Package Instance

reference_id

AVG-1163

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2016-7073

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.3.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.3.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.3.1-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2020-12244

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-12cd-ky6m-qkdg

url VCID-1jzb-z2bs-vbeb

vulnerability_id VCID-1jzb-z2bs-vbeb

summary security update

references

reference_url

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00414
published_at	2026-04-16T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00418
published_at	2026-04-18T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00433
published_at	2026-04-01T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00435
published_at	2026-04-02T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00434
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00426
published_at	2026-04-07T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00423
published_at	2026-04-08T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00424
published_at	2026-04-11T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00419
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-7073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074

reference_url	https://security.archlinux.org/ASA-201701-29
reference_id	ASA-201701-29
reference_type
scores
url	https://security.archlinux.org/ASA-201701-29

reference_url	https://security.archlinux.org/ASA-201701-30
reference_id	ASA-201701-30
reference_type
scores
url	https://security.archlinux.org/ASA-201701-30

reference_url

reference_id

AVG-147

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-148

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-30195

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.0.4-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.0.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2016-7073

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1jzb-z2bs-vbeb

url VCID-2eyk-9hmz-xybp

vulnerability_id VCID-2eyk-9hmz-xybp

summary

An attacker can publish a zone containing specific Resource Record Sets. Processing and caching results for these sets can lead to an illegal memory accesses and crash of the Recursor, causing a denial of service.

The remedy is: upgrade to the patched 5.2.1 version.

We would like to thank Volodymyr Ilyin for bringing this issue to our attention.

references

reference_url

reference_id

reference_type

scores

value	0.00188
scoring_system	epss
scoring_elements	0.40697
published_at	2026-04-18T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40727
published_at	2026-04-16T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40709
published_at	2026-04-02T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40737
published_at	2026-04-04T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40661
published_at	2026-04-07T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40711
published_at	2026-04-08T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40718
published_at	2026-04-09T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40735
published_at	2026-04-11T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40701
published_at	2026-04-12T12:55:00Z

value	0.00188
scoring_system	epss
scoring_elements	0.40682
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-30195

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-01.html

reference_id

powerdns-advisory-2025-01.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-07T14:07:50Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-01.html

fixed_packages

url	pkg:deb/debian/pdns-recursor@0?distro=trixie
purl	pkg:deb/debian/pdns-recursor@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@0%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.1-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2025-30195

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2eyk-9hmz-xybp

url VCID-2hee-f8gq-rycf

vulnerability_id VCID-2hee-f8gq-rycf

summary An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3807

reference_id

reference_type

scores

value	3e-05
scoring_system	epss
scoring_elements	0.00117
published_at	2026-04-08T12:55:00Z

value	3e-05
scoring_system	epss
scoring_elements	0.00116
published_at	2026-04-18T12:55:00Z

value	3e-05
scoring_system	epss
scoring_elements	0.00118
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3807

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3807
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3807

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807

reference_url	https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html
reference_id
reference_type
scores
url	https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html

reference_url	https://security.archlinux.org/ASA-201901-13
reference_id	ASA-201901-13
reference_type
scores
url	https://security.archlinux.org/ASA-201901-13

reference_url

reference_id

AVG-856

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3807

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor::::::::
reference_id	cpe:2.3:a:powerdns:recursor::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor::::::::

reference_url

reference_id

CVE-2019-3807

reference_type

scores

value	6.4
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:N

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3807

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.1.9-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.1.9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.9-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2019-3807

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2hee-f8gq-rycf

url VCID-2m6r-ztcg-gbgu

vulnerability_id VCID-2m6r-ztcg-gbgu

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-7068

reference_id

reference_type

scores

value	0.00085
scoring_system	epss
scoring_elements	0.24667
published_at	2026-04-18T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24675
published_at	2026-04-16T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24743
published_at	2026-04-01T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.2482
published_at	2026-04-02T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24858
published_at	2026-04-04T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.2463
published_at	2026-04-07T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24699
published_at	2026-04-08T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24747
published_at	2026-04-09T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.2476
published_at	2026-04-11T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24719
published_at	2026-04-12T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24662
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-7068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074

reference_url	https://security.archlinux.org/ASA-201701-29
reference_id	ASA-201701-29
reference_type
scores
url	https://security.archlinux.org/ASA-201701-29

reference_url	https://security.archlinux.org/ASA-201701-30
reference_id	ASA-201701-30
reference_type
scores
url	https://security.archlinux.org/ASA-201701-30

reference_url

reference_id

AVG-147

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-148

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59024

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.0.4-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.0.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2016-7068

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2m6r-ztcg-gbgu

url VCID-2ugc-uygs-hqb8

vulnerability_id VCID-2ugc-uygs-hqb8

summary Crafted delegations or IP fragments can poison cached delegations in Recursor.

references

reference_url

reference_id

reference_type

scores

value	5e-05
scoring_system	epss
scoring_elements	0.00205
published_at	2026-04-16T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00203
published_at	2026-04-13T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00236
published_at	2026-04-18T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00204
published_at	2026-04-11T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00202
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59024

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59024
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59024

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118751
reference_id	1118751
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118751

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-06.html

reference_id

powerdns-advisory-2025-06.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-09T16:11:42Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-06.html

fixed_packages

url	pkg:deb/debian/pdns-recursor@5.2.6-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.6-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.6-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.3.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.3.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.3.1-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2025-59024

risk_score 1.6

exploitability 0.5

weighted_severity 3.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ugc-uygs-hqb8

url VCID-36qt-fxee-ruae

vulnerability_id VCID-36qt-fxee-ruae

summary A remote attacker might be able to cause infinite recursion in PowerDNS Recursor 4.8.0 via a DNS query that retrieves DS records for a misconfigured domain, because QName minimization is used in QM fallback mode. This is fixed in 4.8.1.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-22617

reference_id

reference_type

scores

value	0.01064
scoring_system	epss
scoring_elements	0.77708
published_at	2026-04-18T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.77664
published_at	2026-04-09T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.7769
published_at	2026-04-11T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.77674
published_at	2026-04-12T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.77673
published_at	2026-04-13T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.7771
published_at	2026-04-16T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.77621
published_at	2026-04-02T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.77648
published_at	2026-04-04T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.7763
published_at	2026-04-07T12:55:00Z

value	0.01064
scoring_system	epss
scoring_elements	0.77659
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-22617

reference_url

http://www.openwall.com/lists/oss-security/2023/01/20/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:36:48Z/

url

http://www.openwall.com/lists/oss-security/2023/01/20/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029367
reference_id	1029367
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1029367

reference_url

https://docs.powerdns.com/recursor/changelog/4.8.html#change-4.8.1

reference_id

4.8.html#change-4.8.1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:36:48Z/

url

https://docs.powerdns.com/recursor/changelog/4.8.html#change-4.8.1

reference_url

https://docs.powerdns.com/recursor/security-advisories/

reference_id

security-advisories

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-03T14:36:48Z/

url

https://docs.powerdns.com/recursor/security-advisories/

fixed_packages

url	pkg:deb/debian/pdns-recursor@0?distro=trixie
purl	pkg:deb/debian/pdns-recursor@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@0%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@4.8.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.8.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.1-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2023-22617

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-36qt-fxee-ruae

url VCID-3e3b-z5bh-pban

vulnerability_id VCID-3e3b-z5bh-pban

summary An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10030

reference_id

reference_type

scores

value	0.00029
scoring_system	epss
scoring_elements	0.08041
published_at	2026-04-01T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08131
published_at	2026-04-02T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08174
published_at	2026-04-04T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08121
published_at	2026-04-07T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.0819
published_at	2026-04-08T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08208
published_at	2026-04-09T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08198
published_at	2026-04-11T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08178
published_at	2026-04-12T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08161
published_at	2026-04-13T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08061
published_at	2026-04-16T12:55:00Z

value	0.00029
scoring_system	epss
scoring_elements	0.08046
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10030

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10030
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10030

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.3.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.3.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.3.1-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2020-10030

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3e3b-z5bh-pban

url VCID-4532-4nm8-6qc8

vulnerability_id VCID-4532-4nm8-6qc8

summary

Multiple vulnerabilities have been found in PowerDNS Recursor, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-4009

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.10785
published_at	2026-04-01T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10921
published_at	2026-04-02T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10985
published_at	2026-04-04T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10811
published_at	2026-04-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10887
published_at	2026-04-08T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1094
published_at	2026-04-09T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10941
published_at	2026-04-11T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10908
published_at	2026-04-12T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10885
published_at	2026-04-13T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.1075
published_at	2026-04-16T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10763
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-4009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4009

reference_url	https://security.gentoo.org/glsa/201412-33
reference_id	GLSA-201412-33
reference_type
scores
url	https://security.gentoo.org/glsa/201412-33

fixed_packages

url	pkg:deb/debian/pdns-recursor@3.1.7.2-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@3.1.7.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.1.7.2-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2009-4009

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4532-4nm8-6qc8

url VCID-4c2u-n7p5-nfg4

vulnerability_id VCID-4c2u-n7p5-nfg4

summary PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14626

reference_id

reference_type

scores

value	0.00042
scoring_system	epss
scoring_elements	0.12518
published_at	2026-04-18T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12606
published_at	2026-04-13T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.1251
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12635
published_at	2026-04-01T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12739
published_at	2026-04-02T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12785
published_at	2026-04-04T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12592
published_at	2026-04-07T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12671
published_at	2026-04-08T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12723
published_at	2026-04-09T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12691
published_at	2026-04-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.1265
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14626

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162
reference_id	913162
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163
reference_id	913163
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163

reference_url	https://security.archlinux.org/ASA-201811-12
reference_id	ASA-201811-12
reference_type
scores
url	https://security.archlinux.org/ASA-201811-12

reference_url	https://security.archlinux.org/ASA-201811-13
reference_id	ASA-201811-13
reference_type
scores
url	https://security.archlinux.org/ASA-201811-13

reference_url

reference_id

AVG-804

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-805

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50387.json

reference_url	https://usn.ubuntu.com/7203-1/
reference_id	USN-7203-1
reference_type
scores
url	https://usn.ubuntu.com/7203-1/

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.1.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.1.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2018-14626

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4c2u-n7p5-nfg4

url VCID-66sa-bc5p-jqde

vulnerability_id VCID-66sa-bc5p-jqde

summary Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50387.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50387

reference_id

reference_type

scores

value	0.51989
scoring_system	epss
scoring_elements	0.97914
published_at	2026-04-13T12:55:00Z

value	0.51989
scoring_system	epss
scoring_elements	0.97913
published_at	2026-04-12T12:55:00Z

value	0.51989
scoring_system	epss
scoring_elements	0.97912
published_at	2026-04-11T12:55:00Z

value	0.51989
scoring_system	epss
scoring_elements	0.97898
published_at	2026-04-04T12:55:00Z

value	0.51989
scoring_system	epss
scoring_elements	0.97901
published_at	2026-04-07T12:55:00Z

value	0.51989
scoring_system	epss
scoring_elements	0.97906
published_at	2026-04-08T12:55:00Z

value	0.51989
scoring_system	epss
scoring_elements	0.97909
published_at	2026-04-09T12:55:00Z

value	0.51989
scoring_system	epss
scoring_elements	0.97896
published_at	2026-04-02T12:55:00Z

value	0.51989
scoring_system	epss
scoring_elements	0.97922
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html

reference_id

017430.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845
reference_id	1063845
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063852
reference_id	1063852
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063852

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077750
reference_id	1077750
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077750

reference_url

http://www.openwall.com/lists/oss-security/2024/02/16/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

http://www.openwall.com/lists/oss-security/2024/02/16/2

reference_url

https://www.isc.org/blogs/2024-bind-security-release/

reference_id

2024-bind-security-release

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://www.isc.org/blogs/2024-bind-security-release/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2263914
reference_id	2263914
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2263914

reference_url

http://www.openwall.com/lists/oss-security/2024/02/16/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

http://www.openwall.com/lists/oss-security/2024/02/16/3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/

reference_id

6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/

reference_id

BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/

reference_url

https://kb.isc.org/docs/cve-2023-50387

reference_id

cve-2023-50387

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://kb.isc.org/docs/cve-2023-50387

reference_url

https://access.redhat.com/security/cve/CVE-2023-50387

reference_id

CVE-2023-50387

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://access.redhat.com/security/cve/CVE-2023-50387

reference_url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387

reference_id

CVE-2023-50387

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-50387

reference_url

https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/

reference_id

dnssec_vulnerability_internet

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/

reference_url	https://security.gentoo.org/glsa/202412-10
reference_id	GLSA-202412-10
reference_type
scores
url	https://security.gentoo.org/glsa/202412-10

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/

reference_id

HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/

reference_id

IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/

reference_url

https://news.ycombinator.com/item?id=39367411

reference_id

item?id=39367411

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://news.ycombinator.com/item?id=39367411

reference_url

https://news.ycombinator.com/item?id=39372384

reference_id

item?id=39372384

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://news.ycombinator.com/item?id=39372384

reference_url

https://www.athene-center.de/aktuelles/key-trap

reference_id

key-trap

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://www.athene-center.de/aktuelles/key-trap

reference_url

https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/

reference_id

keytrap-dns-attack-could-disable-large-parts-of-internet-researchers

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://www.securityweek.com/keytrap-dns-attack-could-disable-large-parts-of-internet-researchers/

reference_url

https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html

reference_id

msg00006.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html

reference_id

msg00011.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html

reference_url

https://security.netapp.com/advisory/ntap-20240307-0007/

reference_id

ntap-20240307-0007

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://security.netapp.com/advisory/ntap-20240307-0007/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/

reference_id

PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html

reference_id

powerdns-advisory-2024-01.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/

reference_id

RGS7JN6FZXUSTC2XKQHH27574XOULYYJ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/

reference_url	https://access.redhat.com/errata/RHSA-2024:0965
reference_id	RHSA-2024:0965
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0965

reference_url	https://access.redhat.com/errata/RHSA-2024:0977
reference_id	RHSA-2024:0977
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0977

reference_url	https://access.redhat.com/errata/RHSA-2024:0981
reference_id	RHSA-2024:0981
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0981

reference_url	https://access.redhat.com/errata/RHSA-2024:0982
reference_id	RHSA-2024:0982
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0982

reference_url	https://access.redhat.com/errata/RHSA-2024:11003
reference_id	RHSA-2024:11003
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11003

reference_url	https://access.redhat.com/errata/RHSA-2024:1334
reference_id	RHSA-2024:1334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1334

reference_url	https://access.redhat.com/errata/RHSA-2024:1335
reference_id	RHSA-2024:1335
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1335

reference_url	https://access.redhat.com/errata/RHSA-2024:1522
reference_id	RHSA-2024:1522
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1522

reference_url	https://access.redhat.com/errata/RHSA-2024:1543
reference_id	RHSA-2024:1543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1543

reference_url	https://access.redhat.com/errata/RHSA-2024:1544
reference_id	RHSA-2024:1544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1544

reference_url	https://access.redhat.com/errata/RHSA-2024:1545
reference_id	RHSA-2024:1545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1545

reference_url	https://access.redhat.com/errata/RHSA-2024:1647
reference_id	RHSA-2024:1647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1647

reference_url	https://access.redhat.com/errata/RHSA-2024:1648
reference_id	RHSA-2024:1648
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1648

reference_url	https://access.redhat.com/errata/RHSA-2024:1781
reference_id	RHSA-2024:1781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1781

reference_url	https://access.redhat.com/errata/RHSA-2024:1782
reference_id	RHSA-2024:1782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1782

reference_url	https://access.redhat.com/errata/RHSA-2024:1789
reference_id	RHSA-2024:1789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1789

reference_url	https://access.redhat.com/errata/RHSA-2024:1800
reference_id	RHSA-2024:1800
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1800

reference_url	https://access.redhat.com/errata/RHSA-2024:1801
reference_id	RHSA-2024:1801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1801

reference_url	https://access.redhat.com/errata/RHSA-2024:1803
reference_id	RHSA-2024:1803
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1803

reference_url	https://access.redhat.com/errata/RHSA-2024:1804
reference_id	RHSA-2024:1804
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1804

reference_url	https://access.redhat.com/errata/RHSA-2024:2551
reference_id	RHSA-2024:2551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2551

reference_url	https://access.redhat.com/errata/RHSA-2024:2587
reference_id	RHSA-2024:2587
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2587

reference_url	https://access.redhat.com/errata/RHSA-2024:2696
reference_id	RHSA-2024:2696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2696

reference_url	https://access.redhat.com/errata/RHSA-2024:2720
reference_id	RHSA-2024:2720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2720

reference_url	https://access.redhat.com/errata/RHSA-2024:2721
reference_id	RHSA-2024:2721
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2721

reference_url	https://access.redhat.com/errata/RHSA-2024:2821
reference_id	RHSA-2024:2821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2821

reference_url	https://access.redhat.com/errata/RHSA-2024:2890
reference_id	RHSA-2024:2890
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2890

reference_url	https://access.redhat.com/errata/RHSA-2024:3271
reference_id	RHSA-2024:3271
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3271

reference_url	https://access.redhat.com/errata/RHSA-2024:3741
reference_id	RHSA-2024:3741
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3741

reference_url	https://access.redhat.com/errata/RHSA-2024:3877
reference_id	RHSA-2024:3877
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3877

reference_url	https://access.redhat.com/errata/RHSA-2024:3929
reference_id	RHSA-2024:3929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3929

reference_url	https://access.redhat.com/errata/RHSA-2025:0039
reference_id	RHSA-2025:0039
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0039

reference_url

https://bugzilla.suse.com/show_bug.cgi?id=1219823

reference_id

show_bug.cgi?id=1219823

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://bugzilla.suse.com/show_bug.cgi?id=1219823

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/

reference_id

SVYA42BLXUCIDLD35YIJPJSHDIADNYMP

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/

reference_url

https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf

reference_id

Technical_Report_KeyTrap.pdf

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://www.athene-center.de/fileadmin/content/PDF/Technical_Report_KeyTrap.pdf

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/

reference_id

TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/

reference_url

https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

reference_id

unbound-1.19.1-released

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/

reference_id

UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/

reference_url	https://usn.ubuntu.com/6633-1/
reference_id	USN-6633-1
reference_type
scores
url	https://usn.ubuntu.com/6633-1/

reference_url	https://usn.ubuntu.com/6642-1/
reference_id	USN-6642-1
reference_type
scores
url	https://usn.ubuntu.com/6642-1/

reference_url	https://usn.ubuntu.com/6657-1/
reference_id	USN-6657-1
reference_type
scores
url	https://usn.ubuntu.com/6657-1/

reference_url	https://usn.ubuntu.com/6657-2/
reference_id	USN-6657-2
reference_type
scores
url	https://usn.ubuntu.com/6657-2/

reference_url	https://usn.ubuntu.com/6665-1/
reference_id	USN-6665-1
reference_type
scores
url	https://usn.ubuntu.com/6665-1/

reference_url	https://usn.ubuntu.com/6723-1/
reference_id	USN-6723-1
reference_type
scores
url	https://usn.ubuntu.com/6723-1/

reference_url

https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1

reference_id

v5.7.1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/

reference_id

ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-08T17:27:29Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.8.6-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.8.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.6-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@4.9.3-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.9.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.9.3-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2023-50387

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66sa-bc5p-jqde

url VCID-67tu-cpzn-t7ep

vulnerability_id VCID-67tu-cpzn-t7ep

summary

Use of insufficient randomness in PowerDNS Recursor might lead to DNS cache
    poisoning.

references

reference_url	http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6
reference_id
reference_type
scores
url	http://doc.powerdns.com/changelog.html#CHANGELOG-RECURSOR-3-1-6

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3217.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3217.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-3217

reference_id

reference_type

scores

value	4e-05
scoring_system	epss
scoring_elements	0.00186
published_at	2026-04-13T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00188
published_at	2026-04-18T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00185
published_at	2026-04-02T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00184
published_at	2026-04-09T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00183
published_at	2026-04-08T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00187
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-3217

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3217
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3217

reference_url	http://secunia.com/advisories/31311
reference_id
reference_type
scores
url	http://secunia.com/advisories/31311

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/43925
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/43925

reference_url	https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01353.html
reference_id
reference_type
scores
url	https://www.redhat.com/archives/fedora-package-announce/2008-July/msg01353.html

reference_url	http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/1179
reference_id
reference_type
scores
url	http://wiki.powerdns.com/cgi-bin/trac.fcgi/changeset/1179

reference_url	http://www.openwall.com/lists/oss-security/2008/07/09/10
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2008/07/09/10

reference_url	http://www.openwall.com/lists/oss-security/2008/07/10/6
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2008/07/10/6

reference_url	http://www.openwall.com/lists/oss-security/2008/07/16/12
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2008/07/16/12

reference_url	http://www.securityfocus.com/bid/30782
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/30782

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=456054
reference_id	456054
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=456054

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493576
reference_id	493576
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493576

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor::::::::
reference_id	cpe:2.3:a:powerdns:recursor::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.0:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.0.1:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1.1:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1.2:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1.3:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.1.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1.4:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.1.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1.4:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2008-3217

reference_id

CVE-2008-3217

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2008-3217

reference_url	https://security.gentoo.org/glsa/200804-22
reference_id	GLSA-200804-22
reference_type
scores
url	https://security.gentoo.org/glsa/200804-22

fixed_packages

url	pkg:deb/debian/pdns-recursor@3.1.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@3.1.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.1.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2008-3217

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-67tu-cpzn-t7ep

url VCID-7dc3-qdk8-k7b2

vulnerability_id VCID-7dc3-qdk8-k7b2

summary In PowerDNS Authoritative Server before 4.4.3, 4.5.x before 4.5.4, and 4.6.x before 4.6.1 and PowerDNS Recursor before 4.4.8, 4.5.x before 4.5.8, and 4.6.x before 4.6.1, insufficient validation of an IXFR end condition causes incomplete zone transfers to be handled as successful transfers.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-27227

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07393
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0751
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07496
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07484
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07406
published_at	2026-04-16T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07449
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0743
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07487
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-27227

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27227
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27227

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://security.archlinux.org/AVG-2655

reference_id

AVG-2655

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2655

reference_url

https://security.archlinux.org/AVG-2656

reference_id

AVG-2656

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2656

reference_url	https://usn.ubuntu.com/7203-1/
reference_id	USN-7203-1
reference_type
scores
url	https://usn.ubuntu.com/7203-1/

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.6.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.6.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.6.1-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2022-27227

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7dc3-qdk8-k7b2

url VCID-829g-d7jw-sych

vulnerability_id VCID-829g-d7jw-sych

summary A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-25583

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.00823
published_at	2026-04-18T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00838
published_at	2026-04-08T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00835
published_at	2026-04-09T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00824
published_at	2026-04-11T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00818
published_at	2026-04-12T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00819
published_at	2026-04-16T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00833
published_at	2026-04-04T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00834
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-25583

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

http://www.openwall.com/lists/oss-security/2024/04/24/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T19:14:51Z/

url

http://www.openwall.com/lists/oss-security/2024/04/24/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069762
reference_id	1069762
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069762

reference_url

https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html

reference_id

powerdns-advisory-2024-02.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-29T19:14:51Z/

url

https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-02.html

fixed_packages

url	pkg:deb/debian/pdns-recursor@0?distro=trixie
purl	pkg:deb/debian/pdns-recursor@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@0%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@4.8.8-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.8.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@4.9.5-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.9.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.9.5-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2024-25583

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-829g-d7jw-sych

url VCID-8hf9-emba-wbdq

vulnerability_id VCID-8hf9-emba-wbdq

summary

Multiple vulnerabilities have been found in PowerDNS Recursor, the
    worst of which may allow execution of arbitrary code.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2009-4010

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00333
published_at	2026-04-01T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00338
published_at	2026-04-02T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00336
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00327
published_at	2026-04-07T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00325
published_at	2026-04-09T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00324
published_at	2026-04-11T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00323
published_at	2026-04-12T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00322
published_at	2026-04-18T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00316
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2009-4010

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4010
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4010

reference_url	https://security.gentoo.org/glsa/201412-33
reference_id	GLSA-201412-33
reference_type
scores
url	https://security.gentoo.org/glsa/201412-33

fixed_packages

url	pkg:deb/debian/pdns-recursor@3.1.7.2-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@3.1.7.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.1.7.2-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2009-4010

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8hf9-emba-wbdq

url VCID-8tar-s444-zfac

vulnerability_id VCID-8tar-s444-zfac

summary PowerDNS Recursor up to and including 4.5.9, 4.6.2 and 4.7.1, when protobuf logging is enabled, has Improper Cleanup upon a Thrown Exception, leading to a denial of service (daemon crash) via a DNS query that leads to an answer with specific properties.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-37428

reference_id

reference_type

scores

value	0.00053
scoring_system	epss
scoring_elements	0.16676
published_at	2026-04-18T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16879
published_at	2026-04-02T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16935
published_at	2026-04-04T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16718
published_at	2026-04-07T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16803
published_at	2026-04-08T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16858
published_at	2026-04-09T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16836
published_at	2026-04-11T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16791
published_at	2026-04-12T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16732
published_at	2026-04-13T12:55:00Z

value	0.00053
scoring_system	epss
scoring_elements	0.16668
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-37428

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37428
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37428

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.7.2-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.7.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.7.2-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2022-37428

risk_score 1.6

exploitability 0.5

weighted_severity 3.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tar-s444-zfac

url VCID-9p7x-52ad-vbh6

vulnerability_id VCID-9p7x-52ad-vbh6

summary An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-14644

reference_id

reference_type

scores

value	0.0002
scoring_system	epss
scoring_elements	0.0524
published_at	2026-04-18T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05238
published_at	2026-04-16T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05189
published_at	2026-04-01T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05233
published_at	2026-04-02T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05265
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.0529
published_at	2026-04-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05325
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05347
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05314
published_at	2026-04-11T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05303
published_at	2026-04-12T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05292
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-14644

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162
reference_id	913162
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162

reference_url	https://security.archlinux.org/ASA-201811-13
reference_id	ASA-201811-13
reference_type
scores
url	https://security.archlinux.org/ASA-201811-13

reference_url

reference_id

AVG-805

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15094

reference_url	https://usn.ubuntu.com/7203-1/
reference_id	USN-7203-1
reference_type
scores
url	https://usn.ubuntu.com/7203-1/

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.1.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.1.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2018-14644

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9p7x-52ad-vbh6

url VCID-a7xd-fyh3-xuaq

vulnerability_id VCID-a7xd-fyh3-xuaq

summary An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).

references

reference_url

reference_id

reference_type

scores

value	5e-05
scoring_system	epss
scoring_elements	0.00209
published_at	2026-04-01T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.0021
published_at	2026-04-02T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00211
published_at	2026-04-04T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00207
published_at	2026-04-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00587
published_at	2026-04-16T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00592
published_at	2026-04-18T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00595
published_at	2026-04-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00591
published_at	2026-04-12T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00593
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15094

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094

reference_url	https://security.archlinux.org/ASA-201711-31
reference_id	ASA-201711-31
reference_type
scores
url	https://security.archlinux.org/ASA-201711-31

reference_url

reference_id

AVG-520

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5311

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2017-15094

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7xd-fyh3-xuaq

url VCID-bb3a-3ehq-8bhd

vulnerability_id VCID-bb3a-3ehq-8bhd

summary PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets.

references

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171865.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171865.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171976.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171976.html

reference_url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172193.html
reference_id
reference_type
scores
url	http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172193.html

reference_url

reference_id

reference_type

scores

value	0.00478
scoring_system	epss
scoring_elements	0.6504
published_at	2026-04-18T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.6491
published_at	2026-04-01T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.6496
published_at	2026-04-02T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.64987
published_at	2026-04-04T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.6495
published_at	2026-04-07T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.64999
published_at	2026-04-08T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.65013
published_at	2026-04-09T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.65031
published_at	2026-04-11T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.65021
published_at	2026-04-12T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.64993
published_at	2026-04-13T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.6503
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5311

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5311
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5311

reference_url	https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/
reference_id
reference_type
scores
url	https://doc.powerdns.com/md/security/powerdns-advisory-2015-03/

reference_url	http://www.openwall.com/lists/oss-security/2015/11/09/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/11/09/3

reference_url	http://www.securitytracker.com/id/1034098
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1034098

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.4:::::::*
reference_id	cpe:2.3:a:powerdns:authoritative:3.4.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.5:::::::*
reference_id	cpe:2.3:a:powerdns:authoritative:3.4.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.6:::::::*
reference_id	cpe:2.3:a:powerdns:authoritative:3.4.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.6:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5311

reference_id

CVE-2015-5311

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5311

fixed_packages

url	pkg:deb/debian/pdns-recursor@0?distro=trixie
purl	pkg:deb/debian/pdns-recursor@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@0%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2015-5311

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bb3a-3ehq-8bhd

url VCID-cdzz-8tc8-jucu

vulnerability_id VCID-cdzz-8tc8-jucu

summary Crafted delegations or IP fragments can poison cached delegations in Recursor.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59023

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00365
published_at	2026-04-02T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00347
published_at	2026-04-12T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00345
published_at	2026-04-13T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.0034
published_at	2026-04-16T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00368
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00356
published_at	2026-04-07T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00353
published_at	2026-04-09T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.0035
published_at	2026-04-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00428
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59023

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118751
reference_id	1118751
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118751

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-06.html

reference_id

powerdns-advisory-2025-06.html

reference_type

scores

value	8.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T16:17:14Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-06.html

fixed_packages

url	pkg:deb/debian/pdns-recursor@5.2.6-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.6-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.6-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.3.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.3.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.3.1-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2025-59023

risk_score 2.0

exploitability 0.5

weighted_severity 4.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cdzz-8tc8-jucu

url VCID-ch2d-p2ru-23ex

vulnerability_id VCID-ch2d-p2ru-23ex

summary PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-10851

reference_id

reference_type

scores

value	0.00108
scoring_system	epss
scoring_elements	0.29091
published_at	2026-04-18T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29088
published_at	2026-04-13T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29114
published_at	2026-04-16T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29135
published_at	2026-04-01T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.2921
published_at	2026-04-02T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29262
published_at	2026-04-04T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29075
published_at	2026-04-07T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29138
published_at	2026-04-08T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.2918
published_at	2026-04-09T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.29186
published_at	2026-04-11T12:55:00Z

value	0.00108
scoring_system	epss
scoring_elements	0.2914
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-10851

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162
reference_id	913162
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163
reference_id	913163
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163

reference_url	https://security.archlinux.org/ASA-201811-12
reference_id	ASA-201811-12
reference_type
scores
url	https://security.archlinux.org/ASA-201811-12

reference_url	https://security.archlinux.org/ASA-201811-13
reference_id	ASA-201811-13
reference_type
scores
url	https://security.archlinux.org/ASA-201811-13

reference_url

reference_id

AVG-804

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-805

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1868

reference_url	https://usn.ubuntu.com/7203-1/
reference_id	USN-7203-1
reference_type
scores
url	https://usn.ubuntu.com/7203-1/

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.1.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.1.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2018-10851

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ch2d-p2ru-23ex

url VCID-d13q-prqh-buge

vulnerability_id VCID-d13q-prqh-buge

summary The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.

references

reference_url

reference_id

reference_type

scores

value	0.00506
scoring_system	epss
scoring_elements	0.66161
published_at	2026-04-01T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66202
published_at	2026-04-02T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66229
published_at	2026-04-04T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66198
published_at	2026-04-07T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66246
published_at	2026-04-08T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66259
published_at	2026-04-09T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66279
published_at	2026-04-11T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66266
published_at	2026-04-12T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66235
published_at	2026-04-13T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.6627
published_at	2026-04-16T12:55:00Z

value	0.00506
scoring_system	epss
scoring_elements	0.66285
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-1868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868

fixed_packages

url	pkg:deb/debian/pdns-recursor@3.7.2-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@3.7.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.7.2-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2015-1868

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d13q-prqh-buge

url VCID-d4km-jg6b-2kh3

vulnerability_id VCID-d4km-jg6b-2kh3

summary An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-16855

reference_id

reference_type

scores

value	0.19834
scoring_system	epss
scoring_elements	0.9546
published_at	2026-04-18T12:55:00Z

value	0.19834
scoring_system	epss
scoring_elements	0.95413
published_at	2026-04-01T12:55:00Z

value	0.19834
scoring_system	epss
scoring_elements	0.95422
published_at	2026-04-02T12:55:00Z

value	0.19834
scoring_system	epss
scoring_elements	0.95428
published_at	2026-04-04T12:55:00Z

value	0.19834
scoring_system	epss
scoring_elements	0.95432
published_at	2026-04-07T12:55:00Z

value	0.19834
scoring_system	epss
scoring_elements	0.95438
published_at	2026-04-08T12:55:00Z

value	0.19834
scoring_system	epss
scoring_elements	0.95441
published_at	2026-04-09T12:55:00Z

value	0.19834
scoring_system	epss
scoring_elements	0.95445
published_at	2026-04-12T12:55:00Z

value	0.19834
scoring_system	epss
scoring_elements	0.95447
published_at	2026-04-13T12:55:00Z

value	0.19834
scoring_system	epss
scoring_elements	0.95456
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-16855

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855

reference_url	https://security.archlinux.org/ASA-201811-21
reference_id	ASA-201811-21
reference_type
scores
url	https://security.archlinux.org/ASA-201811-21

reference_url

https://security.archlinux.org/AVG-821

reference_id

AVG-821

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-821

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.1.8-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.1.8-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.8-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2018-16855

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d4km-jg6b-2kh3

url VCID-e3e7-jd2u-fbgk

vulnerability_id VCID-e3e7-jd2u-fbgk

summary The recursor in PowerDNS before 3.0.1 allows remote attackers to cause a denial of service (application crash) via malformed EDNS0 packets.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-2069

reference_id

reference_type

scores

value	0.00014
scoring_system	epss
scoring_elements	0.02313
published_at	2026-04-01T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02381
published_at	2026-04-02T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02392
published_at	2026-04-04T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02389
published_at	2026-04-07T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02394
published_at	2026-04-08T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02415
published_at	2026-04-09T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02391
published_at	2026-04-11T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02379
published_at	2026-04-12T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02378
published_at	2026-04-13T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02362
published_at	2026-04-16T12:55:00Z

value	0.00014
scoring_system	epss
scoring_elements	0.02367
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-2069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2069
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2069

fixed_packages

url	pkg:deb/debian/pdns-recursor@3.0.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@3.0.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.0.1-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2006-2069

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e3e7-jd2u-fbgk

url VCID-f1cn-ufjb-ffcd

vulnerability_id VCID-f1cn-ufjb-ffcd

summary PowerDNS: PowerDNS: Assertion failure due to crafted DNS records

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59029.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59029.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-59029

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01002
published_at	2026-04-02T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01011
published_at	2026-04-07T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01003
published_at	2026-04-04T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01015
published_at	2026-04-08T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01013
published_at	2026-04-09T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00835
published_at	2026-04-11T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.0083
published_at	2026-04-13T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00834
published_at	2026-04-18T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00829
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59029

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122196
reference_id	1122196
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122196

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2420464
reference_id	2420464
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2420464

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-07.html

reference_id

powerdns-advisory-2025-07.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T14:29:51Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-07.html

fixed_packages

url	pkg:deb/debian/pdns-recursor@0?distro=trixie
purl	pkg:deb/debian/pdns-recursor@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@0%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.3.3-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.3.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.3.3-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2025-59029

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f1cn-ufjb-ffcd

url VCID-h73s-nkfg-sqgc

vulnerability_id VCID-h73s-nkfg-sqgc

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15120

reference_id

reference_type

scores

value	0.00332
scoring_system	epss
scoring_elements	0.55985
published_at	2026-04-01T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56096
published_at	2026-04-07T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56116
published_at	2026-04-04T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56147
published_at	2026-04-08T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56152
published_at	2026-04-09T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56164
published_at	2026-04-11T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.5614
published_at	2026-04-12T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56124
published_at	2026-04-13T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56158
published_at	2026-04-16T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56161
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15120

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15120
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15120

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.1.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.1.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.0-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2017-15120

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h73s-nkfg-sqgc

url VCID-htr2-rwgm-47ed

vulnerability_id VCID-htr2-rwgm-47ed

summary

A vulnerability in PowerDNS Recursor could lead to a Denial of
    Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-25829

reference_id

reference_type

scores

value	0.00348
scoring_system	epss
scoring_elements	0.57419
published_at	2026-04-18T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57287
published_at	2026-04-01T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57369
published_at	2026-04-02T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57391
published_at	2026-04-04T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57366
published_at	2026-04-07T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57418
published_at	2026-04-08T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57421
published_at	2026-04-09T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57436
published_at	2026-04-11T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57415
published_at	2026-04-12T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57396
published_at	2026-04-13T12:55:00Z

value	0.00348
scoring_system	epss
scoring_elements	0.57423
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-25829

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25829
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25829

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159
reference_id	972159
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159

reference_url	https://security.archlinux.org/ASA-202010-6
reference_id	ASA-202010-6
reference_type
scores
url	https://security.archlinux.org/ASA-202010-6

reference_url

https://security.archlinux.org/AVG-1243

reference_id

AVG-1243

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1243

reference_url	https://security.gentoo.org/glsa/202012-19
reference_id	GLSA-202012-19
reference_type
scores
url	https://security.gentoo.org/glsa/202012-19

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.3.5-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.3.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.3.5-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2020-25829

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-htr2-rwgm-47ed

url VCID-jfe5-j391-dubt

vulnerability_id VCID-jfe5-j391-dubt

summary

Use of insufficient randomness in PowerDNS Recursor might lead to DNS cache
    poisoning.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1637.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1637.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2008-1637

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07459
published_at	2026-04-01T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07574
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07616
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07589
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07648
published_at	2026-04-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07666
published_at	2026-04-09T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07668
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07654
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07639
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07565
published_at	2026-04-16T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07553
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2008-1637

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1637
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1637

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=440247
reference_id	440247
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=440247

reference_url	https://security.gentoo.org/glsa/200804-22
reference_id	GLSA-200804-22
reference_type
scores
url	https://security.gentoo.org/glsa/200804-22

fixed_packages

url	pkg:deb/debian/pdns-recursor@3.1.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@3.1.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.1.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2008-1637

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jfe5-j391-dubt

url VCID-kzps-gj5k-8yh3

vulnerability_id VCID-kzps-gj5k-8yh3

summary PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop.

references

reference_url	http://doc.powerdns.com/powerdns-advisory-2006-02.html
reference_id
reference_type
scores
url	http://doc.powerdns.com/powerdns-advisory-2006-02.html

reference_url	http://lists.suse.com/archive/suse-security-announce/2006-Nov/0007.html
reference_id
reference_type
scores
url	http://lists.suse.com/archive/suse-security-announce/2006-Nov/0007.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-4252

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01754
published_at	2026-04-13T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01702
published_at	2026-04-01T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01745
published_at	2026-04-18T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01759
published_at	2026-04-07T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01762
published_at	2026-04-08T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01771
published_at	2026-04-09T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01766
published_at	2026-04-11T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01756
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-4252

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4252
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4252

reference_url	http://secunia.com/advisories/22824
reference_id
reference_type
scores
url	http://secunia.com/advisories/22824

reference_url	http://secunia.com/advisories/22976
reference_id
reference_type
scores
url	http://secunia.com/advisories/22976

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/30257
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/30257

reference_url	http://www.securityfocus.com/bid/21037
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/21037

reference_url	http://www.vupen.com/english/advisories/2006/4484
reference_id
reference_type
scores
url	http://www.vupen.com/english/advisories/2006/4484

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398559
reference_id	398559
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=398559

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor::::::::
reference_id	cpe:2.3:a:powerdns:recursor::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:2.0_rc1:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:2.0_rc1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:2.0_rc1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:2.8:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:2.8:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:2.8:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:2.9.15:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:2.9.15:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:2.9.15:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:2.9.16:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:2.9.16:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:2.9.16:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:2.9.17:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:2.9.17:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:2.9.17:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:2.9.18:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:2.9.18:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:2.9.18:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.0:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.0.1:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.0.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.0.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1.1:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.1.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1.2:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.1.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.1.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2006-4252

reference_id

CVE-2006-4252

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2006-4252

fixed_packages

url	pkg:deb/debian/pdns-recursor@3.1.4-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@3.1.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.1.4-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2006-4252

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kzps-gj5k-8yh3

url VCID-m445-c6a1-uugf

vulnerability_id VCID-m445-c6a1-uugf

summary Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0398

reference_id

reference_type

scores

value	5e-05
scoring_system	epss
scoring_elements	0.00244
published_at	2026-04-18T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00207
published_at	2026-04-11T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00208
published_at	2026-04-02T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00209
published_at	2026-04-16T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00206
published_at	2026-04-13T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00205
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0398

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127490
reference_id	1127490
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127490

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html

reference_id

powerdns-advisory-2026-01.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T15:36:48Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html

fixed_packages

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.3.5-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.3.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.3.5-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2026-0398

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m445-c6a1-uugf

url VCID-mbq1-b3dr-1uc4

vulnerability_id VCID-mbq1-b3dr-1uc4

summary A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15092

reference_id

reference_type

scores

value	3e-05
scoring_system	epss
scoring_elements	0.00062
published_at	2026-04-18T12:55:00Z

value	3e-05
scoring_system	epss
scoring_elements	0.00061
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092

reference_url	https://security.archlinux.org/ASA-201711-31
reference_id	ASA-201711-31
reference_type
scores
url	https://security.archlinux.org/ASA-201711-31

reference_url

reference_id

AVG-520

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26437

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2017-15092

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbq1-b3dr-1uc4

url VCID-mkcs-362g-t7aq

vulnerability_id VCID-mkcs-362g-t7aq

summary Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3.

references

reference_url

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.0082
published_at	2026-04-16T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00835
published_at	2026-04-07T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00839
published_at	2026-04-08T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00836
published_at	2026-04-09T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00824
published_at	2026-04-18T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00819
published_at	2026-04-12T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00834
published_at	2026-04-02T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00833
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-26437

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26437
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-26437

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033941
reference_id	1033941
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033941

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR/

reference_id

CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-13T16:31:03Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CN7VMRYKZHG2UDUAK326LXD3JY7NO3LR/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6/

reference_id

IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-13T16:31:03Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHPD6SIQOG7245GXFQHPUEI4AZ6Y3KD6/

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html

reference_id

powerdns-advisory-2023-02.html

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-13T16:31:03Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2023-02.html

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.8.4-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.8.4-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.4-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2023-26437

risk_score 1.6

exploitability 0.5

weighted_severity 3.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkcs-362g-t7aq

url VCID-n2k6-nfxs-7ydj

vulnerability_id VCID-n2k6-nfxs-7ydj

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-10995

reference_id

reference_type

scores

value	0.00091
scoring_system	epss
scoring_elements	0.25576
published_at	2026-04-18T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25677
published_at	2026-04-09T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25747
published_at	2026-04-02T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25789
published_at	2026-04-04T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25558
published_at	2026-04-07T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25631
published_at	2026-04-08T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25687
published_at	2026-04-11T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25646
published_at	2026-04-12T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.2559
published_at	2026-04-13T12:55:00Z

value	0.00091
scoring_system	epss
scoring_elements	0.25592
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-10995

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244

reference_url	https://security.archlinux.org/ASA-202005-10
reference_id	ASA-202005-10
reference_type
scores
url	https://security.archlinux.org/ASA-202005-10

reference_url

reference_id

AVG-1163

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2014-8601

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.3.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.3.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.3.1-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2020-10995

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2k6-nfxs-7ydj

url VCID-nfhz-964w-x3e7

vulnerability_id VCID-nfhz-964w-x3e7

summary

Multiple vulnerabilities have been found in PowerDNS Recursor, the
    worst of which may allow execution of arbitrary code.

references

reference_url	http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html
reference_id
reference_type
scores
url	http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html

reference_url	http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/
reference_id
reference_type
scores
url	http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/

reference_url

reference_id

reference_type

scores

value	0.00759
scoring_system	epss
scoring_elements	0.73368
published_at	2026-04-18T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73265
published_at	2026-04-01T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73274
published_at	2026-04-02T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73298
published_at	2026-04-04T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.7327
published_at	2026-04-07T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73306
published_at	2026-04-08T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73319
published_at	2026-04-09T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73343
published_at	2026-04-11T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73324
published_at	2026-04-12T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.73316
published_at	2026-04-13T12:55:00Z

value	0.00759
scoring_system	epss
scoring_elements	0.7336
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-8601

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601

reference_url	http://www.debian.org/security/2014/dsa-3096
reference_id
reference_type
scores
url	http://www.debian.org/security/2014/dsa-3096

reference_url	http://www.kb.cert.org/vuls/id/264212
reference_id
reference_type
scores
url	http://www.kb.cert.org/vuls/id/264212

reference_url	http://www.securityfocus.com/bid/71545
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/71545

reference_url	http://www.securitytracker.com/id/1031310
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1031310

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor::::::::
reference_id	cpe:2.3:a:powerdns:recursor::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:7.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-8601

reference_id

CVE-2014-8601

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-8601

reference_url	https://security.gentoo.org/glsa/201412-33
reference_id	GLSA-201412-33
reference_type
scores
url	https://security.gentoo.org/glsa/201412-33

fixed_packages

url	pkg:deb/debian/pdns-recursor@3.6.2-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@3.6.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2014-8601

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nfhz-964w-x3e7

url VCID-nwfa-n5f2-abe7

vulnerability_id VCID-nwfa-n5f2-abe7

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2015-5470

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00421
published_at	2026-04-16T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00435
published_at	2026-04-01T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00439
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00431
published_at	2026-04-07T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00428
published_at	2026-04-08T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.0043
published_at	2026-04-11T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00425
published_at	2026-04-18T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00424
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2015-5470

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470

reference_url	https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
reference_id
reference_type
scores
url	https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/

reference_url	http://www.openwall.com/lists/oss-security/2015/07/07/6
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/07/07/6

reference_url	http://www.openwall.com/lists/oss-security/2015/07/10/8
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2015/07/10/8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative::::::::
reference_id	cpe:2.3:a:powerdns:authoritative::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.0:::::::*
reference_id	cpe:2.3:a:powerdns:authoritative:3.4.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.1:::::::*
reference_id	cpe:2.3:a:powerdns:authoritative:3.4.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.2:::::::*
reference_id	cpe:2.3:a:powerdns:authoritative:3.4.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.2:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.3:::::::*
reference_id	cpe:2.3:a:powerdns:authoritative:3.4.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.3:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.4:::::::*
reference_id	cpe:2.3:a:powerdns:authoritative:3.4.4:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.4:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor::::::::
reference_id	cpe:2.3:a:powerdns:recursor::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.1:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.7.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.2:::::::*
reference_id	cpe:2.3:a:powerdns:recursor:3.7.2:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.2:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2015-5470

reference_id

CVE-2015-5470

reference_type

scores

value	7.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:C

url

https://nvd.nist.gov/vuln/detail/CVE-2015-5470

fixed_packages

url	pkg:deb/debian/pdns-recursor@3.7.3-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@3.7.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.7.3-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2015-5470

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nwfa-n5f2-abe7

url VCID-pjbp-1jgm-s3cg

vulnerability_id VCID-pjbp-1jgm-s3cg

summary Crafted zones can lead to increased incoming network traffic.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-24027

reference_id

reference_type

scores

value	6e-05
scoring_system	epss
scoring_elements	0.00402
published_at	2026-04-18T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00318
published_at	2026-04-16T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00339
published_at	2026-04-02T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00337
published_at	2026-04-04T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00329
published_at	2026-04-07T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00326
published_at	2026-04-08T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00327
published_at	2026-04-09T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00325
published_at	2026-04-11T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00324
published_at	2026-04-12T12:55:00Z

value	6e-05
scoring_system	epss
scoring_elements	0.00323
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-24027

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24027
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24027

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127490
reference_id	1127490
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127490

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html

reference_id

powerdns-advisory-2026-01.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-09T16:19:10Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2026-01.html

fixed_packages

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.3.5-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.3.5-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.3.5-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2026-24027

risk_score 1.3

exploitability 0.5

weighted_severity 2.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pjbp-1jgm-s3cg

url VCID-rcd7-knv1-xbgd

vulnerability_id VCID-rcd7-knv1-xbgd

summary Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets.

references

reference_url	http://blog.powerdns.com/2014/09/10/security-update-powerdns-recursor-3-6-1
reference_id
reference_type
scores
url	http://blog.powerdns.com/2014/09/10/security-update-powerdns-recursor-3-6-1

reference_url	http://doc.powerdns.com/html/changelog.html
reference_id
reference_type
scores
url	http://doc.powerdns.com/html/changelog.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3614

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.0084
published_at	2026-04-13T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00844
published_at	2026-04-01T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.0085
published_at	2026-04-04T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00852
published_at	2026-04-07T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00856
published_at	2026-04-08T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00854
published_at	2026-04-09T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00845
published_at	2026-04-18T12:55:00Z

value	9e-05
scoring_system	epss
scoring_elements	0.00839
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3614

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3614
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3614

reference_url	http://seclists.org/oss-sec/2014/q3/589
reference_id
reference_type
scores
url	http://seclists.org/oss-sec/2014/q3/589

reference_url	http://secunia.com/advisories/61027
reference_id
reference_type
scores
url	http://secunia.com/advisories/61027

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/95947
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/95947

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:powerdns_recursor:3.6.0:::::::*
reference_id	cpe:2.3:a:powerdns:powerdns_recursor:3.6.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:powerdns_recursor:3.6.0:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3614

reference_id

CVE-2014-3614

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3614

fixed_packages

url	pkg:deb/debian/pdns-recursor@3.6.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@3.6.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.1-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2014-3614

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcd7-knv1-xbgd

url VCID-s6ds-tuus-n7hr

vulnerability_id VCID-s6ds-tuus-n7hr

summary In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14196

reference_id

reference_type

scores

value	0.00025
scoring_system	epss
scoring_elements	0.06655
published_at	2026-04-18T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06664
published_at	2026-04-16T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06566
published_at	2026-04-01T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06634
published_at	2026-04-02T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06679
published_at	2026-04-04T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06665
published_at	2026-04-07T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06714
published_at	2026-04-08T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06748
published_at	2026-04-09T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06747
published_at	2026-04-11T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.0674
published_at	2026-04-12T12:55:00Z

value	0.00025
scoring_system	epss
scoring_elements	0.06733
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14196

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103
reference_id	964103
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103

reference_url

https://security.archlinux.org/AVG-1199

reference_id

AVG-1199

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1199

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.3.2-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.3.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.3.2-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2020-14196

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s6ds-tuus-n7hr

url VCID-tcp4-6r2n-6uer

vulnerability_id VCID-tcp4-6r2n-6uer

summary When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15093

reference_id

reference_type

scores

value	5e-05
scoring_system	epss
scoring_elements	0.00272
published_at	2026-04-16T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00288
published_at	2026-04-01T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00293
published_at	2026-04-02T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.0029
published_at	2026-04-04T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00282
published_at	2026-04-07T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.0028
published_at	2026-04-08T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00279
published_at	2026-04-11T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00276
published_at	2026-04-12T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00275
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15093

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093

reference_url	https://security.archlinux.org/ASA-201711-31
reference_id	ASA-201711-31
reference_type
scores
url	https://security.archlinux.org/ASA-201711-31

reference_url

reference_id

AVG-520

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59030

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2017-15093

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcp4-6r2n-6uer

url VCID-umcq-ztbz-qfb2

vulnerability_id VCID-umcq-ztbz-qfb2

summary An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.

references

reference_url

reference_id

reference_type

scores

value	0.00063
scoring_system	epss
scoring_elements	0.19416
published_at	2026-04-16T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19454
published_at	2026-04-13T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19424
published_at	2026-04-18T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19561
published_at	2026-04-11T12:55:00Z

value	0.00063
scoring_system	epss
scoring_elements	0.19513
published_at	2026-04-12T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24659
published_at	2026-04-08T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24777
published_at	2026-04-02T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24816
published_at	2026-04-04T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.2459
published_at	2026-04-07T12:55:00Z

value	0.00085
scoring_system	epss
scoring_elements	0.24706
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-59030

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59030
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59030

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122197
reference_id	1122197
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1122197

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html

reference_id

powerdns-advisory-2025-08.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-09T14:30:11Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-08.html

fixed_packages

url	pkg:deb/debian/pdns-recursor@5.2.7-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.7-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.7-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.3.3-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.3.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.3.3-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2025-59030

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-umcq-ztbz-qfb2

url VCID-urr2-qrfd-vfeh

vulnerability_id VCID-urr2-qrfd-vfeh

summary An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15090

reference_id

reference_type

scores

value	2e-05
scoring_system	epss
scoring_elements	0.0005
published_at	2026-04-18T12:55:00Z

value	2e-05
scoring_system	epss
scoring_elements	0.00049
published_at	2026-04-13T12:55:00Z

value	2e-05
scoring_system	epss
scoring_elements	0.00048
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090

reference_url	https://security.archlinux.org/ASA-201711-31
reference_id	ASA-201711-31
reference_type
scores
url	https://security.archlinux.org/ASA-201711-31

reference_url

reference_id

AVG-520

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50868.json

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2017-15090

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urr2-qrfd-vfeh

url VCID-vprj-j7u6-zbe7

vulnerability_id VCID-vprj-j7u6-zbe7

summary Multiple vulnerabilities have been discovered in Dnsmasq, the worst of which could lead to a denial of service.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50868.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50868

reference_id

reference_type

scores

value	0.11802
scoring_system	epss
scoring_elements	0.93737
published_at	2026-04-18T12:55:00Z

value	0.11802
scoring_system	epss
scoring_elements	0.9373
published_at	2026-04-16T12:55:00Z

value	0.11802
scoring_system	epss
scoring_elements	0.93706
published_at	2026-04-08T12:55:00Z

value	0.11802
scoring_system	epss
scoring_elements	0.93684
published_at	2026-04-02T12:55:00Z

value	0.11802
scoring_system	epss
scoring_elements	0.93713
published_at	2026-04-13T12:55:00Z

value	0.11802
scoring_system	epss
scoring_elements	0.93712
published_at	2026-04-12T12:55:00Z

value	0.11802
scoring_system	epss
scoring_elements	0.93694
published_at	2026-04-04T12:55:00Z

value	0.11802
scoring_system	epss
scoring_elements	0.93696
published_at	2026-04-07T12:55:00Z

value	0.11802
scoring_system	epss
scoring_elements	0.93708
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4408

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5517

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5679

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html

reference_id

017430.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2024q1/017430.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845
reference_id	1063845
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063845

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063852
reference_id	1063852
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1063852

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077751
reference_id	1077751
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077751

reference_url

http://www.openwall.com/lists/oss-security/2024/02/16/2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

http://www.openwall.com/lists/oss-security/2024/02/16/2

reference_url

https://www.isc.org/blogs/2024-bind-security-release/

reference_id

2024-bind-security-release

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://www.isc.org/blogs/2024-bind-security-release/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2263917
reference_id	2263917
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2263917

reference_url

http://www.openwall.com/lists/oss-security/2024/02/16/3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

http://www.openwall.com/lists/oss-security/2024/02/16/3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/

reference_id

6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6FV5O347JTX7P5OZA6NGO4MKTXRXMKOZ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/

reference_id

BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUIP7T7Z4T3UHLXFWG6XIVDP4GYPD3AI/

reference_url

https://kb.isc.org/docs/cve-2023-50868

reference_id

cve-2023-50868

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://kb.isc.org/docs/cve-2023-50868

reference_url

https://access.redhat.com/security/cve/CVE-2023-50868

reference_id

CVE-2023-50868

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://access.redhat.com/security/cve/CVE-2023-50868

reference_url	https://security.gentoo.org/glsa/202412-10
reference_id	GLSA-202412-10
reference_type
scores
url	https://security.gentoo.org/glsa/202412-10

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/

reference_id

HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVRDSJVZKMCXKKPP6PNR62T7RWZ3YSDZ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/

reference_id

IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGSLGKUAQTW5JPPZCMF5YPEYALLRUZZ6/

reference_url

https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html

reference_id

msg00006.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.debian.org/debian-lts-announce/2024/02/msg00006.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html

reference_id

msg00011.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.debian.org/debian-lts-announce/2024/05/msg00011.html

reference_url

https://security.netapp.com/advisory/ntap-20240307-0008/

reference_id

ntap-20240307-0008

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://security.netapp.com/advisory/ntap-20240307-0008/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/

reference_id

PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PNNHZSZPG2E7NBMBNYPGHCFI4V4XRWNQ/

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html

reference_id

powerdns-advisory-2024-01.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-01.html

reference_url

https://datatracker.ietf.org/doc/html/rfc5155

reference_id

rfc5155

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://datatracker.ietf.org/doc/html/rfc5155

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/

reference_id

RGS7JN6FZXUSTC2XKQHH27574XOULYYJ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGS7JN6FZXUSTC2XKQHH27574XOULYYJ/

reference_url	https://access.redhat.com/errata/RHSA-2024:0965
reference_id	RHSA-2024:0965
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0965

reference_url	https://access.redhat.com/errata/RHSA-2024:0977
reference_id	RHSA-2024:0977
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0977

reference_url	https://access.redhat.com/errata/RHSA-2024:0981
reference_id	RHSA-2024:0981
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0981

reference_url	https://access.redhat.com/errata/RHSA-2024:0982
reference_id	RHSA-2024:0982
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0982

reference_url	https://access.redhat.com/errata/RHSA-2024:11003
reference_id	RHSA-2024:11003
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11003

reference_url	https://access.redhat.com/errata/RHSA-2024:1334
reference_id	RHSA-2024:1334
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1334

reference_url	https://access.redhat.com/errata/RHSA-2024:1335
reference_id	RHSA-2024:1335
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1335

reference_url	https://access.redhat.com/errata/RHSA-2024:1522
reference_id	RHSA-2024:1522
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1522

reference_url	https://access.redhat.com/errata/RHSA-2024:1543
reference_id	RHSA-2024:1543
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1543

reference_url	https://access.redhat.com/errata/RHSA-2024:1544
reference_id	RHSA-2024:1544
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1544

reference_url	https://access.redhat.com/errata/RHSA-2024:1545
reference_id	RHSA-2024:1545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1545

reference_url	https://access.redhat.com/errata/RHSA-2024:1647
reference_id	RHSA-2024:1647
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1647

reference_url	https://access.redhat.com/errata/RHSA-2024:1648
reference_id	RHSA-2024:1648
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1648

reference_url	https://access.redhat.com/errata/RHSA-2024:1781
reference_id	RHSA-2024:1781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1781

reference_url	https://access.redhat.com/errata/RHSA-2024:1782
reference_id	RHSA-2024:1782
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1782

reference_url	https://access.redhat.com/errata/RHSA-2024:1789
reference_id	RHSA-2024:1789
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1789

reference_url	https://access.redhat.com/errata/RHSA-2024:1800
reference_id	RHSA-2024:1800
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1800

reference_url	https://access.redhat.com/errata/RHSA-2024:1801
reference_id	RHSA-2024:1801
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1801

reference_url	https://access.redhat.com/errata/RHSA-2024:1803
reference_id	RHSA-2024:1803
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1803

reference_url	https://access.redhat.com/errata/RHSA-2024:1804
reference_id	RHSA-2024:1804
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1804

reference_url	https://access.redhat.com/errata/RHSA-2024:2551
reference_id	RHSA-2024:2551
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2551

reference_url	https://access.redhat.com/errata/RHSA-2024:2587
reference_id	RHSA-2024:2587
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2587

reference_url	https://access.redhat.com/errata/RHSA-2024:2696
reference_id	RHSA-2024:2696
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2696

reference_url	https://access.redhat.com/errata/RHSA-2024:2720
reference_id	RHSA-2024:2720
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2720

reference_url	https://access.redhat.com/errata/RHSA-2024:2721
reference_id	RHSA-2024:2721
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2721

reference_url	https://access.redhat.com/errata/RHSA-2024:2821
reference_id	RHSA-2024:2821
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2821

reference_url	https://access.redhat.com/errata/RHSA-2024:2890
reference_id	RHSA-2024:2890
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2890

reference_url	https://access.redhat.com/errata/RHSA-2024:3271
reference_id	RHSA-2024:3271
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3271

reference_url	https://access.redhat.com/errata/RHSA-2024:3741
reference_id	RHSA-2024:3741
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3741

reference_url	https://access.redhat.com/errata/RHSA-2024:3877
reference_id	RHSA-2024:3877
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3877

reference_url	https://access.redhat.com/errata/RHSA-2024:3929
reference_id	RHSA-2024:3929
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3929

reference_url	https://access.redhat.com/errata/RHSA-2025:0039
reference_id	RHSA-2025:0039
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0039

reference_url

https://bugzilla.suse.com/show_bug.cgi?id=1219826

reference_id

show_bug.cgi?id=1219826

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://bugzilla.suse.com/show_bug.cgi?id=1219826

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/

reference_id

SVYA42BLXUCIDLD35YIJPJSHDIADNYMP

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVYA42BLXUCIDLD35YIJPJSHDIADNYMP/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/

reference_id

TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEXGOYGW7DBS3N2QSSQONZ4ENIRQEAPG/

reference_url

https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

reference_id

unbound-1.19.1-released

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://nlnetlabs.nl/news/2024/Feb/13/unbound-1.19.1-released/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/

reference_id

UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQESRWMJCF4JEYJEAKLRM6CT55GLJAB7/

reference_url	https://usn.ubuntu.com/6633-1/
reference_id	USN-6633-1
reference_type
scores
url	https://usn.ubuntu.com/6633-1/

reference_url	https://usn.ubuntu.com/6642-1/
reference_id	USN-6642-1
reference_type
scores
url	https://usn.ubuntu.com/6642-1/

reference_url	https://usn.ubuntu.com/6657-1/
reference_id	USN-6657-1
reference_type
scores
url	https://usn.ubuntu.com/6657-1/

reference_url	https://usn.ubuntu.com/6657-2/
reference_id	USN-6657-2
reference_type
scores
url	https://usn.ubuntu.com/6657-2/

reference_url	https://usn.ubuntu.com/6665-1/
reference_id	USN-6665-1
reference_type
scores
url	https://usn.ubuntu.com/6665-1/

reference_url	https://usn.ubuntu.com/6723-1/
reference_id	USN-6723-1
reference_type
scores
url	https://usn.ubuntu.com/6723-1/

reference_url

https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1

reference_id

v5.7.1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://gitlab.nic.cz/knot/knot-resolver/-/releases/v5.7.1

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/

reference_id

ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-02-19T20:27:54Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDZFMEKQTZ4L7RY46FCENWFB5MDT263R/

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.8.6-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.8.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.6-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@4.9.3-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.9.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.9.3-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2023-50868

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vprj-j7u6-zbe7

url VCID-vua1-5kz6-hban

vulnerability_id VCID-vua1-5kz6-hban

summary An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-3806

reference_id

reference_type

scores

value	0.00024
scoring_system	epss
scoring_elements	0.06287
published_at	2026-04-18T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06333
published_at	2026-04-12T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06322
published_at	2026-04-13T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06274
published_at	2026-04-16T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.0623
published_at	2026-04-01T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06264
published_at	2026-04-02T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06283
published_at	2026-04-04T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.0626
published_at	2026-04-07T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06305
published_at	2026-04-08T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06346
published_at	2026-04-09T12:55:00Z

value	0.00024
scoring_system	epss
scoring_elements	0.06338
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-3806

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806

reference_url	https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html
reference_id
reference_type
scores
url	https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html

reference_url	https://security.archlinux.org/ASA-201901-13
reference_id	ASA-201901-13
reference_type
scores
url	https://security.archlinux.org/ASA-201901-13

reference_url

reference_id

AVG-856

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3806

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor::::::::
reference_id	cpe:2.3:a:powerdns:recursor::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor::::::::

reference_url

reference_id

CVE-2019-3806

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	5.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-3806

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.1.9-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.1.9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.9-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2019-3806

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vua1-5kz6-hban

url VCID-wmgd-z2j3-h7d9

vulnerability_id VCID-wmgd-z2j3-h7d9

summary An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-25590

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31923
published_at	2026-04-18T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31944
published_at	2026-04-16T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31911
published_at	2026-04-13T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32036
published_at	2026-04-02T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32076
published_at	2026-04-04T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.319
published_at	2026-04-07T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31952
published_at	2026-04-08T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31981
published_at	2026-04-09T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31984
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-25590

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25590
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25590

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083285
reference_id	1083285
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1083285

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html

reference_id

powerdns-advisory-2024-04.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-03T17:34:21Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2024-04.html

fixed_packages

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.0.9-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.0.9-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.0.9-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2024-25590

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wmgd-z2j3-h7d9

url VCID-wywf-pmyt-zud4

vulnerability_id VCID-wywf-pmyt-zud4

summary An attacker spoofing answers to ECS enabled requests sent out by the Recursor has a chance of success higher than non-ECS enabled queries. The updated version include various mitigations against spoofing attempts of ECS enabled queries by chaining ECS enabled requests and enforcing stricter validation of the received answers. The most strict mitigation done when the new setting outgoing.edns_subnet_harden (old style name edns-subnet-harden) is enabled.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-30192

reference_id

reference_type

scores

value	0.00033
scoring_system	epss
scoring_elements	0.09742
published_at	2026-04-04T12:55:00Z

value	0.00033
scoring_system	epss
scoring_elements	0.09691
published_at	2026-04-02T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.1346
published_at	2026-04-09T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.1341
published_at	2026-04-08T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13434
published_at	2026-04-11T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13399
published_at	2026-04-12T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13352
published_at	2026-04-13T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13327
published_at	2026-04-07T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.14882
published_at	2026-04-18T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.14876
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-30192

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30192
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30192

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109808
reference_id	1109808
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1109808

reference_url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-04.html

reference_id

powerdns-advisory-2025-04.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-21T13:05:23Z/

url

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2025-04.html

fixed_packages

url	pkg:deb/debian/pdns-recursor@5.2.4-2?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.4-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.4-2%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2025-30192

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wywf-pmyt-zud4

url VCID-xxxv-krt4-tka1

vulnerability_id VCID-xxxv-krt4-tka1

summary Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000003

reference_id

reference_type

scores

value	0.00017
scoring_system	epss
scoring_elements	0.03954
published_at	2026-04-01T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03993
published_at	2026-04-02T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.0401
published_at	2026-04-04T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04024
published_at	2026-04-07T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04031
published_at	2026-04-08T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04049
published_at	2026-04-09T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04021
published_at	2026-04-11T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04007
published_at	2026-04-12T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03979
published_at	2026-04-13T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03962
published_at	2026-04-16T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.03974
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-1000003

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.1.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.1.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.1-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

aliases CVE-2018-1000003

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xxxv-krt4-tka1

url VCID-zdzj-q58r-5uby

vulnerability_id VCID-zdzj-q58r-5uby

summary security update

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-7074

reference_id

reference_type

scores

value	4e-05
scoring_system	epss
scoring_elements	0.00162
published_at	2026-04-08T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00164
published_at	2026-04-12T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00165
published_at	2026-04-18T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00161
published_at	2026-04-02T12:55:00Z

value	4e-05
scoring_system	epss
scoring_elements	0.00163
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-7074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074

reference_url	https://security.archlinux.org/ASA-201701-29
reference_id	ASA-201701-29
reference_type
scores
url	https://security.archlinux.org/ASA-201701-29

reference_url	https://security.archlinux.org/ASA-201701-30
reference_id	ASA-201701-30
reference_type
scores
url	https://security.archlinux.org/ASA-201701-30

reference_url

reference_id

AVG-147

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-148

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url