{"url":"http://public2.vulnerablecode.io/api/packages/5932?format=json","purl":"pkg:deb/debian/pdns-recursor@3.3-3%2Bdeb7u1","type":"deb","namespace":"debian","name":"pdns-recursor","version":"3.3-3+deb7u1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.2.9-0+deb13u1","latest_non_vulnerable_version":"5.2.9-0+deb13u1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97705?format=json","vulnerability_id":"VCID-1aex-5g1j-6ycu","summary":"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated attacker to cause an abnormal CPU usage load on the PowerDNS server by sending crafted DNS queries, which might result in a partial denial of service if the system becomes overloaded. This issue is based on the fact that the PowerDNS server parses all records present in a query regardless of whether they are needed or even legitimate. A specially crafted query containing a large number of records can be used to take advantage of that behaviour.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7068","reference_id":"","reference_type":"","scores":[{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24697","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24794","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00085","scoring_system":"epss","scoring_elements":"0.24783","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/ASA-201701-30","reference_id":"ASA-201701-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-30"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"},{"reference_url":"https://security.archlinux.org/AVG-148","reference_id":"AVG-148","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5936?format=json","purl":"pkg:deb/debian/pdns-recursor@3.6.2-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-57pa-xjqe-rqhp"},{"vulnerability":"VCID-6g9m-xqf1-nua1"},{"vulnerability":"VCID-8c6p-nczh-83ce"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-dmr2-qydm-d3dt"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-q6eg-qzcn-fqbp"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-wxe6-kebx-6qbc"},{"vulnerability":"VCID-xhkf-q952-qfc2"},{"vulnerability":"VCID-y5t7-ne53-ufar"},{"vulnerability":"VCID-yrea-z75q-a3cy"},{"vulnerability":"VCID-z8ps-5hq7-5uey"},{"vulnerability":"VCID-zafe-qcj3-pygt"},{"vulnerability":"VCID-zbr8-wzq5-6bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5938?format=json","purl":"pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-57pa-xjqe-rqhp"},{"vulnerability":"VCID-6g9m-xqf1-nua1"},{"vulnerability":"VCID-8c6p-nczh-83ce"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-dmr2-qydm-d3dt"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-q6eg-qzcn-fqbp"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-wxe6-kebx-6qbc"},{"vulnerability":"VCID-xhkf-q952-qfc2"},{"vulnerability":"VCID-y5t7-ne53-ufar"},{"vulnerability":"VCID-z8ps-5hq7-5uey"},{"vulnerability":"VCID-zafe-qcj3-pygt"},{"vulnerability":"VCID-zbr8-wzq5-6bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1"}],"aliases":["CVE-2016-7068"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1aex-5g1j-6ycu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5822?format=json","vulnerability_id":"VCID-3zj4-68f8-w3he","summary":"denial of service","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25829","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.4822","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48283","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48287","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25829"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159","reference_id":"972159","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972159"},{"reference_url":"https://security.archlinux.org/ASA-202010-6","reference_id":"ASA-202010-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202010-6"},{"reference_url":"https://security.archlinux.org/AVG-1243","reference_id":"AVG-1243","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1243"},{"reference_url":"https://security.gentoo.org/glsa/202012-19","reference_id":"GLSA-202012-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-19"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5940?format=json","purl":"pkg:deb/debian/pdns-recursor@4.4.2-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3wzr-2eer-77hf"},{"vulnerability":"VCID-55ew-qe9a-5uen"},{"vulnerability":"VCID-5w5a-jcrh-nyb1"},{"vulnerability":"VCID-6b9g-rn64-8qdm"},{"vulnerability":"VCID-baea-ybbp-fbc3"},{"vulnerability":"VCID-bkjx-b5yp-afg9"},{"vulnerability":"VCID-d5mw-hsbt-u7bj"},{"vulnerability":"VCID-dmn7-brss-q3ck"},{"vulnerability":"VCID-e1js-9ute-3kf8"},{"vulnerability":"VCID-e5n6-qn1d-nkg7"},{"vulnerability":"VCID-jqh9-kg7m-d3dn"},{"vulnerability":"VCID-jt65-9bh8-9bgc"},{"vulnerability":"VCID-me6t-p2ef-43ch"},{"vulnerability":"VCID-rryv-rqx6-53fn"},{"vulnerability":"VCID-rs9f-44nz-z3fc"},{"vulnerability":"VCID-ur4y-xu6a-3qck"},{"vulnerability":"VCID-uzyx-z58g-jkft"},{"vulnerability":"VCID-ww6x-997u-6fhs"},{"vulnerability":"VCID-xas6-wfzz-hbbz"},{"vulnerability":"VCID-xzkz-rsgv-wuaa"},{"vulnerability":"VCID-y53p-jj1w-xqet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3"}],"aliases":["CVE-2020-25829"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3zj4-68f8-w3he"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97748?format=json","vulnerability_id":"VCID-57pa-xjqe-rqhp","summary":"Improper input validation bugs in DNSSEC validators components in PowerDNS version 4.1.0 allow attacker in man-in-the-middle position to deny existence of some data in DNS via packet replay.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000003","reference_id":"","reference_type":"","scores":[{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01873","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01886","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00012","scoring_system":"epss","scoring_elements":"0.01891","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000003"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000003"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2018-1000003"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57pa-xjqe-rqhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97742?format=json","vulnerability_id":"VCID-6g9m-xqf1-nua1","summary":"An issue has been found in the DNSSEC validation component of PowerDNS Recursor from 4.0.0 and up to and including 4.0.6, where the signatures might have been accepted as valid even if the signed data was not in bailiwick of the DNSKEY used to sign it. This allows an attacker in position of man-in-the-middle to alter the content of records by issuing a valid signature for the crafted records.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15090","reference_id":"","reference_type":"","scores":[{"value":"1e-05","scoring_system":"epss","scoring_elements":"0.0002","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15090"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15090"},{"reference_url":"https://security.archlinux.org/ASA-201711-31","reference_id":"ASA-201711-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-31"},{"reference_url":"https://security.archlinux.org/AVG-520","reference_id":"AVG-520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2017-15090"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6g9m-xqf1-nua1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97743?format=json","vulnerability_id":"VCID-8c6p-nczh-83ce","summary":"A cross-site scripting issue has been found in the web interface of PowerDNS Recursor from 4.0.0 up to and including 4.0.6, where the qname of DNS queries was displayed without any escaping, allowing a remote attacker to inject HTML and Javascript code into the web interface, altering the content.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15092","reference_id":"","reference_type":"","scores":[{"value":"2e-05","scoring_system":"epss","scoring_elements":"0.00026","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15092"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15092"},{"reference_url":"https://security.archlinux.org/ASA-201711-31","reference_id":"ASA-201711-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-31"},{"reference_url":"https://security.archlinux.org/AVG-520","reference_id":"AVG-520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2017-15092"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8c6p-nczh-83ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97754?format=json","vulnerability_id":"VCID-8tet-nec6-zkfw","summary":"PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10995","reference_id":"","reference_type":"","scores":[{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31395","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31464","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00126","scoring_system":"epss","scoring_elements":"0.31429","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244"},{"reference_url":"https://security.archlinux.org/ASA-202005-10","reference_id":"ASA-202005-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-10"},{"reference_url":"https://security.archlinux.org/AVG-1163","reference_id":"AVG-1163","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1163"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5940?format=json","purl":"pkg:deb/debian/pdns-recursor@4.4.2-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3wzr-2eer-77hf"},{"vulnerability":"VCID-55ew-qe9a-5uen"},{"vulnerability":"VCID-5w5a-jcrh-nyb1"},{"vulnerability":"VCID-6b9g-rn64-8qdm"},{"vulnerability":"VCID-baea-ybbp-fbc3"},{"vulnerability":"VCID-bkjx-b5yp-afg9"},{"vulnerability":"VCID-d5mw-hsbt-u7bj"},{"vulnerability":"VCID-dmn7-brss-q3ck"},{"vulnerability":"VCID-e1js-9ute-3kf8"},{"vulnerability":"VCID-e5n6-qn1d-nkg7"},{"vulnerability":"VCID-jqh9-kg7m-d3dn"},{"vulnerability":"VCID-jt65-9bh8-9bgc"},{"vulnerability":"VCID-me6t-p2ef-43ch"},{"vulnerability":"VCID-rryv-rqx6-53fn"},{"vulnerability":"VCID-rs9f-44nz-z3fc"},{"vulnerability":"VCID-ur4y-xu6a-3qck"},{"vulnerability":"VCID-uzyx-z58g-jkft"},{"vulnerability":"VCID-ww6x-997u-6fhs"},{"vulnerability":"VCID-xas6-wfzz-hbbz"},{"vulnerability":"VCID-xzkz-rsgv-wuaa"},{"vulnerability":"VCID-y53p-jj1w-xqet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3"}],"aliases":["CVE-2020-10995"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8tet-nec6-zkfw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97709?format=json","vulnerability_id":"VCID-b7yf-chf7-23bn","summary":"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check that the TSIG record is the last one, leading to the possibility of parsing records that are not covered by the TSIG signature.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7074","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00175","published_at":"2026-06-05T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00176","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/ASA-201701-30","reference_id":"ASA-201701-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-30"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"},{"reference_url":"https://security.archlinux.org/AVG-148","reference_id":"AVG-148","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5938?format=json","purl":"pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-57pa-xjqe-rqhp"},{"vulnerability":"VCID-6g9m-xqf1-nua1"},{"vulnerability":"VCID-8c6p-nczh-83ce"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-dmr2-qydm-d3dt"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-q6eg-qzcn-fqbp"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-wxe6-kebx-6qbc"},{"vulnerability":"VCID-xhkf-q952-qfc2"},{"vulnerability":"VCID-y5t7-ne53-ufar"},{"vulnerability":"VCID-z8ps-5hq7-5uey"},{"vulnerability":"VCID-zafe-qcj3-pygt"},{"vulnerability":"VCID-zbr8-wzq5-6bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1"}],"aliases":["CVE-2016-7074"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7yf-chf7-23bn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97757?format=json","vulnerability_id":"VCID-bx81-efgj-mkd9","summary":"In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14196","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.073","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07334","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.0734","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14196"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103","reference_id":"964103","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964103"},{"reference_url":"https://security.archlinux.org/AVG-1199","reference_id":"AVG-1199","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1199"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5940?format=json","purl":"pkg:deb/debian/pdns-recursor@4.4.2-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3wzr-2eer-77hf"},{"vulnerability":"VCID-55ew-qe9a-5uen"},{"vulnerability":"VCID-5w5a-jcrh-nyb1"},{"vulnerability":"VCID-6b9g-rn64-8qdm"},{"vulnerability":"VCID-baea-ybbp-fbc3"},{"vulnerability":"VCID-bkjx-b5yp-afg9"},{"vulnerability":"VCID-d5mw-hsbt-u7bj"},{"vulnerability":"VCID-dmn7-brss-q3ck"},{"vulnerability":"VCID-e1js-9ute-3kf8"},{"vulnerability":"VCID-e5n6-qn1d-nkg7"},{"vulnerability":"VCID-jqh9-kg7m-d3dn"},{"vulnerability":"VCID-jt65-9bh8-9bgc"},{"vulnerability":"VCID-me6t-p2ef-43ch"},{"vulnerability":"VCID-rryv-rqx6-53fn"},{"vulnerability":"VCID-rs9f-44nz-z3fc"},{"vulnerability":"VCID-ur4y-xu6a-3qck"},{"vulnerability":"VCID-uzyx-z58g-jkft"},{"vulnerability":"VCID-ww6x-997u-6fhs"},{"vulnerability":"VCID-xas6-wfzz-hbbz"},{"vulnerability":"VCID-xzkz-rsgv-wuaa"},{"vulnerability":"VCID-y53p-jj1w-xqet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3"}],"aliases":["CVE-2020-14196"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bx81-efgj-mkd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97746?format=json","vulnerability_id":"VCID-dmr2-qydm-d3dt","summary":"An issue has been found in the DNSSEC parsing code of PowerDNS Recursor from 4.0.0 up to and including 4.0.6 leading to a memory leak when parsing specially crafted DNSSEC ECDSA keys. These keys are only parsed when validation is enabled by setting dnssec to a value other than off or process-no-validate (default).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15094","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00199","published_at":"2026-06-04T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00198","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15094"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15094"},{"reference_url":"https://security.archlinux.org/ASA-201711-31","reference_id":"ASA-201711-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-31"},{"reference_url":"https://security.archlinux.org/AVG-520","reference_id":"AVG-520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2017-15094"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmr2-qydm-d3dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97712?format=json","vulnerability_id":"VCID-dmsw-hy5g-pug3","summary":"PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14626","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12937","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13018","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13021","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14626"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14626"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162","reference_id":"913162","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163","reference_id":"913163","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163"},{"reference_url":"https://security.archlinux.org/ASA-201811-12","reference_id":"ASA-201811-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-12"},{"reference_url":"https://security.archlinux.org/ASA-201811-13","reference_id":"ASA-201811-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-13"},{"reference_url":"https://security.archlinux.org/AVG-804","reference_id":"AVG-804","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-804"},{"reference_url":"https://security.archlinux.org/AVG-805","reference_id":"AVG-805","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-805"},{"reference_url":"https://usn.ubuntu.com/7203-1/","reference_id":"USN-7203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7203-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2018-14626"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmsw-hy5g-pug3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97738?format=json","vulnerability_id":"VCID-j6qh-v6js-qubg","summary":"Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) 3.6.x before 3.6.1 allows remote attackers to cause a denial of service (crash) via an unknown sequence of malformed packets.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3614","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00926","published_at":"2026-06-04T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00938","published_at":"2026-06-05T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00937","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3614"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5933?format=json","purl":"pkg:deb/debian/pdns-recursor@3.6.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-57pa-xjqe-rqhp"},{"vulnerability":"VCID-6g9m-xqf1-nua1"},{"vulnerability":"VCID-8c6p-nczh-83ce"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-dmr2-qydm-d3dt"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-q6eg-qzcn-fqbp"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-wxe6-kebx-6qbc"},{"vulnerability":"VCID-xhkf-q952-qfc2"},{"vulnerability":"VCID-y5t7-ne53-ufar"},{"vulnerability":"VCID-yrea-z75q-a3cy"},{"vulnerability":"VCID-z8ps-5hq7-5uey"},{"vulnerability":"VCID-zafe-qcj3-pygt"},{"vulnerability":"VCID-zbr8-wzq5-6bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2"}],"aliases":["CVE-2014-3614"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j6qh-v6js-qubg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97708?format=json","vulnerability_id":"VCID-jvrb-gawg-ufg7","summary":"An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS recursor before 4.0.4, allowing an attacker in position of man-in-the-middle to alter the content of an AXFR because of insufficient validation of TSIG signatures. A missing check of the TSIG time and fudge values was found in AXFRRetriever, leading to a possible replay attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7073","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00474","published_at":"2026-06-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00476","published_at":"2026-06-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00478","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7072"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7073"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7074"},{"reference_url":"https://security.archlinux.org/ASA-201701-29","reference_id":"ASA-201701-29","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-29"},{"reference_url":"https://security.archlinux.org/ASA-201701-30","reference_id":"ASA-201701-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-30"},{"reference_url":"https://security.archlinux.org/AVG-147","reference_id":"AVG-147","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-147"},{"reference_url":"https://security.archlinux.org/AVG-148","reference_id":"AVG-148","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-148"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5938?format=json","purl":"pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-57pa-xjqe-rqhp"},{"vulnerability":"VCID-6g9m-xqf1-nua1"},{"vulnerability":"VCID-8c6p-nczh-83ce"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-dmr2-qydm-d3dt"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-q6eg-qzcn-fqbp"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-wxe6-kebx-6qbc"},{"vulnerability":"VCID-xhkf-q952-qfc2"},{"vulnerability":"VCID-y5t7-ne53-ufar"},{"vulnerability":"VCID-z8ps-5hq7-5uey"},{"vulnerability":"VCID-zafe-qcj3-pygt"},{"vulnerability":"VCID-zbr8-wzq5-6bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1"}],"aliases":["CVE-2016-7073"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvrb-gawg-ufg7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97756?format=json","vulnerability_id":"VCID-ped2-apf8-8ygw","summary":"An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12244","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1935","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19425","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19418","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12244"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10995"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12244"},{"reference_url":"https://security.archlinux.org/ASA-202005-10","reference_id":"ASA-202005-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-10"},{"reference_url":"https://security.archlinux.org/AVG-1163","reference_id":"AVG-1163","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1163"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5940?format=json","purl":"pkg:deb/debian/pdns-recursor@4.4.2-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3wzr-2eer-77hf"},{"vulnerability":"VCID-55ew-qe9a-5uen"},{"vulnerability":"VCID-5w5a-jcrh-nyb1"},{"vulnerability":"VCID-6b9g-rn64-8qdm"},{"vulnerability":"VCID-baea-ybbp-fbc3"},{"vulnerability":"VCID-bkjx-b5yp-afg9"},{"vulnerability":"VCID-d5mw-hsbt-u7bj"},{"vulnerability":"VCID-dmn7-brss-q3ck"},{"vulnerability":"VCID-e1js-9ute-3kf8"},{"vulnerability":"VCID-e5n6-qn1d-nkg7"},{"vulnerability":"VCID-jqh9-kg7m-d3dn"},{"vulnerability":"VCID-jt65-9bh8-9bgc"},{"vulnerability":"VCID-me6t-p2ef-43ch"},{"vulnerability":"VCID-rryv-rqx6-53fn"},{"vulnerability":"VCID-rs9f-44nz-z3fc"},{"vulnerability":"VCID-ur4y-xu6a-3qck"},{"vulnerability":"VCID-uzyx-z58g-jkft"},{"vulnerability":"VCID-ww6x-997u-6fhs"},{"vulnerability":"VCID-xas6-wfzz-hbbz"},{"vulnerability":"VCID-xzkz-rsgv-wuaa"},{"vulnerability":"VCID-y53p-jj1w-xqet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3"}],"aliases":["CVE-2020-12244"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ped2-apf8-8ygw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97750?format=json","vulnerability_id":"VCID-q6eg-qzcn-fqbp","summary":"An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16855","reference_id":"","reference_type":"","scores":[{"value":"0.70787","scoring_system":"epss","scoring_elements":"0.98718","published_at":"2026-06-05T12:55:00Z"},{"value":"0.70787","scoring_system":"epss","scoring_elements":"0.98719","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855"},{"reference_url":"https://security.archlinux.org/ASA-201811-21","reference_id":"ASA-201811-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-21"},{"reference_url":"https://security.archlinux.org/AVG-821","reference_id":"AVG-821","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-821"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2018-16855"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q6eg-qzcn-fqbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97711?format=json","vulnerability_id":"VCID-rpze-v2md-4uca","summary":"PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10851","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28665","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28737","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28697","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10851"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162","reference_id":"913162","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163","reference_id":"913163","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163"},{"reference_url":"https://security.archlinux.org/ASA-201811-12","reference_id":"ASA-201811-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-12"},{"reference_url":"https://security.archlinux.org/ASA-201811-13","reference_id":"ASA-201811-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-13"},{"reference_url":"https://security.archlinux.org/AVG-804","reference_id":"AVG-804","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-804"},{"reference_url":"https://security.archlinux.org/AVG-805","reference_id":"AVG-805","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-805"},{"reference_url":"https://usn.ubuntu.com/7203-1/","reference_id":"USN-7203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7203-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2018-10851"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rpze-v2md-4uca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97739?format=json","vulnerability_id":"VCID-thqn-jsc5-ryc6","summary":"PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service (\"performance degradations\") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8601","reference_id":"","reference_type":"","scores":[{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73684","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73722","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73725","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601"},{"reference_url":"https://security.gentoo.org/glsa/201412-33","reference_id":"GLSA-201412-33","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5933?format=json","purl":"pkg:deb/debian/pdns-recursor@3.6.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-57pa-xjqe-rqhp"},{"vulnerability":"VCID-6g9m-xqf1-nua1"},{"vulnerability":"VCID-8c6p-nczh-83ce"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-dmr2-qydm-d3dt"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-q6eg-qzcn-fqbp"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-wxe6-kebx-6qbc"},{"vulnerability":"VCID-xhkf-q952-qfc2"},{"vulnerability":"VCID-y5t7-ne53-ufar"},{"vulnerability":"VCID-yrea-z75q-a3cy"},{"vulnerability":"VCID-z8ps-5hq7-5uey"},{"vulnerability":"VCID-zafe-qcj3-pygt"},{"vulnerability":"VCID-zbr8-wzq5-6bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2"}],"aliases":["CVE-2014-8601"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-thqn-jsc5-ryc6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97699?format=json","vulnerability_id":"VCID-tmg6-gqrq-2uc9","summary":"The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5470","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00478","published_at":"2026-06-04T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00481","published_at":"2026-06-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00482","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-5470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5470"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5936?format=json","purl":"pkg:deb/debian/pdns-recursor@3.6.2-2%2Bdeb8u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-57pa-xjqe-rqhp"},{"vulnerability":"VCID-6g9m-xqf1-nua1"},{"vulnerability":"VCID-8c6p-nczh-83ce"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-dmr2-qydm-d3dt"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-q6eg-qzcn-fqbp"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-wxe6-kebx-6qbc"},{"vulnerability":"VCID-xhkf-q952-qfc2"},{"vulnerability":"VCID-y5t7-ne53-ufar"},{"vulnerability":"VCID-yrea-z75q-a3cy"},{"vulnerability":"VCID-z8ps-5hq7-5uey"},{"vulnerability":"VCID-zafe-qcj3-pygt"},{"vulnerability":"VCID-zbr8-wzq5-6bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2%252Bdeb8u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5938?format=json","purl":"pkg:deb/debian/pdns-recursor@4.0.4-1%2Bdeb9u3~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-57pa-xjqe-rqhp"},{"vulnerability":"VCID-6g9m-xqf1-nua1"},{"vulnerability":"VCID-8c6p-nczh-83ce"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-dmr2-qydm-d3dt"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-q6eg-qzcn-fqbp"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-wxe6-kebx-6qbc"},{"vulnerability":"VCID-xhkf-q952-qfc2"},{"vulnerability":"VCID-y5t7-ne53-ufar"},{"vulnerability":"VCID-z8ps-5hq7-5uey"},{"vulnerability":"VCID-zafe-qcj3-pygt"},{"vulnerability":"VCID-zbr8-wzq5-6bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.0.4-1%252Bdeb9u3~bpo8%252B1"}],"aliases":["CVE-2015-5470"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tmg6-gqrq-2uc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97745?format=json","vulnerability_id":"VCID-wxe6-kebx-6qbc","summary":"When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. It was discovered that the new netmask and IP addresses of forwarded zones were not sufficiently validated, allowing an authenticated user to inject new configuration directives into the Recursor's configuration.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15093","reference_id":"","reference_type":"","scores":[{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00165","published_at":"2026-06-04T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00166","published_at":"2026-06-05T12:55:00Z"},{"value":"4e-05","scoring_system":"epss","scoring_elements":"0.00167","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15093"},{"reference_url":"https://security.archlinux.org/ASA-201711-31","reference_id":"ASA-201711-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-31"},{"reference_url":"https://security.archlinux.org/AVG-520","reference_id":"AVG-520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-520"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2017-15093"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wxe6-kebx-6qbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97747?format=json","vulnerability_id":"VCID-xhkf-q952-qfc2","summary":"An issue has been found in the parsing of authoritative answers in PowerDNS Recursor before 4.0.8, leading to a NULL pointer dereference when parsing a specially crafted answer containing a CNAME of a different class than IN. An unauthenticated remote attacker could cause a denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15120","reference_id":"","reference_type":"","scores":[{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56356","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56412","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00332","scoring_system":"epss","scoring_elements":"0.56418","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15120"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2017-15120"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhkf-q952-qfc2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97749?format=json","vulnerability_id":"VCID-y5t7-ne53-ufar","summary":"An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14644","reference_id":"","reference_type":"","scores":[{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05645","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05666","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0002","scoring_system":"epss","scoring_elements":"0.05647","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14644"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14644"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162","reference_id":"913162","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162"},{"reference_url":"https://security.archlinux.org/ASA-201811-13","reference_id":"ASA-201811-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201811-13"},{"reference_url":"https://security.archlinux.org/AVG-805","reference_id":"AVG-805","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-805"},{"reference_url":"https://usn.ubuntu.com/7203-1/","reference_id":"USN-7203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7203-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2018-14644"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y5t7-ne53-ufar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97696?format=json","vulnerability_id":"VCID-yrea-z75q-a3cy","summary":"The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1868","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66601","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66642","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66649","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1868"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5937?format=json","purl":"pkg:deb/debian/pdns-recursor@3.7.3-1~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-57pa-xjqe-rqhp"},{"vulnerability":"VCID-6g9m-xqf1-nua1"},{"vulnerability":"VCID-8c6p-nczh-83ce"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-dmr2-qydm-d3dt"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-q6eg-qzcn-fqbp"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-wxe6-kebx-6qbc"},{"vulnerability":"VCID-xhkf-q952-qfc2"},{"vulnerability":"VCID-y5t7-ne53-ufar"},{"vulnerability":"VCID-z8ps-5hq7-5uey"},{"vulnerability":"VCID-zafe-qcj3-pygt"},{"vulnerability":"VCID-zbr8-wzq5-6bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.7.3-1~bpo8%252B1"}],"aliases":["CVE-2015-1868"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrea-z75q-a3cy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97752?format=json","vulnerability_id":"VCID-z8ps-5hq7-5uey","summary":"An issue has been found in PowerDNS Recursor versions 4.1.x before 4.1.9 where records in the answer section of responses received from authoritative servers with the AA flag not set were not properly validated, allowing an attacker to bypass DNSSEC validation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3807","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00991","published_at":"2026-06-04T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.01002","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3807"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3807"},{"reference_url":"https://security.archlinux.org/ASA-201901-13","reference_id":"ASA-201901-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-13"},{"reference_url":"https://security.archlinux.org/AVG-856","reference_id":"AVG-856","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2019-3807"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8ps-5hq7-5uey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97753?format=json","vulnerability_id":"VCID-zafe-qcj3-pygt","summary":"An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\\0' termination.) Under some conditions, this issue can lead to the writing of one '\\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10030","reference_id":"","reference_type":"","scores":[{"value":"0.00029","scoring_system":"epss","scoring_elements":"0.08622","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11082","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00036","scoring_system":"epss","scoring_elements":"0.11076","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10030"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10030","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10030"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5940?format=json","purl":"pkg:deb/debian/pdns-recursor@4.4.2-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3wzr-2eer-77hf"},{"vulnerability":"VCID-55ew-qe9a-5uen"},{"vulnerability":"VCID-5w5a-jcrh-nyb1"},{"vulnerability":"VCID-6b9g-rn64-8qdm"},{"vulnerability":"VCID-baea-ybbp-fbc3"},{"vulnerability":"VCID-bkjx-b5yp-afg9"},{"vulnerability":"VCID-d5mw-hsbt-u7bj"},{"vulnerability":"VCID-dmn7-brss-q3ck"},{"vulnerability":"VCID-e1js-9ute-3kf8"},{"vulnerability":"VCID-e5n6-qn1d-nkg7"},{"vulnerability":"VCID-jqh9-kg7m-d3dn"},{"vulnerability":"VCID-jt65-9bh8-9bgc"},{"vulnerability":"VCID-me6t-p2ef-43ch"},{"vulnerability":"VCID-rryv-rqx6-53fn"},{"vulnerability":"VCID-rs9f-44nz-z3fc"},{"vulnerability":"VCID-ur4y-xu6a-3qck"},{"vulnerability":"VCID-uzyx-z58g-jkft"},{"vulnerability":"VCID-ww6x-997u-6fhs"},{"vulnerability":"VCID-xas6-wfzz-hbbz"},{"vulnerability":"VCID-xzkz-rsgv-wuaa"},{"vulnerability":"VCID-y53p-jj1w-xqet"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.4.2-3"}],"aliases":["CVE-2020-10030"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zafe-qcj3-pygt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97751?format=json","vulnerability_id":"VCID-zbr8-wzq5-6bg8","summary":"An issue has been found in PowerDNS Recursor versions after 4.1.3 before 4.1.9 where Lua hooks are not properly applied to queries received over TCP in some specific combination of settings, possibly bypassing security policies enforced using Lua.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3806","reference_id":"","reference_type":"","scores":[{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18088","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18167","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18169","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3806"},{"reference_url":"https://security.archlinux.org/ASA-201901-13","reference_id":"ASA-201901-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201901-13"},{"reference_url":"https://security.archlinux.org/AVG-856","reference_id":"AVG-856","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-856"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5939?format=json","purl":"pkg:deb/debian/pdns-recursor@4.1.11-1%2Bdeb10u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-zafe-qcj3-pygt"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@4.1.11-1%252Bdeb10u1"}],"aliases":["CVE-2019-3806"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zbr8-wzq5-6bg8"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/97739?format=json","vulnerability_id":"VCID-thqn-jsc5-ryc6","summary":"PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service (\"performance degradations\") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8601","reference_id":"","reference_type":"","scores":[{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73684","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73722","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00759","scoring_system":"epss","scoring_elements":"0.73725","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8601"},{"reference_url":"https://security.gentoo.org/glsa/201412-33","reference_id":"GLSA-201412-33","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-33"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5932?format=json","purl":"pkg:deb/debian/pdns-recursor@3.3-3%2Bdeb7u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-57pa-xjqe-rqhp"},{"vulnerability":"VCID-6g9m-xqf1-nua1"},{"vulnerability":"VCID-8c6p-nczh-83ce"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-dmr2-qydm-d3dt"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-j6qh-v6js-qubg"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-q6eg-qzcn-fqbp"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-thqn-jsc5-ryc6"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-wxe6-kebx-6qbc"},{"vulnerability":"VCID-xhkf-q952-qfc2"},{"vulnerability":"VCID-y5t7-ne53-ufar"},{"vulnerability":"VCID-yrea-z75q-a3cy"},{"vulnerability":"VCID-z8ps-5hq7-5uey"},{"vulnerability":"VCID-zafe-qcj3-pygt"},{"vulnerability":"VCID-zbr8-wzq5-6bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.3-3%252Bdeb7u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5933?format=json","purl":"pkg:deb/debian/pdns-recursor@3.6.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1aex-5g1j-6ycu"},{"vulnerability":"VCID-3zj4-68f8-w3he"},{"vulnerability":"VCID-57pa-xjqe-rqhp"},{"vulnerability":"VCID-6g9m-xqf1-nua1"},{"vulnerability":"VCID-8c6p-nczh-83ce"},{"vulnerability":"VCID-8tet-nec6-zkfw"},{"vulnerability":"VCID-b7yf-chf7-23bn"},{"vulnerability":"VCID-bx81-efgj-mkd9"},{"vulnerability":"VCID-dmr2-qydm-d3dt"},{"vulnerability":"VCID-dmsw-hy5g-pug3"},{"vulnerability":"VCID-jvrb-gawg-ufg7"},{"vulnerability":"VCID-ped2-apf8-8ygw"},{"vulnerability":"VCID-q6eg-qzcn-fqbp"},{"vulnerability":"VCID-rpze-v2md-4uca"},{"vulnerability":"VCID-tmg6-gqrq-2uc9"},{"vulnerability":"VCID-wxe6-kebx-6qbc"},{"vulnerability":"VCID-xhkf-q952-qfc2"},{"vulnerability":"VCID-y5t7-ne53-ufar"},{"vulnerability":"VCID-yrea-z75q-a3cy"},{"vulnerability":"VCID-z8ps-5hq7-5uey"},{"vulnerability":"VCID-zafe-qcj3-pygt"},{"vulnerability":"VCID-zbr8-wzq5-6bg8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.6.2-2"}],"aliases":["CVE-2014-8601"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-thqn-jsc5-ryc6"}],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pdns-recursor@3.3-3%252Bdeb7u1"}