{"url":"http://public2.vulnerablecode.io/api/packages/1036571?format=json","purl":"pkg:deb/debian/pdns-recursor@3.6.2-2%2Bdeb8u4","type":"deb","namespace":"debian","name":"pdns-recursor","version":"3.6.2-2+deb8u4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.2.9-0+deb13u1","latest_non_vulnerable_version":"5.4.1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90807?format=json","vulnerability_id":"VCID-12cd-ky6m-qkdg","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12244","reference_id":"","reference_type":"","scores":[{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.25891","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26302","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26342","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26383","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26156","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26224","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26272","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26278","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26233","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26174","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26178","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26153","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26115","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26055","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.2605","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26001","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244"},{"reference_url":"https://security.archlinux.org/ASA-202005-10","reference_id":"ASA-202005-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-10"},{"reference_url":"https://security.archlinux.org/AVG-1163","reference_id":"AVG-1163","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1163"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994394?format=json","purl":"pkg:deb/debian/pdns-recursor@4.4.2-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-2ugc-uygs-hqb8"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-66sa-bc5p-jqde"},{"vulnerability":"VCID-7dc3-qdk8-k7b2"},{"vulnerability":"VCID-8tar-s444-zfac"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-cdzz-8tc8-jucu"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-m445-c6a1-uugf"},{"vulnerability":"VCID-mkcs-362g-t7aq"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-pjbp-1jgm-s3cg"},{"vulnerability":"VCID-umcq-ztbz-qfb2"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-vprj-j7u6-zbe7"},{"vulnerability":"VCID-wmgd-z2j3-h7d9"},{"vulnerability":"VCID-wywf-pmyt-zud4"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3"}],"aliases":["CVE-2020-12244"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-12cd-ky6m-qkdg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81507?format=json","vulnerability_id":"VCID-1jzb-z2bs-vbeb","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7073","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00446","published_at":"2026-05-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00443","published_at":"2026-04-29T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00433","published_at":"2026-04-01T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00435","published_at":"2026-04-02T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00434","published_at":"2026-04-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00426","published_at":"2026-04-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00423","published_at":"2026-04-08T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00424","published_at":"2026-04-11T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00419","published_at":"2026-04-12T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00418","published_at":"2026-04-18T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00414","published_at":"2026-04-16T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00445","published_at":"2026-04-24T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00447","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/ASA-201701-30","reference_id":"ASA-201701-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-30"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"},{"reference_url":"https://security.archlinux.org/AVG-148","reference_id":"AVG-148","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037349?format=json","purl":"pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-2hee-f8gq-rycf"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-4c2u-n7p5-nfg4"},{"vulnerability":"VCID-9p7x-52ad-vbh6"},{"vulnerability":"VCID-a7xd-fyh3-xuaq"},{"vulnerability":"VCID-ch2d-p2ru-23ex"},{"vulnerability":"VCID-d4km-jg6b-2kh3"},{"vulnerability":"VCID-h73s-nkfg-sqgc"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-mbq1-b3dr-1uc4"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"},{"vulnerability":"VCID-tcp4-6r2n-6uer"},{"vulnerability":"VCID-urr2-qrfd-vfeh"},{"vulnerability":"VCID-vua1-5kz6-hban"},{"vulnerability":"VCID-xxxv-krt4-tka1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1"}],"aliases":["CVE-2016-7073"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1jzb-z2bs-vbeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94183?format=json","vulnerability_id":"VCID-2hee-f8gq-rycf","summary":"An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3807","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00116","published_at":"2026-04-29T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00117","published_at":"2026-05-05T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00118","published_at":"2026-04-13T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00119","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3807"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3807","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html","reference_id":"","reference_type":"","scores":[],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-02.html"},{"reference_url":"https://security.archlinux.org/ASA-201901-13","reference_id":"ASA-201901-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-13"},{"reference_url":"https://security.archlinux.org/AVG-856","reference_id":"AVG-856","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-856"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3807","reference_id":"CVE-2019-3807","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3807"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2019-3807"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2hee-f8gq-rycf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81505?format=json","vulnerability_id":"VCID-2m6r-ztcg-gbgu","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7068","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24413","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24535","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2482","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24858","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2463","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24699","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24747","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2476","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24719","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24662","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24675","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24667","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24647","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2459","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24578","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/ASA-201701-30","reference_id":"ASA-201701-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-30"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"},{"reference_url":"https://security.archlinux.org/AVG-148","reference_id":"AVG-148","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037349?format=json","purl":"pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-2hee-f8gq-rycf"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-4c2u-n7p5-nfg4"},{"vulnerability":"VCID-9p7x-52ad-vbh6"},{"vulnerability":"VCID-a7xd-fyh3-xuaq"},{"vulnerability":"VCID-ch2d-p2ru-23ex"},{"vulnerability":"VCID-d4km-jg6b-2kh3"},{"vulnerability":"VCID-h73s-nkfg-sqgc"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-mbq1-b3dr-1uc4"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"},{"vulnerability":"VCID-tcp4-6r2n-6uer"},{"vulnerability":"VCID-urr2-qrfd-vfeh"},{"vulnerability":"VCID-vua1-5kz6-hban"},{"vulnerability":"VCID-xxxv-krt4-tka1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1"}],"aliases":["CVE-2016-7068"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2m6r-ztcg-gbgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94319?format=json","vulnerability_id":"VCID-3e3b-z5bh-pban","summary":"An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\\0' termination.) Under some conditions, this issue can lead to the writing of one '\\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10030","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08041","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08131","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08174","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08121","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0819","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08208","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08198","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08178","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08161","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08061","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08046","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08204","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08173","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08136","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08097","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08062","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10030"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10030","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10030"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994394?format=json","purl":"pkg:deb/debian/pdns-recursor@4.4.2-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-2ugc-uygs-hqb8"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-66sa-bc5p-jqde"},{"vulnerability":"VCID-7dc3-qdk8-k7b2"},{"vulnerability":"VCID-8tar-s444-zfac"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-cdzz-8tc8-jucu"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-m445-c6a1-uugf"},{"vulnerability":"VCID-mkcs-362g-t7aq"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-pjbp-1jgm-s3cg"},{"vulnerability":"VCID-umcq-ztbz-qfb2"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-vprj-j7u6-zbe7"},{"vulnerability":"VCID-wmgd-z2j3-h7d9"},{"vulnerability":"VCID-wywf-pmyt-zud4"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3"}],"aliases":["CVE-2020-10030"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3e3b-z5bh-pban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93561?format=json","vulnerability_id":"VCID-4c2u-n7p5-nfg4","summary":"PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14626","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12398","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12605","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12488","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12635","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12739","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12785","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12592","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12671","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12723","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12691","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1265","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12606","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1251","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12518","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12632","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12642","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162","reference_id":"913162","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163","reference_id":"913163","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163"},{"reference_url":"https://security.archlinux.org/ASA-201811-12","reference_id":"ASA-201811-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-12"},{"reference_url":"https://security.archlinux.org/ASA-201811-13","reference_id":"ASA-201811-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-13"},{"reference_url":"https://security.archlinux.org/AVG-804","reference_id":"AVG-804","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-804"},{"reference_url":"https://security.archlinux.org/AVG-805","reference_id":"AVG-805","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-805"},{"reference_url":"https://usn.ubuntu.com/7203-1/","reference_id":"USN-7203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7203-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2018-14626"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4c2u-n7p5-nfg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93562?format=json","vulnerability_id":"VCID-9p7x-52ad-vbh6","summary":"An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14644","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05475","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05472","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05189","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05233","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05265","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0529","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05325","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05347","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05314","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05303","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05292","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05238","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.0524","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05392","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05431","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14644"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162","reference_id":"913162","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162"},{"reference_url":"https://security.archlinux.org/ASA-201811-13","reference_id":"ASA-201811-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-13"},{"reference_url":"https://security.archlinux.org/AVG-805","reference_id":"AVG-805","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-805"},{"reference_url":"https://usn.ubuntu.com/7203-1/","reference_id":"USN-7203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7203-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2018-14644"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9p7x-52ad-vbh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93141?format=json","vulnerability_id":"VCID-a7xd-fyh3-xuaq","summary":"An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15094","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00209","published_at":"2026-04-01T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0021","published_at":"2026-04-02T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00211","published_at":"2026-04-04T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00207","published_at":"2026-04-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00587","published_at":"2026-04-16T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00592","published_at":"2026-04-18T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00634","published_at":"2026-04-26T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00632","published_at":"2026-04-24T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00635","published_at":"2026-04-29T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0064","published_at":"2026-05-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00595","published_at":"2026-04-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00591","published_at":"2026-04-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00593","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094"},{"reference_url":"https://security.archlinux.org/ASA-201711-31","reference_id":"ASA-201711-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-31"},{"reference_url":"https://security.archlinux.org/AVG-520","reference_id":"AVG-520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2017-15094"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7xd-fyh3-xuaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93458?format=json","vulnerability_id":"VCID-ch2d-p2ru-23ex","summary":"PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10851","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2859","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28811","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2874","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29135","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2921","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29262","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29075","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29138","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2918","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29186","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2914","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29088","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29114","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29091","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29044","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28924","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162","reference_id":"913162","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163","reference_id":"913163","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163"},{"reference_url":"https://security.archlinux.org/ASA-201811-12","reference_id":"ASA-201811-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-12"},{"reference_url":"https://security.archlinux.org/ASA-201811-13","reference_id":"ASA-201811-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-13"},{"reference_url":"https://security.archlinux.org/AVG-804","reference_id":"AVG-804","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-804"},{"reference_url":"https://security.archlinux.org/AVG-805","reference_id":"AVG-805","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-805"},{"reference_url":"https://usn.ubuntu.com/7203-1/","reference_id":"USN-7203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7203-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2018-10851"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ch2d-p2ru-23ex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92701?format=json","vulnerability_id":"VCID-d13q-prqh-buge","summary":"The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1868","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66161","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66202","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66229","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66198","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66246","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66259","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66279","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66266","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66235","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6627","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66285","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66293","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66307","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66286","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037348?format=json","purl":"pkg:deb/debian/pdns-recursor@3.7.3-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-1jzb-z2bs-vbeb"},{"vulnerability":"VCID-2hee-f8gq-rycf"},{"vulnerability":"VCID-2m6r-ztcg-gbgu"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-4c2u-n7p5-nfg4"},{"vulnerability":"VCID-9p7x-52ad-vbh6"},{"vulnerability":"VCID-a7xd-fyh3-xuaq"},{"vulnerability":"VCID-ch2d-p2ru-23ex"},{"vulnerability":"VCID-d4km-jg6b-2kh3"},{"vulnerability":"VCID-h73s-nkfg-sqgc"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-mbq1-b3dr-1uc4"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-nwfa-n5f2-abe7"},{"vulnerability":"VCID-s6ds-tuus-n7hr"},{"vulnerability":"VCID-tcp4-6r2n-6uer"},{"vulnerability":"VCID-urr2-qrfd-vfeh"},{"vulnerability":"VCID-vua1-5kz6-hban"},{"vulnerability":"VCID-xxxv-krt4-tka1"},{"vulnerability":"VCID-zdzj-q58r-5uby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.7.3-1~bpo8%252B1"}],"aliases":["CVE-2015-1868"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d13q-prqh-buge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93581?format=json","vulnerability_id":"VCID-d4km-jg6b-2kh3","summary":"An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16855","reference_id":"","reference_type":"","scores":[{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95477","published_at":"2026-05-05T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95413","published_at":"2026-04-01T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95422","published_at":"2026-04-02T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95428","published_at":"2026-04-04T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95432","published_at":"2026-04-07T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95438","published_at":"2026-04-08T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95441","published_at":"2026-04-09T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95445","published_at":"2026-04-12T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95447","published_at":"2026-04-13T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95456","published_at":"2026-04-16T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.9546","published_at":"2026-04-18T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95464","published_at":"2026-04-21T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95466","published_at":"2026-04-24T12:55:00Z"},{"value":"0.19834","scoring_system":"epss","scoring_elements":"0.95467","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855"},{"reference_url":"https://security.archlinux.org/ASA-201811-21","reference_id":"ASA-201811-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-21"},{"reference_url":"https://security.archlinux.org/AVG-821","reference_id":"AVG-821","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-821"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2018-16855"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-d4km-jg6b-2kh3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69426?format=json","vulnerability_id":"VCID-h73s-nkfg-sqgc","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15120","reference_id":"","reference_type":"","scores":[{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.55985","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56116","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56147","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56152","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56164","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.5614","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56124","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56158","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56161","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.5613","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56056","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56077","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56053","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56006","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15120"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2017-15120"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h73s-nkfg-sqgc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49241?format=json","vulnerability_id":"VCID-htr2-rwgm-47ed","summary":"A vulnerability in PowerDNS Recursor could lead to a Denial of\n    Service condition.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25829","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57303","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57287","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57369","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57391","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57366","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57418","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57421","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57436","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57415","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57396","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57423","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57419","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57397","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57353","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57375","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57355","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25829"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159","reference_id":"972159","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159"},{"reference_url":"https://security.archlinux.org/ASA-202010-6","reference_id":"ASA-202010-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202010-6"},{"reference_url":"https://security.archlinux.org/AVG-1243","reference_id":"AVG-1243","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1243"},{"reference_url":"https://security.gentoo.org/glsa/202012-19","reference_id":"GLSA-202012-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994394?format=json","purl":"pkg:deb/debian/pdns-recursor@4.4.2-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-2ugc-uygs-hqb8"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-66sa-bc5p-jqde"},{"vulnerability":"VCID-7dc3-qdk8-k7b2"},{"vulnerability":"VCID-8tar-s444-zfac"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-cdzz-8tc8-jucu"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-m445-c6a1-uugf"},{"vulnerability":"VCID-mkcs-362g-t7aq"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-pjbp-1jgm-s3cg"},{"vulnerability":"VCID-umcq-ztbz-qfb2"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-vprj-j7u6-zbe7"},{"vulnerability":"VCID-wmgd-z2j3-h7d9"},{"vulnerability":"VCID-wywf-pmyt-zud4"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3"}],"aliases":["CVE-2020-25829"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-htr2-rwgm-47ed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93139?format=json","vulnerability_id":"VCID-mbq1-b3dr-1uc4","summary":"A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15092","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00062","published_at":"2026-04-18T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00061","published_at":"2026-04-09T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00065","published_at":"2026-04-29T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00067","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092"},{"reference_url":"https://security.archlinux.org/ASA-201711-31","reference_id":"ASA-201711-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-31"},{"reference_url":"https://security.archlinux.org/AVG-520","reference_id":"AVG-520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2017-15092"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbq1-b3dr-1uc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90806?format=json","vulnerability_id":"VCID-n2k6-nfxs-7ydj","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10995","reference_id":"","reference_type":"","scores":[{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25331","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25677","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25747","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25789","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25558","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25631","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25687","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25646","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.2559","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25592","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25576","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25548","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.255","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25493","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00091","scoring_system":"epss","scoring_elements":"0.25445","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244"},{"reference_url":"https://security.archlinux.org/ASA-202005-10","reference_id":"ASA-202005-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-10"},{"reference_url":"https://security.archlinux.org/AVG-1163","reference_id":"AVG-1163","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1163"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/994394?format=json","purl":"pkg:deb/debian/pdns-recursor@4.4.2-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-2ugc-uygs-hqb8"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-66sa-bc5p-jqde"},{"vulnerability":"VCID-7dc3-qdk8-k7b2"},{"vulnerability":"VCID-8tar-s444-zfac"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-cdzz-8tc8-jucu"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-m445-c6a1-uugf"},{"vulnerability":"VCID-mkcs-362g-t7aq"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-pjbp-1jgm-s3cg"},{"vulnerability":"VCID-umcq-ztbz-qfb2"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-vprj-j7u6-zbe7"},{"vulnerability":"VCID-wmgd-z2j3-h7d9"},{"vulnerability":"VCID-wywf-pmyt-zud4"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3"}],"aliases":["CVE-2020-10995"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n2k6-nfxs-7ydj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80920?format=json","vulnerability_id":"VCID-nwfa-n5f2-abe7","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5470","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0045","published_at":"2026-04-29T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00435","published_at":"2026-04-01T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00439","published_at":"2026-04-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00431","published_at":"2026-04-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00428","published_at":"2026-04-08T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0043","published_at":"2026-04-11T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00425","published_at":"2026-04-18T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00424","published_at":"2026-04-13T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00421","published_at":"2026-04-16T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00455","published_at":"2026-05-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00453","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470"},{"reference_url":"https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/","reference_id":"","reference_type":"","scores":[],"url":"https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/07/07/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/07/07/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/07/10/8","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/07/10/8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5470","reference_id":"CVE-2015-5470","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5470"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037349?format=json","purl":"pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-2hee-f8gq-rycf"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-4c2u-n7p5-nfg4"},{"vulnerability":"VCID-9p7x-52ad-vbh6"},{"vulnerability":"VCID-a7xd-fyh3-xuaq"},{"vulnerability":"VCID-ch2d-p2ru-23ex"},{"vulnerability":"VCID-d4km-jg6b-2kh3"},{"vulnerability":"VCID-h73s-nkfg-sqgc"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-mbq1-b3dr-1uc4"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"},{"vulnerability":"VCID-tcp4-6r2n-6uer"},{"vulnerability":"VCID-urr2-qrfd-vfeh"},{"vulnerability":"VCID-vua1-5kz6-hban"},{"vulnerability":"VCID-xxxv-krt4-tka1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1"}],"aliases":["CVE-2015-5470"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nwfa-n5f2-abe7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94371?format=json","vulnerability_id":"VCID-s6ds-tuus-n7hr","summary":"In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14196","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0685","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06837","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06566","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06634","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06679","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06665","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06714","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06748","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06747","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0674","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06733","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06664","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06655","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06812","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.06817","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103","reference_id":"964103","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103"},{"reference_url":"https://security.archlinux.org/AVG-1199","reference_id":"AVG-1199","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1199"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994394?format=json","purl":"pkg:deb/debian/pdns-recursor@4.4.2-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-26wf-1bqp-sbff"},{"vulnerability":"VCID-2ugc-uygs-hqb8"},{"vulnerability":"VCID-5afe-ws96-nqh9"},{"vulnerability":"VCID-66sa-bc5p-jqde"},{"vulnerability":"VCID-7dc3-qdk8-k7b2"},{"vulnerability":"VCID-8tar-s444-zfac"},{"vulnerability":"VCID-anab-r9ty-1yh1"},{"vulnerability":"VCID-cdzz-8tc8-jucu"},{"vulnerability":"VCID-chzq-qej6-rkdq"},{"vulnerability":"VCID-k3re-ss39-zugm"},{"vulnerability":"VCID-m445-c6a1-uugf"},{"vulnerability":"VCID-mkcs-362g-t7aq"},{"vulnerability":"VCID-mzne-k7ry-pubm"},{"vulnerability":"VCID-pfhu-1qdf-p7d5"},{"vulnerability":"VCID-pjbp-1jgm-s3cg"},{"vulnerability":"VCID-umcq-ztbz-qfb2"},{"vulnerability":"VCID-v9yz-hcqv-83gu"},{"vulnerability":"VCID-vprj-j7u6-zbe7"},{"vulnerability":"VCID-wmgd-z2j3-h7d9"},{"vulnerability":"VCID-wywf-pmyt-zud4"},{"vulnerability":"VCID-xasd-r2rc-2ufq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3"}],"aliases":["CVE-2020-14196"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6ds-tuus-n7hr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93140?format=json","vulnerability_id":"VCID-tcp4-6r2n-6uer","summary":"When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15093","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00289","published_at":"2026-05-05T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00288","published_at":"2026-04-01T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00293","published_at":"2026-04-02T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0029","published_at":"2026-04-04T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00282","published_at":"2026-04-07T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0028","published_at":"2026-04-08T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00279","published_at":"2026-04-11T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00276","published_at":"2026-04-12T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00275","published_at":"2026-04-18T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00272","published_at":"2026-04-16T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00296","published_at":"2026-04-21T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00297","published_at":"2026-04-24T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00295","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093"},{"reference_url":"https://security.archlinux.org/ASA-201711-31","reference_id":"ASA-201711-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-31"},{"reference_url":"https://security.archlinux.org/AVG-520","reference_id":"AVG-520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2017-15093"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tcp4-6r2n-6uer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93137?format=json","vulnerability_id":"VCID-urr2-qrfd-vfeh","summary":"An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15090","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00048","published_at":"2026-04-09T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00051","published_at":"2026-04-29T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00049","published_at":"2026-04-13T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.0005","published_at":"2026-04-18T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00052","published_at":"2026-05-05T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00053","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090"},{"reference_url":"https://security.archlinux.org/ASA-201711-31","reference_id":"ASA-201711-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-31"},{"reference_url":"https://security.archlinux.org/AVG-520","reference_id":"AVG-520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2017-15090"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urr2-qrfd-vfeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94182?format=json","vulnerability_id":"VCID-vua1-5kz6-hban","summary":"An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3806","reference_id":"","reference_type":"","scores":[{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06509","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06449","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06473","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06486","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0623","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06264","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06283","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.0626","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06305","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06346","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06338","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06333","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06322","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06287","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00024","scoring_system":"epss","scoring_elements":"0.06434","published_at":"2026-04-21T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3806"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806"},{"reference_url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html","reference_id":"","reference_type":"","scores":[],"url":"https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2019-01.html"},{"reference_url":"https://security.archlinux.org/ASA-201901-13","reference_id":"ASA-201901-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-13"},{"reference_url":"https://security.archlinux.org/AVG-856","reference_id":"AVG-856","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-856"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3806","reference_id":"CVE-2019-3806","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H"},{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3806"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2019-3806"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vua1-5kz6-hban"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93417?format=json","vulnerability_id":"VCID-xxxv-krt4-tka1","summary":"Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000003","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03954","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03993","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0401","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04024","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04031","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04049","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04021","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04007","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03979","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03962","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.03974","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04099","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04112","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0413","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04166","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04132","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037350?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2018-1000003"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxxv-krt4-tka1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81508?format=json","vulnerability_id":"VCID-zdzj-q58r-5uby","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7074","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00167","published_at":"2026-05-05T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00166","published_at":"2026-04-29T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00161","published_at":"2026-04-02T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00162","published_at":"2026-04-08T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00163","published_at":"2026-04-13T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00164","published_at":"2026-04-12T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00165","published_at":"2026-04-18T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00168","published_at":"2026-04-21T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.0017","published_at":"2026-04-24T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00169","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/ASA-201701-30","reference_id":"ASA-201701-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-30"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"},{"reference_url":"https://security.archlinux.org/AVG-148","reference_id":"AVG-148","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037349?format=json","purl":"pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-2hee-f8gq-rycf"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-4c2u-n7p5-nfg4"},{"vulnerability":"VCID-9p7x-52ad-vbh6"},{"vulnerability":"VCID-a7xd-fyh3-xuaq"},{"vulnerability":"VCID-ch2d-p2ru-23ex"},{"vulnerability":"VCID-d4km-jg6b-2kh3"},{"vulnerability":"VCID-h73s-nkfg-sqgc"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-mbq1-b3dr-1uc4"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"},{"vulnerability":"VCID-tcp4-6r2n-6uer"},{"vulnerability":"VCID-urr2-qrfd-vfeh"},{"vulnerability":"VCID-vua1-5kz6-hban"},{"vulnerability":"VCID-xxxv-krt4-tka1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1"}],"aliases":["CVE-2016-7074"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zdzj-q58r-5uby"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81505?format=json","vulnerability_id":"VCID-2m6r-ztcg-gbgu","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7068","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24413","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24535","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24743","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2482","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24858","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2463","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24699","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24747","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2476","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24719","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24662","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24675","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24667","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24647","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.2459","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24578","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/ASA-201701-30","reference_id":"ASA-201701-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-30"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"},{"reference_url":"https://security.archlinux.org/AVG-148","reference_id":"AVG-148","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036571?format=json","purl":"pkg:deb/debian/pdns-recursor@3.6.2-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-1jzb-z2bs-vbeb"},{"vulnerability":"VCID-2hee-f8gq-rycf"},{"vulnerability":"VCID-2m6r-ztcg-gbgu"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-4c2u-n7p5-nfg4"},{"vulnerability":"VCID-9p7x-52ad-vbh6"},{"vulnerability":"VCID-a7xd-fyh3-xuaq"},{"vulnerability":"VCID-ch2d-p2ru-23ex"},{"vulnerability":"VCID-d13q-prqh-buge"},{"vulnerability":"VCID-d4km-jg6b-2kh3"},{"vulnerability":"VCID-h73s-nkfg-sqgc"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-mbq1-b3dr-1uc4"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-nwfa-n5f2-abe7"},{"vulnerability":"VCID-s6ds-tuus-n7hr"},{"vulnerability":"VCID-tcp4-6r2n-6uer"},{"vulnerability":"VCID-urr2-qrfd-vfeh"},{"vulnerability":"VCID-vua1-5kz6-hban"},{"vulnerability":"VCID-xxxv-krt4-tka1"},{"vulnerability":"VCID-zdzj-q58r-5uby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037349?format=json","purl":"pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-2hee-f8gq-rycf"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-4c2u-n7p5-nfg4"},{"vulnerability":"VCID-9p7x-52ad-vbh6"},{"vulnerability":"VCID-a7xd-fyh3-xuaq"},{"vulnerability":"VCID-ch2d-p2ru-23ex"},{"vulnerability":"VCID-d4km-jg6b-2kh3"},{"vulnerability":"VCID-h73s-nkfg-sqgc"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-mbq1-b3dr-1uc4"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"},{"vulnerability":"VCID-tcp4-6r2n-6uer"},{"vulnerability":"VCID-urr2-qrfd-vfeh"},{"vulnerability":"VCID-vua1-5kz6-hban"},{"vulnerability":"VCID-xxxv-krt4-tka1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1"}],"aliases":["CVE-2016-7068"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2m6r-ztcg-gbgu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80920?format=json","vulnerability_id":"VCID-nwfa-n5f2-abe7","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5470","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0045","published_at":"2026-04-29T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00435","published_at":"2026-04-01T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00439","published_at":"2026-04-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00431","published_at":"2026-04-07T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00428","published_at":"2026-04-08T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0043","published_at":"2026-04-11T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00425","published_at":"2026-04-18T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00424","published_at":"2026-04-13T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00421","published_at":"2026-04-16T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00455","published_at":"2026-05-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00453","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470"},{"reference_url":"https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/","reference_id":"","reference_type":"","scores":[],"url":"https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/07/07/6","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/07/07/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2015/07/10/8","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2015/07/10/8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5470","reference_id":"CVE-2015-5470","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-5470"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036571?format=json","purl":"pkg:deb/debian/pdns-recursor@3.6.2-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-1jzb-z2bs-vbeb"},{"vulnerability":"VCID-2hee-f8gq-rycf"},{"vulnerability":"VCID-2m6r-ztcg-gbgu"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-4c2u-n7p5-nfg4"},{"vulnerability":"VCID-9p7x-52ad-vbh6"},{"vulnerability":"VCID-a7xd-fyh3-xuaq"},{"vulnerability":"VCID-ch2d-p2ru-23ex"},{"vulnerability":"VCID-d13q-prqh-buge"},{"vulnerability":"VCID-d4km-jg6b-2kh3"},{"vulnerability":"VCID-h73s-nkfg-sqgc"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-mbq1-b3dr-1uc4"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-nwfa-n5f2-abe7"},{"vulnerability":"VCID-s6ds-tuus-n7hr"},{"vulnerability":"VCID-tcp4-6r2n-6uer"},{"vulnerability":"VCID-urr2-qrfd-vfeh"},{"vulnerability":"VCID-vua1-5kz6-hban"},{"vulnerability":"VCID-xxxv-krt4-tka1"},{"vulnerability":"VCID-zdzj-q58r-5uby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037349?format=json","purl":"pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-12cd-ky6m-qkdg"},{"vulnerability":"VCID-2hee-f8gq-rycf"},{"vulnerability":"VCID-3e3b-z5bh-pban"},{"vulnerability":"VCID-4c2u-n7p5-nfg4"},{"vulnerability":"VCID-9p7x-52ad-vbh6"},{"vulnerability":"VCID-a7xd-fyh3-xuaq"},{"vulnerability":"VCID-ch2d-p2ru-23ex"},{"vulnerability":"VCID-d4km-jg6b-2kh3"},{"vulnerability":"VCID-h73s-nkfg-sqgc"},{"vulnerability":"VCID-htr2-rwgm-47ed"},{"vulnerability":"VCID-mbq1-b3dr-1uc4"},{"vulnerability":"VCID-n2k6-nfxs-7ydj"},{"vulnerability":"VCID-s6ds-tuus-n7hr"},{"vulnerability":"VCID-tcp4-6r2n-6uer"},{"vulnerability":"VCID-urr2-qrfd-vfeh"},{"vulnerability":"VCID-vua1-5kz6-hban"},{"vulnerability":"VCID-xxxv-krt4-tka1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1"}],"aliases":["CVE-2015-5470"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nwfa-n5f2-abe7"}],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2%252Bdeb8u4"}