Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie

Type deb

Namespace debian

Name pdns-recursor

Version 4.0.7-1

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 4.1.0-1

Latest_non_vulnerable_version 5.4.1-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-a7xd-fyh3-xuaq

vulnerability_id VCID-a7xd-fyh3-xuaq

summary An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15094

reference_id

reference_type

scores

value	5e-05
scoring_system	epss
scoring_elements	0.0021
published_at	2026-04-02T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00211
published_at	2026-04-04T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00207
published_at	2026-04-09T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00209
published_at	2026-04-01T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00587
published_at	2026-04-16T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00592
published_at	2026-04-18T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00634
published_at	2026-04-21T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00595
published_at	2026-04-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00591
published_at	2026-04-12T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00593
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15094

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094

reference_url	https://security.archlinux.org/ASA-201711-31
reference_id	ASA-201711-31
reference_type
scores
url	https://security.archlinux.org/ASA-201711-31

reference_url

https://security.archlinux.org/AVG-520

reference_id

AVG-520

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-520

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.1-1%3Fdistro=trixie

aliases CVE-2017-15094

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a7xd-fyh3-xuaq

url VCID-mbq1-b3dr-1uc4

vulnerability_id VCID-mbq1-b3dr-1uc4

summary A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15092

reference_id

reference_type

scores

value	3e-05
scoring_system	epss
scoring_elements	0.00062
published_at	2026-04-18T12:55:00Z

value	3e-05
scoring_system	epss
scoring_elements	0.00061
published_at	2026-04-09T12:55:00Z

value	3e-05
scoring_system	epss
scoring_elements	0.00065
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092

reference_url	https://security.archlinux.org/ASA-201711-31
reference_id	ASA-201711-31
reference_type
scores
url	https://security.archlinux.org/ASA-201711-31

reference_url

https://security.archlinux.org/AVG-520

reference_id

AVG-520

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-520

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.1-1%3Fdistro=trixie

aliases CVE-2017-15092

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mbq1-b3dr-1uc4

url VCID-tcp4-6r2n-6uer

vulnerability_id VCID-tcp4-6r2n-6uer

summary When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15093

reference_id

reference_type

scores

value	5e-05
scoring_system	epss
scoring_elements	0.00296
published_at	2026-04-21T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00288
published_at	2026-04-01T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00293
published_at	2026-04-02T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.0029
published_at	2026-04-04T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00282
published_at	2026-04-07T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.0028
published_at	2026-04-08T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00279
published_at	2026-04-11T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00276
published_at	2026-04-12T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00275
published_at	2026-04-18T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00272
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15093

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093

reference_url	https://security.archlinux.org/ASA-201711-31
reference_id	ASA-201711-31
reference_type
scores
url	https://security.archlinux.org/ASA-201711-31

reference_url

https://security.archlinux.org/AVG-520

reference_id

AVG-520

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-520

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.1-1%3Fdistro=trixie

aliases CVE-2017-15093

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcp4-6r2n-6uer

url VCID-urr2-qrfd-vfeh

vulnerability_id VCID-urr2-qrfd-vfeh

summary An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-15090

reference_id

reference_type

scores

value	2e-05
scoring_system	epss
scoring_elements	0.0005
published_at	2026-04-18T12:55:00Z

value	2e-05
scoring_system	epss
scoring_elements	0.00049
published_at	2026-04-13T12:55:00Z

value	2e-05
scoring_system	epss
scoring_elements	0.00048
published_at	2026-04-09T12:55:00Z

value	2e-05
scoring_system	epss
scoring_elements	0.00052
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-15090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090

reference_url	https://security.archlinux.org/ASA-201711-31
reference_id	ASA-201711-31
reference_type
scores
url	https://security.archlinux.org/ASA-201711-31

reference_url

https://security.archlinux.org/AVG-520

reference_id

AVG-520

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-520

fixed_packages

url	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@4.0.7-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.7-1%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.4.2-3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-66sa-bc5p-jqde

vulnerability	VCID-7dc3-qdk8-k7b2

vulnerability	VCID-8tar-s444-zfac

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-mkcs-362g-t7aq

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-vprj-j7u6-zbe7

vulnerability	VCID-wmgd-z2j3-h7d9

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3%3Fdistro=trixie

url pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

purl pkg:deb/debian/pdns-recursor@4.8.8-1%2Bdeb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2ugc-uygs-hqb8

vulnerability	VCID-cdzz-8tc8-jucu

vulnerability	VCID-m445-c6a1-uugf

vulnerability	VCID-pjbp-1jgm-s3cg

vulnerability	VCID-umcq-ztbz-qfb2

vulnerability	VCID-wywf-pmyt-zud4

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.8.8-1%252Bdeb12u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.2.8-0%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.2.8-0%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.0-1%3Fdistro=trixie

url	pkg:deb/debian/pdns-recursor@5.4.1-1?distro=trixie
purl	pkg:deb/debian/pdns-recursor@5.4.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@5.4.1-1%3Fdistro=trixie

aliases CVE-2017-15090

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-urr2-qrfd-vfeh

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.7-1%3Fdistro=trixie

Package Instance