{"url":"http://public2.vulnerablecode.io/api/packages/420722?format=json","purl":"pkg:apk/alpine/pdns-recursor@4.0.7-r0?arch=x86&distroversion=v3.21&reponame=community","type":"apk","namespace":"alpine","name":"pdns-recursor","version":"4.0.7-r0","qualifiers":{"arch":"x86","distroversion":"v3.21","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.1.1-r0","latest_non_vulnerable_version":"5.1.2-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93141?format=json","vulnerability_id":"VCID-a7xd-fyh3-xuaq","summary":"An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15094","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00209","published_at":"2026-04-01T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0021","published_at":"2026-04-02T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00211","published_at":"2026-04-04T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00207","published_at":"2026-04-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00587","published_at":"2026-04-16T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00592","published_at":"2026-04-18T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00634","published_at":"2026-05-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00632","published_at":"2026-04-24T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00635","published_at":"2026-04-29T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.0064","published_at":"2026-05-05T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00637","published_at":"2026-05-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00626","published_at":"2026-05-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00621","published_at":"2026-05-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00624","published_at":"2026-05-14T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00595","published_at":"2026-04-11T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00591","published_at":"2026-04-12T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00593","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094"},{"reference_url":"https://security.archlinux.org/ASA-201711-31","reference_id":"ASA-201711-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-31"},{"reference_url":"https://security.archlinux.org/AVG-520","reference_id":"AVG-520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420722?format=json","purl":"pkg:apk/alpine/pdns-recursor@4.0.7-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@4.0.7-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2017-15094"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7xd-fyh3-xuaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93139?format=json","vulnerability_id":"VCID-mbq1-b3dr-1uc4","summary":"A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15092","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00065","published_at":"2026-05-14T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00064","published_at":"2026-05-11T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00061","published_at":"2026-04-09T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00062","published_at":"2026-04-18T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00067","published_at":"2026-05-05T12:55:00Z"},{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00066","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092"},{"reference_url":"https://security.archlinux.org/ASA-201711-31","reference_id":"ASA-201711-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-31"},{"reference_url":"https://security.archlinux.org/AVG-520","reference_id":"AVG-520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420722?format=json","purl":"pkg:apk/alpine/pdns-recursor@4.0.7-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@4.0.7-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2017-15092"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mbq1-b3dr-1uc4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93140?format=json","vulnerability_id":"VCID-tcp4-6r2n-6uer","summary":"When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15093","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00285","published_at":"2026-05-14T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00288","published_at":"2026-05-11T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00293","published_at":"2026-04-02T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0029","published_at":"2026-04-04T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00282","published_at":"2026-04-07T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0028","published_at":"2026-04-08T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00279","published_at":"2026-04-11T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00276","published_at":"2026-04-12T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00275","published_at":"2026-04-18T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00272","published_at":"2026-04-16T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00296","published_at":"2026-04-21T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00297","published_at":"2026-04-24T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00295","published_at":"2026-04-26T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00289","published_at":"2026-05-05T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00291","published_at":"2026-05-07T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00292","published_at":"2026-05-09T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00284","published_at":"2026-05-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093"},{"reference_url":"https://security.archlinux.org/ASA-201711-31","reference_id":"ASA-201711-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-31"},{"reference_url":"https://security.archlinux.org/AVG-520","reference_id":"AVG-520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420722?format=json","purl":"pkg:apk/alpine/pdns-recursor@4.0.7-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@4.0.7-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2017-15093"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tcp4-6r2n-6uer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93137?format=json","vulnerability_id":"VCID-urr2-qrfd-vfeh","summary":"An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15090","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00048","published_at":"2026-04-09T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00051","published_at":"2026-05-11T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00049","published_at":"2026-04-13T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.0005","published_at":"2026-04-18T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00052","published_at":"2026-05-12T12:55:00Z"},{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00053","published_at":"2026-05-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090"},{"reference_url":"https://security.archlinux.org/ASA-201711-31","reference_id":"ASA-201711-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-31"},{"reference_url":"https://security.archlinux.org/AVG-520","reference_id":"AVG-520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/420722?format=json","purl":"pkg:apk/alpine/pdns-recursor@4.0.7-r0?arch=x86&distroversion=v3.21&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@4.0.7-r0%3Farch=x86&distroversion=v3.21&reponame=community"}],"aliases":["CVE-2017-15090"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urr2-qrfd-vfeh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/pdns-recursor@4.0.7-r0%3Farch=x86&distroversion=v3.21&reponame=community"}