
scoring_system epss
scoring_elements 0.0701
published_at 2026-04-24T12:55:00Z
9
value 0.00025
scoring_system epss
scoring_elements 0.06907
published_at 2026-04-16T12:55:00Z
10
value 0.00025
scoring_system epss
scoring_elements 0.06891
published_at 2026-04-18T12:55:00Z
11
value 0.00025
scoring_system epss
scoring_elements 0.07026
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27853
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27853
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27853
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:14:03Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
aliases CVE-2026-27853
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3qce-a24m-yue1
1
url VCID-atx2-yc9p-g3c7
vulnerability_id VCID-atx2-yc9p-g3c7
summary An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24030
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01868
published_at 2026-04-04T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01856
published_at 2026-04-02T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.02872
published_at 2026-04-12T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.02893
published_at 2026-04-07T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.02894
published_at 2026-04-08T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.02891
published_at 2026-04-11T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.02919
published_at 2026-04-09T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.02867
published_at 2026-04-13T12:55:00Z
8
value 0.00016
scoring_system epss
scoring_elements 0.03414
published_at 2026-04-24T12:55:00Z
9
value 0.00016
scoring_system epss
scoring_elements 0.03302
published_at 2026-04-16T12:55:00Z
10
value 0.00016
scoring_system epss
scoring_elements 0.03313
published_at 2026-04-18T12:55:00Z
11
value 0.00016
scoring_system epss
scoring_elements 0.03429
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24030
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24030
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24030
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:14:53Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
aliases CVE-2026-24030
risk_score 1.3
exploitability 0.5
weighted_severity 2.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-atx2-yc9p-g3c7
2
url VCID-c7az-aw1f-4yah
vulnerability_id VCID-c7az-aw1f-4yah
summary When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24029
reference_id
reference_type
scores
0
value 3e-05
scoring_system epss
scoring_elements 0.00105
published_at 2026-04-24T12:55:00Z
1
value 3e-05
scoring_system epss
scoring_elements 0.00061
published_at 2026-04-02T12:55:00Z
2
value 3e-05
scoring_system epss
scoring_elements 0.00089
published_at 2026-04-08T12:55:00Z
3
value 3e-05
scoring_system epss
scoring_elements 0.00091
published_at 2026-04-13T12:55:00Z
4
value 3e-05
scoring_system epss
scoring_elements 0.00103
published_at 2026-04-18T12:55:00Z
5
value 3e-05
scoring_system epss
scoring_elements 0.0006
published_at 2026-04-04T12:55:00Z
6
value 3e-05
scoring_system epss
scoring_elements 0.0009
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24029
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24029
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24029
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:15:34Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
aliases CVE-2026-24029
risk_score 1.6
exploitability 0.5
weighted_severity 3.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c7az-aw1f-4yah
3
url VCID-gx8g-nvhj-1kak
vulnerability_id VCID-gx8g-nvhj-1kak
summary When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of the Cross-Origin Resource Sharing (CORS) policy.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0397
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01085
published_at 2026-04-04T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01083
published_at 2026-04-02T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01506
published_at 2026-04-24T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01398
published_at 2026-04-16T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01412
published_at 2026-04-18T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01499
published_at 2026-04-21T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01266
published_at 2026-04-07T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01272
published_at 2026-04-08T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01276
published_at 2026-04-09T12:55:00Z
9
value 0.00011
scoring_system epss
scoring_elements 0.01258
published_at 2026-04-11T12:55:00Z
10
value 0.00011
scoring_system epss
scoring_elements 0.01252
published_at 2026-04-12T12:55:00Z
11
value 0.00011
scoring_system epss
scoring_elements 0.01254
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0397
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0397
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0397
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:19:54Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
aliases CVE-2026-0397
risk_score 0.8
exploitability 0.5
weighted_severity 1.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gx8g-nvhj-1kak
4
url VCID-rf53-w9k3-7ych
vulnerability_id VCID-rf53-w9k3-7ych
summary An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24028
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01868
published_at 2026-04-04T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01856
published_at 2026-04-02T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03033
published_at 2026-04-24T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.02907
published_at 2026-04-16T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.02917
published_at 2026-04-18T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.03035
published_at 2026-04-21T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.02893
published_at 2026-04-07T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.02894
published_at 2026-04-08T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.02919
published_at 2026-04-09T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.02891
published_at 2026-04-11T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.02872
published_at 2026-04-12T12:55:00Z
11
value 0.00015
scoring_system epss
scoring_elements 0.02867
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24028
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24028
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24028
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:18:03Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
aliases CVE-2026-24028
risk_score 1.3
exploitability 0.5
weighted_severity 2.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rf53-w9k3-7ych
5
url VCID-szpa-skfv-bygh
vulnerability_id VCID-szpa-skfv-bygh
summary An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a use-after-free and potentially a crash resulting in denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27854
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01353
published_at 2026-04-08T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01336
published_at 2026-04-13T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01334
published_at 2026-04-12T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.0134
published_at 2026-04-11T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01352
published_at 2026-04-09T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01349
published_at 2026-04-07T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03033
published_at 2026-04-24T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.02907
published_at 2026-04-16T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.02917
published_at 2026-04-18T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.03035
published_at 2026-04-21T12:55:00Z
10
value 9e-05
scoring_system epss
scoring_elements 0.0095
published_at 2026-04-02T12:55:00Z
11
value 9e-05
scoring_system epss
scoring_elements 0.00951
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27854
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27854
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27854
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:12:37Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
aliases CVE-2026-27854
risk_score 1.2
exploitability 0.5
weighted_severity 2.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-szpa-skfv-bygh
6
url VCID-x5p9-vthx-tud8
vulnerability_id VCID-x5p9-vthx-tud8
summary An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0396
reference_id
reference_type
scores
0
value 3e-05
scoring_system epss
scoring_elements 0.00135
published_at 2026-04-04T12:55:00Z
1
value 3e-05
scoring_system epss
scoring_elements 0.00134
published_at 2026-04-02T12:55:00Z
2
value 4e-05
scoring_system epss
scoring_elements 0.0016
published_at 2026-04-24T12:55:00Z
3
value 4e-05
scoring_system epss
scoring_elements 0.00155
published_at 2026-04-16T12:55:00Z
4
value 4e-05
scoring_system epss
scoring_elements 0.00156
published_at 2026-04-18T12:55:00Z
5
value 4e-05
scoring_system epss
scoring_elements 0.00157
published_at 2026-04-21T12:55:00Z
6
value 4e-05
scoring_system epss
scoring_elements 0.00149
published_at 2026-04-13T12:55:00Z
7
value 4e-05
scoring_system epss
scoring_elements 0.00148
published_at 2026-04-09T12:55:00Z
8
value 4e-05
scoring_system epss
scoring_elements 0.0015
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0396
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0396
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0396
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:21:05Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
aliases CVE-2026-0396
risk_score 0.8
exploitability 0.5
weighted_severity 1.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5p9-vthx-tud8
Risk_score1.9
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1