Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/dnsdist@2.0.2-1
Typedeb
Namespacedebian
Namednsdist
Version2.0.2-1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-3qce-a24m-yue1
vulnerability_id VCID-3qce-a24m-yue1
summary An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27853
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02331
published_at 2026-05-07T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02365
published_at 2026-05-11T12:55:00Z
2
value 0.00013
scoring_system epss
scoring_elements 0.0237
published_at 2026-05-09T12:55:00Z
3
value 0.00013
scoring_system epss
scoring_elements 0.02326
published_at 2026-05-05T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.03035
published_at 2026-04-26T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.0308
published_at 2026-04-29T12:55:00Z
6
value 0.0002
scoring_system epss
scoring_elements 0.0535
published_at 2026-04-04T12:55:00Z
7
value 0.0002
scoring_system epss
scoring_elements 0.05319
published_at 2026-04-02T12:55:00Z
8
value 0.00024
scoring_system epss
scoring_elements 0.06466
published_at 2026-04-11T12:55:00Z
9
value 0.00024
scoring_system epss
scoring_elements 0.0646
published_at 2026-04-12T12:55:00Z
10
value 0.00024
scoring_system epss
scoring_elements 0.06449
published_at 2026-04-13T12:55:00Z
11
value 0.00024
scoring_system epss
scoring_elements 0.06382
published_at 2026-04-07T12:55:00Z
12
value 0.00024
scoring_system epss
scoring_elements 0.0643
published_at 2026-04-08T12:55:00Z
13
value 0.00024
scoring_system epss
scoring_elements 0.06473
published_at 2026-04-09T12:55:00Z
14
value 0.00025
scoring_system epss
scoring_elements 0.0701
published_at 2026-04-24T12:55:00Z
15
value 0.00025
scoring_system epss
scoring_elements 0.06907
published_at 2026-04-16T12:55:00Z
16
value 0.00025
scoring_system epss
scoring_elements 0.06891
published_at 2026-04-18T12:55:00Z
17
value 0.00025
scoring_system epss
scoring_elements 0.07026
published_at 2026-04-21T12:55:00Z
18
value 9e-05
scoring_system epss
scoring_elements 0.00923
published_at 2026-05-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27853
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27853
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27853
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 5.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:14:03Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
1
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-27853
risk_score 1.5
exploitability 0.5
weighted_severity 3.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3qce-a24m-yue1
1
url VCID-atx2-yc9p-g3c7
vulnerability_id VCID-atx2-yc9p-g3c7
summary An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24030
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01868
published_at 2026-04-04T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01856
published_at 2026-04-02T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.02867
published_at 2026-04-13T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.02893
published_at 2026-04-07T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.02894
published_at 2026-04-08T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.02891
published_at 2026-04-11T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.02919
published_at 2026-04-09T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.02872
published_at 2026-04-12T12:55:00Z
8
value 0.00016
scoring_system epss
scoring_elements 0.03302
published_at 2026-04-16T12:55:00Z
9
value 0.00016
scoring_system epss
scoring_elements 0.03414
published_at 2026-04-24T12:55:00Z
10
value 0.00016
scoring_system epss
scoring_elements 0.03429
published_at 2026-04-21T12:55:00Z
11
value 0.00016
scoring_system epss
scoring_elements 0.03313
published_at 2026-04-18T12:55:00Z
12
value 6e-05
scoring_system epss
scoring_elements 0.00369
published_at 2026-05-12T12:55:00Z
13
value 9e-05
scoring_system epss
scoring_elements 0.00895
published_at 2026-05-09T12:55:00Z
14
value 9e-05
scoring_system epss
scoring_elements 0.00889
published_at 2026-05-11T12:55:00Z
15
value 9e-05
scoring_system epss
scoring_elements 0.00981
published_at 2026-04-26T12:55:00Z
16
value 9e-05
scoring_system epss
scoring_elements 0.00974
published_at 2026-04-29T12:55:00Z
17
value 9e-05
scoring_system epss
scoring_elements 0.00904
published_at 2026-05-05T12:55:00Z
18
value 9e-05
scoring_system epss
scoring_elements 0.00899
published_at 2026-05-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24030
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24030
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24030
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:14:53Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
1
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-24030
risk_score 1.3
exploitability 0.5
weighted_severity 2.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-atx2-yc9p-g3c7
2
url VCID-c7az-aw1f-4yah
vulnerability_id VCID-c7az-aw1f-4yah
summary When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24029
reference_id
reference_type
scores
0
value 2e-05
scoring_system epss
scoring_elements 0.00054
published_at 2026-05-05T12:55:00Z
1
value 2e-05
scoring_system epss
scoring_elements 0.00053
published_at 2026-05-11T12:55:00Z
2
value 2e-05
scoring_system epss
scoring_elements 0.00035
published_at 2026-05-12T12:55:00Z
3
value 2e-05
scoring_system epss
scoring_elements 0.0006
published_at 2026-04-26T12:55:00Z
4
value 2e-05
scoring_system epss
scoring_elements 0.00058
published_at 2026-04-29T12:55:00Z
5
value 3e-05
scoring_system epss
scoring_elements 0.00103
published_at 2026-04-18T12:55:00Z
6
value 3e-05
scoring_system epss
scoring_elements 0.00105
published_at 2026-04-24T12:55:00Z
7
value 3e-05
scoring_system epss
scoring_elements 0.00091
published_at 2026-04-13T12:55:00Z
8
value 3e-05
scoring_system epss
scoring_elements 0.00061
published_at 2026-04-02T12:55:00Z
9
value 3e-05
scoring_system epss
scoring_elements 0.0006
published_at 2026-04-04T12:55:00Z
10
value 3e-05
scoring_system epss
scoring_elements 0.0009
published_at 2026-04-09T12:55:00Z
11
value 3e-05
scoring_system epss
scoring_elements 0.00089
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24029
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24029
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24029
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:15:34Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
1
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-24029
risk_score 1.6
exploitability 0.5
weighted_severity 3.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c7az-aw1f-4yah
3
url VCID-gx8g-nvhj-1kak
vulnerability_id VCID-gx8g-nvhj-1kak
summary When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of the Cross-Origin Resource Sharing (CORS) policy.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0397
reference_id
reference_type
scores
0
value 0.0001
scoring_system epss
scoring_elements 0.01085
published_at 2026-04-04T12:55:00Z
1
value 0.0001
scoring_system epss
scoring_elements 0.01083
published_at 2026-04-02T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01499
published_at 2026-04-21T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.01266
published_at 2026-04-07T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01272
published_at 2026-04-08T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01276
published_at 2026-04-09T12:55:00Z
6
value 0.00011
scoring_system epss
scoring_elements 0.01258
published_at 2026-04-11T12:55:00Z
7
value 0.00011
scoring_system epss
scoring_elements 0.01252
published_at 2026-04-12T12:55:00Z
8
value 0.00011
scoring_system epss
scoring_elements 0.01254
published_at 2026-04-13T12:55:00Z
9
value 0.00011
scoring_system epss
scoring_elements 0.01412
published_at 2026-04-18T12:55:00Z
10
value 0.00011
scoring_system epss
scoring_elements 0.01398
published_at 2026-04-16T12:55:00Z
11
value 0.00011
scoring_system epss
scoring_elements 0.01506
published_at 2026-04-24T12:55:00Z
12
value 4e-05
scoring_system epss
scoring_elements 0.00184
published_at 2026-05-12T12:55:00Z
13
value 6e-05
scoring_system epss
scoring_elements 0.00394
published_at 2026-05-09T12:55:00Z
14
value 6e-05
scoring_system epss
scoring_elements 0.00391
published_at 2026-05-11T12:55:00Z
15
value 6e-05
scoring_system epss
scoring_elements 0.00397
published_at 2026-05-05T12:55:00Z
16
value 6e-05
scoring_system epss
scoring_elements 0.00402
published_at 2026-05-07T12:55:00Z
17
value 7e-05
scoring_system epss
scoring_elements 0.00522
published_at 2026-04-26T12:55:00Z
18
value 7e-05
scoring_system epss
scoring_elements 0.00523
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0397
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0397
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0397
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:19:54Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
1
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-0397
risk_score 0.8
exploitability 0.5
weighted_severity 1.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gx8g-nvhj-1kak
4
url VCID-rf53-w9k3-7ych
vulnerability_id VCID-rf53-w9k3-7ych
summary An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24028
reference_id
reference_type
scores
0
value 0.00012
scoring_system epss
scoring_elements 0.01868
published_at 2026-04-04T12:55:00Z
1
value 0.00012
scoring_system epss
scoring_elements 0.01856
published_at 2026-04-02T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.03035
published_at 2026-04-21T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.02893
published_at 2026-04-07T12:55:00Z
4
value 0.00015
scoring_system epss
scoring_elements 0.02894
published_at 2026-04-08T12:55:00Z
5
value 0.00015
scoring_system epss
scoring_elements 0.02919
published_at 2026-04-09T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.02891
published_at 2026-04-11T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.02872
published_at 2026-04-12T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.02867
published_at 2026-04-13T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.02917
published_at 2026-04-18T12:55:00Z
10
value 0.00015
scoring_system epss
scoring_elements 0.02907
published_at 2026-04-16T12:55:00Z
11
value 0.00015
scoring_system epss
scoring_elements 0.03033
published_at 2026-04-24T12:55:00Z
12
value 6e-05
scoring_system epss
scoring_elements 0.00331
published_at 2026-05-12T12:55:00Z
13
value 8e-05
scoring_system epss
scoring_elements 0.00827
published_at 2026-05-09T12:55:00Z
14
value 8e-05
scoring_system epss
scoring_elements 0.00823
published_at 2026-05-11T12:55:00Z
15
value 8e-05
scoring_system epss
scoring_elements 0.00836
published_at 2026-05-05T12:55:00Z
16
value 8e-05
scoring_system epss
scoring_elements 0.00832
published_at 2026-05-07T12:55:00Z
17
value 9e-05
scoring_system epss
scoring_elements 0.00901
published_at 2026-04-26T12:55:00Z
18
value 9e-05
scoring_system epss
scoring_elements 0.00898
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24028
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24028
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24028
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:18:03Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
1
url pkg:deb/debian/dnsdist@2.0.4-1
purl pkg:deb/debian/dnsdist@2.0.4-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.4-1
aliases CVE-2026-24028
risk_score 1.3
exploitability 0.5
weighted_severity 2.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rf53-w9k3-7ych
5
url VCID-szpa-skfv-bygh
vulnerability_id VCID-szpa-skfv-bygh
summary An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a use-after-free and potentially a crash resulting in denial of service.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27854
reference_id
reference_type
scores
0
value 0.00011
scoring_system epss
scoring_elements 0.01334
published_at 2026-04-12T12:55:00Z
1
value 0.00011
scoring_system epss
scoring_elements 0.01353
published_at 2026-04-08T12:55:00Z
2
value 0.00011
scoring_system epss
scoring_elements 0.01352
published_at 2026-04-09T12:55:00Z
3
value 0.00011
scoring_system epss
scoring_elements 0.0134
published_at 2026-04-11T12:55:00Z
4
value 0.00011
scoring_system epss
scoring_elements 0.01336
published_at 2026-04-13T12:55:00Z
5
value 0.00011
scoring_system epss
scoring_elements 0.01349
published_at 2026-04-07T12:55:00Z
6
value 0.00015
scoring_system epss
scoring_elements 0.03033
published_at 2026-04-24T12:55:00Z
7
value 0.00015
scoring_system epss
scoring_elements 0.03035
published_at 2026-04-21T12:55:00Z
8
value 0.00015
scoring_system epss
scoring_elements 0.02917
published_at 2026-04-18T12:55:00Z
9
value 0.00015
scoring_system epss
scoring_elements 0.02907
published_at 2026-04-16T12:55:00Z
10
value 6e-05
scoring_system epss
scoring_elements 0.00331
published_at 2026-05-12T12:55:00Z
11
value 8e-05
scoring_system epss
scoring_elements 0.00827
published_at 2026-05-09T12:55:00Z
12
value 8e-05
scoring_system epss
scoring_elements 0.00823
published_at 2026-05-11T12:55:00Z
13
value 8e-05
scoring_system epss
scoring_elements 0.00836
published_at 2026-05-05T12:55:00Z
14
value 8e-05
scoring_system epss
scoring_elements 0.00832
published_at 2026-05-07T12:55:00Z
15
value 9e-05
scoring_system epss
scoring_elements 0.00951
published_at 2026-04-04T12:55:00Z
16
value 9e-05
scoring_system epss
scoring_elements 0.0095
published_at 2026-04-02T12:55:00Z
17
value 9e-05
scoring_system epss
scoring_elements 0.00901
published_at 2026-04-26T12:55:00Z
18
value 9e-05
scoring_system epss
scoring_elements 0.00898
published_at 2026-04-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27854
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27854
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27854
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 4.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:12:37Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
aliases CVE-2026-27854
risk_score 1.2
exploitability 0.5
weighted_severity 2.4
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-szpa-skfv-bygh
6
url VCID-x5p9-vthx-tud8
vulnerability_id VCID-x5p9-vthx-tud8
summary An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-0396
reference_id
reference_type
scores
0
value 2e-05
scoring_system epss
scoring_elements 0.00053
published_at 2026-05-12T12:55:00Z
1
value 3e-05
scoring_system epss
scoring_elements 0.00091
published_at 2026-05-09T12:55:00Z
2
value 3e-05
scoring_system epss
scoring_elements 0.00134
published_at 2026-04-02T12:55:00Z
3
value 3e-05
scoring_system epss
scoring_elements 0.00103
published_at 2026-04-26T12:55:00Z
4
value 3e-05
scoring_system epss
scoring_elements 0.00101
published_at 2026-04-29T12:55:00Z
5
value 3e-05
scoring_system epss
scoring_elements 0.00093
published_at 2026-05-07T12:55:00Z
6
value 3e-05
scoring_system epss
scoring_elements 0.00135
published_at 2026-04-04T12:55:00Z
7
value 3e-05
scoring_system epss
scoring_elements 0.0009
published_at 2026-05-11T12:55:00Z
8
value 4e-05
scoring_system epss
scoring_elements 0.00156
published_at 2026-04-18T12:55:00Z
9
value 4e-05
scoring_system epss
scoring_elements 0.00149
published_at 2026-04-13T12:55:00Z
10
value 4e-05
scoring_system epss
scoring_elements 0.00148
published_at 2026-04-09T12:55:00Z
11
value 4e-05
scoring_system epss
scoring_elements 0.0015
published_at 2026-04-11T12:55:00Z
12
value 4e-05
scoring_system epss
scoring_elements 0.00155
published_at 2026-04-16T12:55:00Z
13
value 4e-05
scoring_system epss
scoring_elements 0.00157
published_at 2026-04-21T12:55:00Z
14
value 4e-05
scoring_system epss
scoring_elements 0.0016
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-0396
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0396
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0396
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
reference_id powerdns-advisory-for-dnsdist-2026-02.html
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:21:05Z/
url https://www.dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2026-02.html
fixed_packages
0
url pkg:deb/debian/dnsdist@2.0.3-1
purl pkg:deb/debian/dnsdist@2.0.3-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1mgq-74b9-4bcg
1
vulnerability VCID-744k-b7s7-kbh5
2
vulnerability VCID-7xds-447f-qufr
3
vulnerability VCID-a65j-y7z3-fudk
4
vulnerability VCID-afun-gxhy-rbed
5
vulnerability VCID-chzq-qej6-rkdq
6
vulnerability VCID-fbsf-bbw7-kyah
7
vulnerability VCID-nrex-hpxg-ekhs
8
vulnerability VCID-pfhu-1qdf-p7d5
9
vulnerability VCID-qc7c-1d8j-hfha
10
vulnerability VCID-ytdy-s1ug-dkh7
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.3-1
aliases CVE-2026-0396
risk_score 0.8
exploitability 0.5
weighted_severity 1.6
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x5p9-vthx-tud8
Fixing_vulnerabilities
Risk_score1.6
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsdist@2.0.2-1