{"url":"http://public2.vulnerablecode.io/api/packages/4907?format=json","purl":"pkg:deb/debian/pdns@2.9.21.2-1%2Blenny1","type":"deb","namespace":"debian","name":"pdns","version":"2.9.21.2-1+lenny1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"4.9.14-0+deb13u1","latest_non_vulnerable_version":"4.9.14-0+deb13u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97705?format=json","vulnerability_id":"VCID-1aex-5g1j-6ycu","summary":"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7068","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24697","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24794","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/ASA-201701-30","reference_id":"ASA-201701-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-30"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"},{"reference_url":"https://security.archlinux.org/AVG-148","reference_id":"AVG-148","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"},{"url":"http://public2.vulnerablecode.io/api/packages/4916?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1"}],"aliases":["CVE-2016-7068"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1aex-5g1j-6ycu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97710?format=json","vulnerability_id":"VCID-4sbu-xd68-1kg1","summary":"An issue has been found in the API component of PowerDNS Authoritative 4.x up to and including 4.0.4 and 3.x up to and including 3.4.11, where some operations that have an impact on the state of the server are still allowed even though the API has been configured as read-only via the api-readonly keyword. This missing check allows an attacker with valid API credentials to flush the cache, trigger a zone transfer or send a NOTIFY.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15091","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00051","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15091"},{"reference_url":"https://security.archlinux.org/ASA-201711-30","reference_id":"ASA-201711-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-30"},{"reference_url":"https://security.archlinux.org/AVG-519","reference_id":"AVG-519","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-519"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6030?format=json","purl":"pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1"}],"aliases":["CVE-2017-15091"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sbu-xd68-1kg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97714?format=json","vulnerability_id":"VCID-5jbx-s8nk-jyg3","summary":"A Vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.9, 4.0.8 allowing a remote, authorized master server to cause a high CPU load or even prevent any further updates to any slave zone by sending a large number of NOTIFY messages. Note that only servers configured as slaves are affected by this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10163","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00186","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10163"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10163"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4917?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1%252Bdeb9u5"},{"url":"http://public2.vulnerablecode.io/api/packages/6030?format=json","purl":"pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1"}],"aliases":["CVE-2019-10163"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5jbx-s8nk-jyg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97709?format=json","vulnerability_id":"VCID-b7yf-chf7-23bn","summary":"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7074","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00175","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/ASA-201701-30","reference_id":"ASA-201701-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-30"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"},{"reference_url":"https://security.archlinux.org/AVG-148","reference_id":"AVG-148","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"},{"url":"http://public2.vulnerablecode.io/api/packages/4916?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1"}],"aliases":["CVE-2016-7074"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7yf-chf7-23bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97713?format=json","vulnerability_id":"VCID-b8rd-9xpk-7qck","summary":"A vulnerability has been found in PowerDNS Authoritative Server before versions 4.1.10, 4.0.8 allowing an authorized user to cause the server to exit by inserting a crafted record in a MASTER type zone under their control. The issue is due to the fact that the Authoritative Server will exit when it runs into a parsing error while looking up the NS/A/AAAA records it is about to use for an outgoing notify.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10162","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00343","published_at":"2026-06-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00345","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10163","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10163"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4917?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1%252Bdeb9u5"},{"url":"http://public2.vulnerablecode.io/api/packages/6030?format=json","purl":"pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1"}],"aliases":["CVE-2019-10162"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b8rd-9xpk-7qck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97698?format=json","vulnerability_id":"VCID-bj29-y5j2-7fb5","summary":"PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows remote attackers to cause a denial of service (assertion failure and server crash) via crafted query packets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5311","reference_id":"","reference_type":"","scores":[{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65347","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00478","scoring_system":"epss","scoring_elements":"0.65398","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5311"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4916?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1"}],"aliases":["CVE-2015-5311"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bj29-y5j2-7fb5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97694?format=json","vulnerability_id":"VCID-dbhs-hkzz-6yb4","summary":"common_startup.cc in PowerDNS (aka pdns) Authoritative Server before 2.9.22.5 and 3.x before 3.0.1 allows remote attackers to cause a denial of service (packet loop) via a crafted UDP DNS response.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0206","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00231","published_at":"2026-06-04T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.0023","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-0206"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0206","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0206"},{"reference_url":"https://security.gentoo.org/glsa/201202-04","reference_id":"GLSA-201202-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201202-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4909?format=json","purl":"pkg:deb/debian/pdns@3.1-4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-xt9k-5zk6-j3cg"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.1-4.1"}],"aliases":["CVE-2012-0206"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dbhs-hkzz-6yb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97712?format=json","vulnerability_id":"VCID-dmsw-hy5g-pug3","summary":"PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14626","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12937","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13018","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162","reference_id":"913162","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163","reference_id":"913163","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163"},{"reference_url":"https://security.archlinux.org/ASA-201811-12","reference_id":"ASA-201811-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-12"},{"reference_url":"https://security.archlinux.org/ASA-201811-13","reference_id":"ASA-201811-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-13"},{"reference_url":"https://security.archlinux.org/AVG-804","reference_id":"AVG-804","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-804"},{"reference_url":"https://security.archlinux.org/AVG-805","reference_id":"AVG-805","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-805"},{"reference_url":"https://usn.ubuntu.com/7203-1/","reference_id":"USN-7203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7203-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6030?format=json","purl":"pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1"}],"aliases":["CVE-2018-14626"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsw-hy5g-pug3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97717?format=json","vulnerability_id":"VCID-f6qa-1zj7-eudw","summary":"An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17482","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15913","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15998","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-17482"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17482","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17482"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970737","reference_id":"970737","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970737"},{"reference_url":"https://security.gentoo.org/glsa/202012-18","reference_id":"GLSA-202012-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-18"},{"reference_url":"https://usn.ubuntu.com/7203-1/","reference_id":"USN-7203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7203-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196074?format=json","purl":"pkg:deb/debian/pdns@4.4.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3sq8-16v4-yydc"},{"vulnerability":"VCID-bsvk-tw8r-9qe5"},{"vulnerability":"VCID-e1js-9ute-3kf8"},{"vulnerability":"VCID-e5n6-qn1d-nkg7"},{"vulnerability":"VCID-gq3g-suwj-qfc4"},{"vulnerability":"VCID-hvtq-ncfb-p3ck"},{"vulnerability":"VCID-m5vb-nhcv-wka3"},{"vulnerability":"VCID-meum-uqx6-e3bs"},{"vulnerability":"VCID-rs9f-44nz-z3fc"},{"vulnerability":"VCID-u1rs-bywf-zbaf"},{"vulnerability":"VCID-yjx9-kpdu-cfb7"},{"vulnerability":"VCID-zqkm-3evt-pycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.4.1-1"}],"aliases":["CVE-2020-17482"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f6qa-1zj7-eudw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97716?format=json","vulnerability_id":"VCID-gbfa-2n6q-cbfz","summary":"PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1.x before 4.1.11, exiting when encountering a serial between 2^31 and 2^32-1 while trying to notify a slave leads to DoS.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10203","reference_id":"","reference_type":"","scores":[{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.05986","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00021","scoring_system":"epss","scoring_elements":"0.06013","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-10203"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10203","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10203"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970729","reference_id":"970729","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196074?format=json","purl":"pkg:deb/debian/pdns@4.4.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3sq8-16v4-yydc"},{"vulnerability":"VCID-bsvk-tw8r-9qe5"},{"vulnerability":"VCID-e1js-9ute-3kf8"},{"vulnerability":"VCID-e5n6-qn1d-nkg7"},{"vulnerability":"VCID-gq3g-suwj-qfc4"},{"vulnerability":"VCID-hvtq-ncfb-p3ck"},{"vulnerability":"VCID-m5vb-nhcv-wka3"},{"vulnerability":"VCID-meum-uqx6-e3bs"},{"vulnerability":"VCID-rs9f-44nz-z3fc"},{"vulnerability":"VCID-u1rs-bywf-zbaf"},{"vulnerability":"VCID-yjx9-kpdu-cfb7"},{"vulnerability":"VCID-zqkm-3evt-pycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.4.1-1"}],"aliases":["CVE-2019-10203"],"risk_score":0.8,"exploitability":"0.5","weighted_severity":"1.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gbfa-2n6q-cbfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97701?format=json","vulnerability_id":"VCID-gfwm-fnp9-d7e1","summary":"PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5426","reference_id":"","reference_type":"","scores":[{"value":"0.3697","scoring_system":"epss","scoring_elements":"0.97243","published_at":"2026-06-04T12:55:00Z"},{"value":"0.3697","scoring_system":"epss","scoring_elements":"0.97247","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"},{"url":"http://public2.vulnerablecode.io/api/packages/4916?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1"}],"aliases":["CVE-2016-5426"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfwm-fnp9-d7e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97700?format=json","vulnerability_id":"VCID-hp38-vkna-xbbf","summary":"An issue has been found in PowerDNS Authoritative Server versions up to and including 3.4.10, 4.0.1 allowing an authorized user to crash the server by inserting a specially crafted record in a zone under their control then sending a DNS query for that record. The issue is due to an integer overflow when checking if the content of the record matches the expected size, allowing an attacker to cause a read past the buffer boundary.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2120","reference_id":"","reference_type":"","scores":[{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32125","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00131","scoring_system":"epss","scoring_elements":"0.32196","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"},{"url":"http://public2.vulnerablecode.io/api/packages/4916?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1"}],"aliases":["CVE-2016-2120"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hp38-vkna-xbbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97719?format=json","vulnerability_id":"VCID-hxzt-1jtf-huft","summary":"An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24697","reference_id":"","reference_type":"","scores":[{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31922","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00129","scoring_system":"epss","scoring_elements":"0.31995","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24697"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24697","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24697"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196074?format=json","purl":"pkg:deb/debian/pdns@4.4.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3sq8-16v4-yydc"},{"vulnerability":"VCID-bsvk-tw8r-9qe5"},{"vulnerability":"VCID-e1js-9ute-3kf8"},{"vulnerability":"VCID-e5n6-qn1d-nkg7"},{"vulnerability":"VCID-gq3g-suwj-qfc4"},{"vulnerability":"VCID-hvtq-ncfb-p3ck"},{"vulnerability":"VCID-m5vb-nhcv-wka3"},{"vulnerability":"VCID-meum-uqx6-e3bs"},{"vulnerability":"VCID-rs9f-44nz-z3fc"},{"vulnerability":"VCID-u1rs-bywf-zbaf"},{"vulnerability":"VCID-yjx9-kpdu-cfb7"},{"vulnerability":"VCID-zqkm-3evt-pycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.4.1-1"}],"aliases":["CVE-2020-24697"],"risk_score":1.2,"exploitability":"0.5","weighted_severity":"2.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hxzt-1jtf-huft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97718?format=json","vulnerability_id":"VCID-j7zf-tztb-3qdr","summary":"An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24696","reference_id":"","reference_type":"","scores":[{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22719","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00075","scoring_system":"epss","scoring_elements":"0.22802","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24696"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24696","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24696"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196074?format=json","purl":"pkg:deb/debian/pdns@4.4.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3sq8-16v4-yydc"},{"vulnerability":"VCID-bsvk-tw8r-9qe5"},{"vulnerability":"VCID-e1js-9ute-3kf8"},{"vulnerability":"VCID-e5n6-qn1d-nkg7"},{"vulnerability":"VCID-gq3g-suwj-qfc4"},{"vulnerability":"VCID-hvtq-ncfb-p3ck"},{"vulnerability":"VCID-m5vb-nhcv-wka3"},{"vulnerability":"VCID-meum-uqx6-e3bs"},{"vulnerability":"VCID-rs9f-44nz-z3fc"},{"vulnerability":"VCID-u1rs-bywf-zbaf"},{"vulnerability":"VCID-yjx9-kpdu-cfb7"},{"vulnerability":"VCID-zqkm-3evt-pycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.4.1-1"}],"aliases":["CVE-2020-24696"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j7zf-tztb-3qdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97708?format=json","vulnerability_id":"VCID-jvrb-gawg-ufg7","summary":"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7073","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00474","published_at":"2026-06-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00476","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/ASA-201701-30","reference_id":"ASA-201701-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-30"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"},{"reference_url":"https://security.archlinux.org/AVG-148","reference_id":"AVG-148","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"},{"url":"http://public2.vulnerablecode.io/api/packages/4916?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1"}],"aliases":["CVE-2016-7073"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvrb-gawg-ufg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97702?format=json","vulnerability_id":"VCID-n5n2-xvth-uqd5","summary":"PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5427","reference_id":"","reference_type":"","scores":[{"value":"0.85547","scoring_system":"epss","scoring_elements":"0.99385","published_at":"2026-06-04T12:55:00Z"},{"value":"0.85547","scoring_system":"epss","scoring_elements":"0.99386","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"},{"url":"http://public2.vulnerablecode.io/api/packages/4916?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1"}],"aliases":["CVE-2016-5427"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n5n2-xvth-uqd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6108?format=json","vulnerability_id":"VCID-n8kr-mt65-13gj","summary":"insufficient validation","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3871","reference_id":"","reference_type":"","scores":[{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07747","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00026","scoring_system":"epss","scoring_elements":"0.07778","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3871"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924966","reference_id":"924966","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924966"},{"reference_url":"https://security.archlinux.org/ASA-201903-13","reference_id":"ASA-201903-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-13"},{"reference_url":"https://security.archlinux.org/AVG-927","reference_id":"AVG-927","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-927"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4917?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1%252Bdeb9u5"},{"url":"http://public2.vulnerablecode.io/api/packages/6030?format=json","purl":"pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1"}],"aliases":["CVE-2019-3871"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n8kr-mt65-13gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97707?format=json","vulnerability_id":"VCID-ph4w-9w5r-hqdk","summary":"An issue has been found in PowerDNS Authoritative Server before 3.4.11 and 4.0.2 allowing a remote, unauthenticated attacker to cause a denial of service by opening a large number of TCP connections to the web server. If the web server runs out of file descriptors, it triggers an exception and terminates the whole PowerDNS process. While it's more complicated for an unauthorized attacker to make the web server run out of file descriptors since its connection will be closed just after being accepted, it might still be possible.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7072","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0881","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.0885","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"},{"url":"http://public2.vulnerablecode.io/api/packages/4916?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1"}],"aliases":["CVE-2016-7072"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ph4w-9w5r-hqdk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97703?format=json","vulnerability_id":"VCID-pn7j-7cbx-wbhj","summary":"PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote primary DNS servers to cause a denial of service (memory exhaustion and secondary DNS server crash) via a large (1) AXFR or (2) IXFR response.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6172","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05384","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05405","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6172"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5427"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6172"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830808","reference_id":"830808","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=830808"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"},{"url":"http://public2.vulnerablecode.io/api/packages/4916?format=json","purl":"pkg:deb/debian/pdns@4.0.3-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.0.3-1~bpo8%252B1"}],"aliases":["CVE-2016-6172"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pn7j-7cbx-wbhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6304?format=json","vulnerability_id":"VCID-qg7g-sudd-hue1","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1046","reference_id":"","reference_type":"","scores":[{"value":"3e-05","scoring_system":"epss","scoring_elements":"0.00072","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1046"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1046","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1046"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898255","reference_id":"898255","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898255"},{"reference_url":"https://security.archlinux.org/ASA-201805-1","reference_id":"ASA-201805-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-1"},{"reference_url":"https://security.archlinux.org/AVG-686","reference_id":"AVG-686","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-686"},{"reference_url":"https://usn.ubuntu.com/7203-1/","reference_id":"USN-7203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7203-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6030?format=json","purl":"pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1"}],"aliases":["CVE-2018-1046"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qg7g-sudd-hue1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97711?format=json","vulnerability_id":"VCID-rpze-v2md-4uca","summary":"PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10851","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28665","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28737","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162","reference_id":"913162","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163","reference_id":"913163","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163"},{"reference_url":"https://security.archlinux.org/ASA-201811-12","reference_id":"ASA-201811-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-12"},{"reference_url":"https://security.archlinux.org/ASA-201811-13","reference_id":"ASA-201811-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-13"},{"reference_url":"https://security.archlinux.org/AVG-804","reference_id":"AVG-804","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-804"},{"reference_url":"https://security.archlinux.org/AVG-805","reference_id":"AVG-805","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-805"},{"reference_url":"https://usn.ubuntu.com/7203-1/","reference_id":"USN-7203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7203-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6030?format=json","purl":"pkg:deb/debian/pdns@4.1.6-3%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.1.6-3%252Bdeb10u1"}],"aliases":["CVE-2018-10851"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rpze-v2md-4uca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97699?format=json","vulnerability_id":"VCID-tmg6-gqrq-2uc9","summary":"The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5470","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00478","published_at":"2026-06-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00481","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"},{"url":"http://public2.vulnerablecode.io/api/packages/4914?format=json","purl":"pkg:deb/debian/pdns@3.4.6-1~bpo7%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.6-1~bpo7%252B1"}],"aliases":["CVE-2015-5470"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tmg6-gqrq-2uc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97697?format=json","vulnerability_id":"VCID-v1f6-qdrh-4fcz","summary":"The DNS packet parsing/generation code in PowerDNS (aka pdns) Authoritative Server 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via crafted query packets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5230","reference_id":"","reference_type":"","scores":[{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52861","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52922","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5230"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5230","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5230"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4912?format=json","purl":"pkg:deb/debian/pdns@3.4.1-4%2Bdeb8u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.1-4%252Bdeb8u8"},{"url":"http://public2.vulnerablecode.io/api/packages/4915?format=json","purl":"pkg:deb/debian/pdns@3.4.7-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.7-1~bpo8%252B1"}],"aliases":["CVE-2015-5230"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v1f6-qdrh-4fcz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97720?format=json","vulnerability_id":"VCID-venu-tvd9-dqgx","summary":"An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24698","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10222","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.10267","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-24698"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24698","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24698"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/196074?format=json","purl":"pkg:deb/debian/pdns@4.4.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3sq8-16v4-yydc"},{"vulnerability":"VCID-bsvk-tw8r-9qe5"},{"vulnerability":"VCID-e1js-9ute-3kf8"},{"vulnerability":"VCID-e5n6-qn1d-nkg7"},{"vulnerability":"VCID-gq3g-suwj-qfc4"},{"vulnerability":"VCID-hvtq-ncfb-p3ck"},{"vulnerability":"VCID-m5vb-nhcv-wka3"},{"vulnerability":"VCID-meum-uqx6-e3bs"},{"vulnerability":"VCID-rs9f-44nz-z3fc"},{"vulnerability":"VCID-u1rs-bywf-zbaf"},{"vulnerability":"VCID-yjx9-kpdu-cfb7"},{"vulnerability":"VCID-zqkm-3evt-pycj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@4.4.1-1"}],"aliases":["CVE-2020-24698"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-venu-tvd9-dqgx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97695?format=json","vulnerability_id":"VCID-xt9k-5zk6-j3cg","summary":"pdns specific as packaged in Debian in version before 3.3.1-1 creates a too privileged MySQL user. It was discovered that the maintainer scripts of pdns-backend-mysql grant too wide database permissions for the pdns user. Other backends are not affected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7210","reference_id":"","reference_type":"","scores":[{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57753","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0035","scoring_system":"epss","scoring_elements":"0.57805","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-7210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7210"},{"reference_url":"https://salsa.debian.org/debian/pdns/-/commit/f0de6b3583039bb63344fbd5eb246939264d7b05","reference_id":"f0de6b3583039bb63344fbd5eb246939264d7b05","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-27T18:43:03Z/"}],"url":"https://salsa.debian.org/debian/pdns/-/commit/f0de6b3583039bb63344fbd5eb246939264d7b05"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2016/05/msg00046.html","reference_id":"msg00046.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-27T18:43:03Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2016/05/msg00046.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4910?format=json","purl":"pkg:deb/debian/pdns@3.3.1-3~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.3.1-3~bpo70%252B1"}],"aliases":["CVE-2014-7210"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xt9k-5zk6-j3cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97696?format=json","vulnerability_id":"VCID-yrea-z75q-a3cy","summary":"The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1868","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66601","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66642","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4913?format=json","purl":"pkg:deb/debian/pdns@3.4.4-2~bpo7%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@3.4.4-2~bpo7%252B1"}],"aliases":["CVE-2015-1868"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrea-z75q-a3cy"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97691?format=json","vulnerability_id":"VCID-f3qq-z3eb-nfaw","summary":"PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, which might make it easier for remote attackers to poison DNS caches of other products running on other servers, a different issue than CVE-2008-1447 and CVE-2008-3217.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3337.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-3337.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3337","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05843","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05865","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-3337"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3337","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3337"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=458122","reference_id":"458122","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=458122"},{"reference_url":"https://security.gentoo.org/glsa/200812-19","reference_id":"GLSA-200812-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4907?format=json","purl":"pkg:deb/debian/pdns@2.9.21.2-1%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dbhs-hkzz-6yb4"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-xt9k-5zk6-j3cg"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@2.9.21.2-1%252Blenny1"}],"aliases":["CVE-2008-3337"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3qq-z3eb-nfaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97692?format=json","vulnerability_id":"VCID-sbcz-g3gg-ybfh","summary":"PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of service (daemon crash) via a CH HINFO query.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5277.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-5277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5277","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.0905","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.09091","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-5277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5277"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=475440","reference_id":"475440","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=475440"},{"reference_url":"https://security.gentoo.org/glsa/200812-19","reference_id":"GLSA-200812-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200812-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4907?format=json","purl":"pkg:deb/debian/pdns@2.9.21.2-1%2Blenny1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-4sbu-xd68-1kg1"},{"vulnerability":"VCID-5jbx-s8nk-jyg3"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-b8rd-9xpk-7qck"},{"vulnerability":"VCID-bj29-y5j2-7fb5"},{"vulnerability":"VCID-dbhs-hkzz-6yb4"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-f6qa-1zj7-eudw"},{"vulnerability":"VCID-gbfa-2n6q-cbfz"},{"vulnerability":"VCID-gfwm-fnp9-d7e1"},{"vulnerability":"VCID-hp38-vkna-xbbf"},{"vulnerability":"VCID-hxzt-1jtf-huft"},{"vulnerability":"VCID-j7zf-tztb-3qdr"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-n5n2-xvth-uqd5"},{"vulnerability":"VCID-n8kr-mt65-13gj"},{"vulnerability":"VCID-ph4w-9w5r-hqdk"},{"vulnerability":"VCID-pn7j-7cbx-wbhj"},{"vulnerability":"VCID-qg7g-sudd-hue1"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-v1f6-qdrh-4fcz"},{"vulnerability":"VCID-venu-tvd9-dqgx"},{"vulnerability":"VCID-xt9k-5zk6-j3cg"},{"vulnerability":"VCID-yrea-z75q-a3cy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@2.9.21.2-1%252Blenny1"}],"aliases":["CVE-2008-5277"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sbcz-g3gg-ybfh"}],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns@2.9.21.2-1%252Blenny1"}