Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/5932?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/5932?format=api", "purl": "pkg:deb/debian/pdns-recursor@3.3-3%2Bdeb7u1", "type": "deb", "namespace": "debian", "name": "pdns-recursor", "version": "3.3-3+deb7u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.2.9-0+deb13u1", "latest_non_vulnerable_version": "5.2.9-0+deb13u1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97705?format=api", "vulnerability_id": "VCID-1aex-5g1j-6ycu", "summary": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24697", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00085", "scoring_system": "epss", "scoring_elements": "0.24794", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074" }, { "reference_url": "https://security.archlinux.org/ASA-201701-29", "reference_id": "ASA-201701-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-29" }, { "reference_url": "https://security.archlinux.org/ASA-201701-30", "reference_id": "ASA-201701-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-30" }, { "reference_url": "https://security.archlinux.org/AVG-147", "reference_id": "AVG-147", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-147" }, { "reference_url": "https://security.archlinux.org/AVG-148", "reference_id": "AVG-148", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-148" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5936?format=api", "purl": "pkg:deb/debian/pdns-recursor@3.6.2-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1aex-5g1j-6ycu" }, { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-57pa-xjqe-rqhp" }, { "vulnerability": "VCID-6g9m-xqf1-nua1" }, { "vulnerability": "VCID-8c6p-nczh-83ce" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-b7yf-chf7-23bn" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-dmr2-qydm-d3dt" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-jvrb-gawg-ufg7" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-q6eg-qzcn-fqbp" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-wxe6-kebx-6qbc" }, { "vulnerability": "VCID-xhkf-q952-qfc2" }, { "vulnerability": "VCID-y5t7-ne53-ufar" }, { "vulnerability": "VCID-yrea-z75q-a3cy" }, { "vulnerability": "VCID-z8ps-5hq7-5uey" }, { "vulnerability": "VCID-zafe-qcj3-pygt" }, { "vulnerability": "VCID-zbr8-wzq5-6bg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/5938?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-57pa-xjqe-rqhp" }, { "vulnerability": "VCID-6g9m-xqf1-nua1" }, { "vulnerability": "VCID-8c6p-nczh-83ce" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-dmr2-qydm-d3dt" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-q6eg-qzcn-fqbp" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-wxe6-kebx-6qbc" }, { "vulnerability": "VCID-xhkf-q952-qfc2" }, { "vulnerability": "VCID-y5t7-ne53-ufar" }, { "vulnerability": "VCID-z8ps-5hq7-5uey" }, { "vulnerability": "VCID-zafe-qcj3-pygt" }, { "vulnerability": "VCID-zbr8-wzq5-6bg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1" } ], "aliases": [ "CVE-2016-7068" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1aex-5g1j-6ycu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5822?format=api", "vulnerability_id": "VCID-3zj4-68f8-w3he", "summary": "denial of service", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.4822", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48283", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25829" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159", "reference_id": "972159", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159" }, { "reference_url": "https://security.archlinux.org/ASA-202010-6", "reference_id": "ASA-202010-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202010-6" }, { "reference_url": "https://security.archlinux.org/AVG-1243", "reference_id": "AVG-1243", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1243" }, { "reference_url": "https://security.gentoo.org/glsa/202012-19", "reference_id": "GLSA-202012-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-19" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5940?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.4.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3wzr-2eer-77hf" }, { "vulnerability": "VCID-55ew-qe9a-5uen" }, { "vulnerability": "VCID-5w5a-jcrh-nyb1" }, { "vulnerability": "VCID-6b9g-rn64-8qdm" }, { "vulnerability": "VCID-baea-ybbp-fbc3" }, { "vulnerability": "VCID-bkjx-b5yp-afg9" }, { "vulnerability": "VCID-d5mw-hsbt-u7bj" }, { "vulnerability": "VCID-dmn7-brss-q3ck" }, { "vulnerability": "VCID-e1js-9ute-3kf8" }, { "vulnerability": "VCID-e5n6-qn1d-nkg7" }, { "vulnerability": "VCID-jqh9-kg7m-d3dn" }, { "vulnerability": "VCID-jt65-9bh8-9bgc" }, { "vulnerability": "VCID-me6t-p2ef-43ch" }, { "vulnerability": "VCID-rryv-rqx6-53fn" }, { "vulnerability": "VCID-rs9f-44nz-z3fc" }, { "vulnerability": "VCID-ur4y-xu6a-3qck" }, { "vulnerability": "VCID-uzyx-z58g-jkft" }, { "vulnerability": "VCID-ww6x-997u-6fhs" }, { "vulnerability": "VCID-xas6-wfzz-hbbz" }, { "vulnerability": "VCID-xzkz-rsgv-wuaa" }, { "vulnerability": "VCID-y53p-jj1w-xqet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3" } ], "aliases": [ "CVE-2020-25829" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3zj4-68f8-w3he" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97748?format=api", "vulnerability_id": "VCID-57pa-xjqe-rqhp", "summary": "Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000003", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01873", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01886", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000003" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-1000003" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-57pa-xjqe-rqhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97742?format=api", "vulnerability_id": "VCID-6g9m-xqf1-nua1", "summary": "An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15090", "reference_id": "", "reference_type": "", "scores": [ { "value": "1e-05", "scoring_system": "epss", "scoring_elements": "0.0002", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15090" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090" }, { "reference_url": "https://security.archlinux.org/ASA-201711-31", "reference_id": "ASA-201711-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-31" }, { "reference_url": "https://security.archlinux.org/AVG-520", "reference_id": "AVG-520", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-520" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15090" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6g9m-xqf1-nua1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97743?format=api", "vulnerability_id": "VCID-8c6p-nczh-83ce", "summary": "A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15092", "reference_id": "", "reference_type": "", "scores": [ { "value": "2e-05", "scoring_system": "epss", "scoring_elements": "0.00026", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15092" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092" }, { "reference_url": "https://security.archlinux.org/ASA-201711-31", "reference_id": "ASA-201711-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-31" }, { "reference_url": "https://security.archlinux.org/AVG-520", "reference_id": "AVG-520", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-520" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15092" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8c6p-nczh-83ce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97754?format=api", "vulnerability_id": "VCID-8tet-nec6-zkfw", "summary": "PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10995", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31395", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00126", "scoring_system": "epss", "scoring_elements": "0.31464", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10995" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244" }, { "reference_url": "https://security.archlinux.org/ASA-202005-10", "reference_id": "ASA-202005-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-10" }, { "reference_url": "https://security.archlinux.org/AVG-1163", "reference_id": "AVG-1163", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1163" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/5940?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.4.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3wzr-2eer-77hf" }, { "vulnerability": "VCID-55ew-qe9a-5uen" }, { "vulnerability": "VCID-5w5a-jcrh-nyb1" }, { "vulnerability": "VCID-6b9g-rn64-8qdm" }, { "vulnerability": "VCID-baea-ybbp-fbc3" }, { "vulnerability": "VCID-bkjx-b5yp-afg9" }, { "vulnerability": "VCID-d5mw-hsbt-u7bj" }, { "vulnerability": "VCID-dmn7-brss-q3ck" }, { "vulnerability": "VCID-e1js-9ute-3kf8" }, { "vulnerability": "VCID-e5n6-qn1d-nkg7" }, { "vulnerability": "VCID-jqh9-kg7m-d3dn" }, { "vulnerability": "VCID-jt65-9bh8-9bgc" }, { "vulnerability": "VCID-me6t-p2ef-43ch" }, { "vulnerability": "VCID-rryv-rqx6-53fn" }, { "vulnerability": "VCID-rs9f-44nz-z3fc" }, { "vulnerability": "VCID-ur4y-xu6a-3qck" }, { "vulnerability": "VCID-uzyx-z58g-jkft" }, { "vulnerability": "VCID-ww6x-997u-6fhs" }, { "vulnerability": "VCID-xas6-wfzz-hbbz" }, { "vulnerability": "VCID-xzkz-rsgv-wuaa" }, { "vulnerability": "VCID-y53p-jj1w-xqet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3" } ], "aliases": [ "CVE-2020-10995" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8tet-nec6-zkfw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97709?format=api", "vulnerability_id": "VCID-b7yf-chf7-23bn", "summary": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00175", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074" }, { "reference_url": "https://security.archlinux.org/ASA-201701-29", "reference_id": "ASA-201701-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-29" }, { "reference_url": "https://security.archlinux.org/ASA-201701-30", "reference_id": "ASA-201701-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-30" }, { "reference_url": "https://security.archlinux.org/AVG-147", "reference_id": "AVG-147", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-147" }, { "reference_url": "https://security.archlinux.org/AVG-148", "reference_id": "AVG-148", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-148" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5938?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-57pa-xjqe-rqhp" }, { "vulnerability": "VCID-6g9m-xqf1-nua1" }, { "vulnerability": "VCID-8c6p-nczh-83ce" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-dmr2-qydm-d3dt" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-q6eg-qzcn-fqbp" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-wxe6-kebx-6qbc" }, { "vulnerability": "VCID-xhkf-q952-qfc2" }, { "vulnerability": "VCID-y5t7-ne53-ufar" }, { "vulnerability": "VCID-z8ps-5hq7-5uey" }, { "vulnerability": "VCID-zafe-qcj3-pygt" }, { "vulnerability": "VCID-zbr8-wzq5-6bg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1" } ], "aliases": [ "CVE-2016-7074" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7yf-chf7-23bn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97757?format=api", "vulnerability_id": "VCID-bx81-efgj-mkd9", "summary": "In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.073", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07334", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103", "reference_id": "964103", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103" }, { "reference_url": "https://security.archlinux.org/AVG-1199", "reference_id": "AVG-1199", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1199" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5940?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.4.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3wzr-2eer-77hf" }, { "vulnerability": "VCID-55ew-qe9a-5uen" }, { "vulnerability": "VCID-5w5a-jcrh-nyb1" }, { "vulnerability": "VCID-6b9g-rn64-8qdm" }, { "vulnerability": "VCID-baea-ybbp-fbc3" }, { "vulnerability": "VCID-bkjx-b5yp-afg9" }, { "vulnerability": "VCID-d5mw-hsbt-u7bj" }, { "vulnerability": "VCID-dmn7-brss-q3ck" }, { "vulnerability": "VCID-e1js-9ute-3kf8" }, { "vulnerability": "VCID-e5n6-qn1d-nkg7" }, { "vulnerability": "VCID-jqh9-kg7m-d3dn" }, { "vulnerability": "VCID-jt65-9bh8-9bgc" }, { "vulnerability": "VCID-me6t-p2ef-43ch" }, { "vulnerability": "VCID-rryv-rqx6-53fn" }, { "vulnerability": "VCID-rs9f-44nz-z3fc" }, { "vulnerability": "VCID-ur4y-xu6a-3qck" }, { "vulnerability": "VCID-uzyx-z58g-jkft" }, { "vulnerability": "VCID-ww6x-997u-6fhs" }, { "vulnerability": "VCID-xas6-wfzz-hbbz" }, { "vulnerability": "VCID-xzkz-rsgv-wuaa" }, { "vulnerability": "VCID-y53p-jj1w-xqet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3" } ], "aliases": [ "CVE-2020-14196" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bx81-efgj-mkd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97746?format=api", "vulnerability_id": "VCID-dmr2-qydm-d3dt", "summary": "An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15094", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00199", "published_at": "2026-06-04T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00198", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15094" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094" }, { "reference_url": "https://security.archlinux.org/ASA-201711-31", "reference_id": "ASA-201711-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-31" }, { "reference_url": "https://security.archlinux.org/AVG-520", "reference_id": "AVG-520", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-520" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15094" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmr2-qydm-d3dt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97712?format=api", "vulnerability_id": "VCID-dmsw-hy5g-pug3", "summary": "PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14626", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.12937", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13018", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14626" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162", "reference_id": "913162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163", "reference_id": "913163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163" }, { "reference_url": "https://security.archlinux.org/ASA-201811-12", "reference_id": "ASA-201811-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-12" }, { "reference_url": "https://security.archlinux.org/ASA-201811-13", "reference_id": "ASA-201811-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-13" }, { "reference_url": "https://security.archlinux.org/AVG-804", "reference_id": "AVG-804", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-804" }, { "reference_url": "https://security.archlinux.org/AVG-805", "reference_id": "AVG-805", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-805" }, { "reference_url": "https://usn.ubuntu.com/7203-1/", "reference_id": "USN-7203-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7203-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-14626" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsw-hy5g-pug3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97738?format=api", "vulnerability_id": "VCID-j6qh-v6js-qubg", "summary": "Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3614", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00926", "published_at": "2026-06-04T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00938", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5933?format=api", "purl": "pkg:deb/debian/pdns-recursor@3.6.2-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1aex-5g1j-6ycu" }, { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-57pa-xjqe-rqhp" }, { "vulnerability": "VCID-6g9m-xqf1-nua1" }, { "vulnerability": "VCID-8c6p-nczh-83ce" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-b7yf-chf7-23bn" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-dmr2-qydm-d3dt" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-jvrb-gawg-ufg7" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-q6eg-qzcn-fqbp" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-wxe6-kebx-6qbc" }, { "vulnerability": "VCID-xhkf-q952-qfc2" }, { "vulnerability": "VCID-y5t7-ne53-ufar" }, { "vulnerability": "VCID-yrea-z75q-a3cy" }, { "vulnerability": "VCID-z8ps-5hq7-5uey" }, { "vulnerability": "VCID-zafe-qcj3-pygt" }, { "vulnerability": "VCID-zbr8-wzq5-6bg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2" } ], "aliases": [ "CVE-2014-3614" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j6qh-v6js-qubg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97708?format=api", "vulnerability_id": "VCID-jvrb-gawg-ufg7", "summary": "An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00474", "published_at": "2026-06-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00476", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074" }, { "reference_url": "https://security.archlinux.org/ASA-201701-29", "reference_id": "ASA-201701-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-29" }, { "reference_url": "https://security.archlinux.org/ASA-201701-30", "reference_id": "ASA-201701-30", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-30" }, { "reference_url": "https://security.archlinux.org/AVG-147", "reference_id": "AVG-147", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-147" }, { "reference_url": "https://security.archlinux.org/AVG-148", "reference_id": "AVG-148", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-148" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5938?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-57pa-xjqe-rqhp" }, { "vulnerability": "VCID-6g9m-xqf1-nua1" }, { "vulnerability": "VCID-8c6p-nczh-83ce" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-dmr2-qydm-d3dt" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-q6eg-qzcn-fqbp" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-wxe6-kebx-6qbc" }, { "vulnerability": "VCID-xhkf-q952-qfc2" }, { "vulnerability": "VCID-y5t7-ne53-ufar" }, { "vulnerability": "VCID-z8ps-5hq7-5uey" }, { "vulnerability": "VCID-zafe-qcj3-pygt" }, { "vulnerability": "VCID-zbr8-wzq5-6bg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1" } ], "aliases": [ "CVE-2016-7073" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvrb-gawg-ufg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97756?format=api", "vulnerability_id": "VCID-ped2-apf8-8ygw", "summary": "An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.1935", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00061", "scoring_system": "epss", "scoring_elements": "0.19425", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244" }, { "reference_url": "https://security.archlinux.org/ASA-202005-10", "reference_id": "ASA-202005-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-10" }, { "reference_url": "https://security.archlinux.org/AVG-1163", "reference_id": "AVG-1163", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1163" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/5940?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.4.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3wzr-2eer-77hf" }, { "vulnerability": "VCID-55ew-qe9a-5uen" }, { "vulnerability": "VCID-5w5a-jcrh-nyb1" }, { "vulnerability": "VCID-6b9g-rn64-8qdm" }, { "vulnerability": "VCID-baea-ybbp-fbc3" }, { "vulnerability": "VCID-bkjx-b5yp-afg9" }, { "vulnerability": "VCID-d5mw-hsbt-u7bj" }, { "vulnerability": "VCID-dmn7-brss-q3ck" }, { "vulnerability": "VCID-e1js-9ute-3kf8" }, { "vulnerability": "VCID-e5n6-qn1d-nkg7" }, { "vulnerability": "VCID-jqh9-kg7m-d3dn" }, { "vulnerability": "VCID-jt65-9bh8-9bgc" }, { "vulnerability": "VCID-me6t-p2ef-43ch" }, { "vulnerability": "VCID-rryv-rqx6-53fn" }, { "vulnerability": "VCID-rs9f-44nz-z3fc" }, { "vulnerability": "VCID-ur4y-xu6a-3qck" }, { "vulnerability": "VCID-uzyx-z58g-jkft" }, { "vulnerability": "VCID-ww6x-997u-6fhs" }, { "vulnerability": "VCID-xas6-wfzz-hbbz" }, { "vulnerability": "VCID-xzkz-rsgv-wuaa" }, { "vulnerability": "VCID-y53p-jj1w-xqet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3" } ], "aliases": [ "CVE-2020-12244" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ped2-apf8-8ygw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97750?format=api", "vulnerability_id": "VCID-q6eg-qzcn-fqbp", "summary": "An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16855", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70787", "scoring_system": "epss", "scoring_elements": "0.98718", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16855" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855" }, { "reference_url": "https://security.archlinux.org/ASA-201811-21", "reference_id": "ASA-201811-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-21" }, { "reference_url": "https://security.archlinux.org/AVG-821", "reference_id": "AVG-821", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-821" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-16855" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q6eg-qzcn-fqbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97711?format=api", "vulnerability_id": "VCID-rpze-v2md-4uca", "summary": "PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10851", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28665", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00108", "scoring_system": "epss", "scoring_elements": "0.28737", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-10851" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162", "reference_id": "913162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163", "reference_id": "913163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163" }, { "reference_url": "https://security.archlinux.org/ASA-201811-12", "reference_id": "ASA-201811-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-12" }, { "reference_url": "https://security.archlinux.org/ASA-201811-13", "reference_id": "ASA-201811-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-13" }, { "reference_url": "https://security.archlinux.org/AVG-804", "reference_id": "AVG-804", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-804" }, { "reference_url": "https://security.archlinux.org/AVG-805", "reference_id": "AVG-805", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-805" }, { "reference_url": "https://usn.ubuntu.com/7203-1/", "reference_id": "USN-7203-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7203-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-10851" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rpze-v2md-4uca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97739?format=api", "vulnerability_id": "VCID-thqn-jsc5-ryc6", "summary": "PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service (\"performance degradations\") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73684", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73722", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601" }, { "reference_url": "https://security.gentoo.org/glsa/201412-33", "reference_id": "GLSA-201412-33", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5933?format=api", "purl": "pkg:deb/debian/pdns-recursor@3.6.2-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1aex-5g1j-6ycu" }, { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-57pa-xjqe-rqhp" }, { "vulnerability": "VCID-6g9m-xqf1-nua1" }, { "vulnerability": "VCID-8c6p-nczh-83ce" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-b7yf-chf7-23bn" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-dmr2-qydm-d3dt" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-jvrb-gawg-ufg7" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-q6eg-qzcn-fqbp" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-wxe6-kebx-6qbc" }, { "vulnerability": "VCID-xhkf-q952-qfc2" }, { "vulnerability": "VCID-y5t7-ne53-ufar" }, { "vulnerability": "VCID-yrea-z75q-a3cy" }, { "vulnerability": "VCID-z8ps-5hq7-5uey" }, { "vulnerability": "VCID-zafe-qcj3-pygt" }, { "vulnerability": "VCID-zbr8-wzq5-6bg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2" } ], "aliases": [ "CVE-2014-8601" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-thqn-jsc5-ryc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97699?format=api", "vulnerability_id": "VCID-tmg6-gqrq-2uc9", "summary": "The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5470", "reference_id": "", "reference_type": "", "scores": [ { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00478", "published_at": "2026-06-04T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00481", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5470" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5936?format=api", "purl": "pkg:deb/debian/pdns-recursor@3.6.2-2%2Bdeb8u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1aex-5g1j-6ycu" }, { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-57pa-xjqe-rqhp" }, { "vulnerability": "VCID-6g9m-xqf1-nua1" }, { "vulnerability": "VCID-8c6p-nczh-83ce" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-b7yf-chf7-23bn" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-dmr2-qydm-d3dt" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-jvrb-gawg-ufg7" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-q6eg-qzcn-fqbp" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-wxe6-kebx-6qbc" }, { "vulnerability": "VCID-xhkf-q952-qfc2" }, { "vulnerability": "VCID-y5t7-ne53-ufar" }, { "vulnerability": "VCID-yrea-z75q-a3cy" }, { "vulnerability": "VCID-z8ps-5hq7-5uey" }, { "vulnerability": "VCID-zafe-qcj3-pygt" }, { "vulnerability": "VCID-zbr8-wzq5-6bg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2%252Bdeb8u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/5938?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-57pa-xjqe-rqhp" }, { "vulnerability": "VCID-6g9m-xqf1-nua1" }, { "vulnerability": "VCID-8c6p-nczh-83ce" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-dmr2-qydm-d3dt" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-q6eg-qzcn-fqbp" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-wxe6-kebx-6qbc" }, { "vulnerability": "VCID-xhkf-q952-qfc2" }, { "vulnerability": "VCID-y5t7-ne53-ufar" }, { "vulnerability": "VCID-z8ps-5hq7-5uey" }, { "vulnerability": "VCID-zafe-qcj3-pygt" }, { "vulnerability": "VCID-zbr8-wzq5-6bg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1" } ], "aliases": [ "CVE-2015-5470" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tmg6-gqrq-2uc9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97745?format=api", "vulnerability_id": "VCID-wxe6-kebx-6qbc", "summary": "When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15093", "reference_id": "", "reference_type": "", "scores": [ { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00165", "published_at": "2026-06-04T12:55:00Z" }, { "value": "4e-05", "scoring_system": "epss", "scoring_elements": "0.00166", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15093" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093" }, { "reference_url": "https://security.archlinux.org/ASA-201711-31", "reference_id": "ASA-201711-31", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-31" }, { "reference_url": "https://security.archlinux.org/AVG-520", "reference_id": "AVG-520", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-520" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15093" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wxe6-kebx-6qbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97747?format=api", "vulnerability_id": "VCID-xhkf-q952-qfc2", "summary": "An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56356", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00332", "scoring_system": "epss", "scoring_elements": "0.56412", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15120" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15120", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15120" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2017-15120" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xhkf-q952-qfc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97749?format=api", "vulnerability_id": "VCID-y5t7-ne53-ufar", "summary": "An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14644", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05645", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0002", "scoring_system": "epss", "scoring_elements": "0.05666", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14644" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162", "reference_id": "913162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162" }, { "reference_url": "https://security.archlinux.org/ASA-201811-13", "reference_id": "ASA-201811-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-13" }, { "reference_url": "https://security.archlinux.org/AVG-805", "reference_id": "AVG-805", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-805" }, { "reference_url": "https://usn.ubuntu.com/7203-1/", "reference_id": "USN-7203-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7203-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2018-14644" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y5t7-ne53-ufar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97696?format=api", "vulnerability_id": "VCID-yrea-z75q-a3cy", "summary": "The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1868", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66601", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66642", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1868" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5937?format=api", "purl": "pkg:deb/debian/pdns-recursor@3.7.3-1~bpo8%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1aex-5g1j-6ycu" }, { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-57pa-xjqe-rqhp" }, { "vulnerability": "VCID-6g9m-xqf1-nua1" }, { "vulnerability": "VCID-8c6p-nczh-83ce" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-b7yf-chf7-23bn" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-dmr2-qydm-d3dt" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-jvrb-gawg-ufg7" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-q6eg-qzcn-fqbp" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-wxe6-kebx-6qbc" }, { "vulnerability": "VCID-xhkf-q952-qfc2" }, { "vulnerability": "VCID-y5t7-ne53-ufar" }, { "vulnerability": "VCID-z8ps-5hq7-5uey" }, { "vulnerability": "VCID-zafe-qcj3-pygt" }, { "vulnerability": "VCID-zbr8-wzq5-6bg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.7.3-1~bpo8%252B1" } ], "aliases": [ "CVE-2015-1868" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yrea-z75q-a3cy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97752?format=api", "vulnerability_id": "VCID-z8ps-5hq7-5uey", "summary": "An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3807", "reference_id": "", "reference_type": "", "scores": [ { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00991", "published_at": "2026-06-04T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.01002", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3807" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807" }, { "reference_url": "https://security.archlinux.org/ASA-201901-13", "reference_id": "ASA-201901-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-13" }, { "reference_url": "https://security.archlinux.org/AVG-856", "reference_id": "AVG-856", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-856" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2019-3807" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-z8ps-5hq7-5uey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97753?format=api", "vulnerability_id": "VCID-zafe-qcj3-pygt", "summary": "An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\\0' termination.) Under some conditions, this issue can lead to the writing of one '\\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10030", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00029", "scoring_system": "epss", "scoring_elements": "0.08622", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11082", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-10030" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10030", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10030" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5940?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.4.2-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3wzr-2eer-77hf" }, { "vulnerability": "VCID-55ew-qe9a-5uen" }, { "vulnerability": "VCID-5w5a-jcrh-nyb1" }, { "vulnerability": "VCID-6b9g-rn64-8qdm" }, { "vulnerability": "VCID-baea-ybbp-fbc3" }, { "vulnerability": "VCID-bkjx-b5yp-afg9" }, { "vulnerability": "VCID-d5mw-hsbt-u7bj" }, { "vulnerability": "VCID-dmn7-brss-q3ck" }, { "vulnerability": "VCID-e1js-9ute-3kf8" }, { "vulnerability": "VCID-e5n6-qn1d-nkg7" }, { "vulnerability": "VCID-jqh9-kg7m-d3dn" }, { "vulnerability": "VCID-jt65-9bh8-9bgc" }, { "vulnerability": "VCID-me6t-p2ef-43ch" }, { "vulnerability": "VCID-rryv-rqx6-53fn" }, { "vulnerability": "VCID-rs9f-44nz-z3fc" }, { "vulnerability": "VCID-ur4y-xu6a-3qck" }, { "vulnerability": "VCID-uzyx-z58g-jkft" }, { "vulnerability": "VCID-ww6x-997u-6fhs" }, { "vulnerability": "VCID-xas6-wfzz-hbbz" }, { "vulnerability": "VCID-xzkz-rsgv-wuaa" }, { "vulnerability": "VCID-y53p-jj1w-xqet" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3" } ], "aliases": [ "CVE-2020-10030" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zafe-qcj3-pygt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97751?format=api", "vulnerability_id": "VCID-zbr8-wzq5-6bg8", "summary": "An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3806", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18088", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18167", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3806" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806" }, { "reference_url": "https://security.archlinux.org/ASA-201901-13", "reference_id": "ASA-201901-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-13" }, { "reference_url": "https://security.archlinux.org/AVG-856", "reference_id": "AVG-856", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-856" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5939?format=api", "purl": "pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-zafe-qcj3-pygt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1" } ], "aliases": [ "CVE-2019-3806" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zbr8-wzq5-6bg8" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97739?format=api", "vulnerability_id": "VCID-thqn-jsc5-ryc6", "summary": "PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service (\"performance degradations\") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73684", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00759", "scoring_system": "epss", "scoring_elements": "0.73722", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601" }, { "reference_url": "https://security.gentoo.org/glsa/201412-33", "reference_id": "GLSA-201412-33", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201412-33" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5932?format=api", "purl": "pkg:deb/debian/pdns-recursor@3.3-3%2Bdeb7u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1aex-5g1j-6ycu" }, { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-57pa-xjqe-rqhp" }, { "vulnerability": "VCID-6g9m-xqf1-nua1" }, { "vulnerability": "VCID-8c6p-nczh-83ce" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-b7yf-chf7-23bn" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-dmr2-qydm-d3dt" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-j6qh-v6js-qubg" }, { "vulnerability": "VCID-jvrb-gawg-ufg7" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-q6eg-qzcn-fqbp" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-thqn-jsc5-ryc6" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-wxe6-kebx-6qbc" }, { "vulnerability": "VCID-xhkf-q952-qfc2" }, { "vulnerability": "VCID-y5t7-ne53-ufar" }, { "vulnerability": "VCID-yrea-z75q-a3cy" }, { "vulnerability": "VCID-z8ps-5hq7-5uey" }, { "vulnerability": "VCID-zafe-qcj3-pygt" }, { "vulnerability": "VCID-zbr8-wzq5-6bg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.3-3%252Bdeb7u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/5933?format=api", "purl": "pkg:deb/debian/pdns-recursor@3.6.2-2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1aex-5g1j-6ycu" }, { "vulnerability": "VCID-3zj4-68f8-w3he" }, { "vulnerability": "VCID-57pa-xjqe-rqhp" }, { "vulnerability": "VCID-6g9m-xqf1-nua1" }, { "vulnerability": "VCID-8c6p-nczh-83ce" }, { "vulnerability": "VCID-8tet-nec6-zkfw" }, { "vulnerability": "VCID-b7yf-chf7-23bn" }, { "vulnerability": "VCID-bx81-efgj-mkd9" }, { "vulnerability": "VCID-dmr2-qydm-d3dt" }, { "vulnerability": "VCID-dmsw-hy5g-pug3" }, { "vulnerability": "VCID-jvrb-gawg-ufg7" }, { "vulnerability": "VCID-ped2-apf8-8ygw" }, { "vulnerability": "VCID-q6eg-qzcn-fqbp" }, { "vulnerability": "VCID-rpze-v2md-4uca" }, { "vulnerability": "VCID-tmg6-gqrq-2uc9" }, { "vulnerability": "VCID-wxe6-kebx-6qbc" }, { "vulnerability": "VCID-xhkf-q952-qfc2" }, { "vulnerability": "VCID-y5t7-ne53-ufar" }, { "vulnerability": "VCID-yrea-z75q-a3cy" }, { "vulnerability": "VCID-z8ps-5hq7-5uey" }, { "vulnerability": "VCID-zafe-qcj3-pygt" }, { "vulnerability": "VCID-zbr8-wzq5-6bg8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2" } ], "aliases": [ "CVE-2014-8601" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-thqn-jsc5-ryc6" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.3-3%252Bdeb7u1" }