{"url":"http://public2.vulnerablecode.io/api/packages/119661?format=json","purl":"pkg:deb/debian/nss-pam-ldapd@0.9.11-1?distro=trixie","type":"deb","namespace":"debian","name":"nss-pam-ldapd","version":"0.9.11-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0.9.12-4","latest_non_vulnerable_version":"0.9.13-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95492?format=json","vulnerability_id":"VCID-5ybx-4587-hff4","summary":"nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found in LDAP, which allows remote attackers to bypass authentication.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0438","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6361","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63652","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63659","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63651","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6364","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0438"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119660?format=json","purl":"pkg:deb/debian/nss-pam-ldapd@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss-pam-ldapd@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119661?format=json","purl":"pkg:deb/debian/nss-pam-ldapd@0.9.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss-pam-ldapd@0.9.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119659?format=json","purl":"pkg:deb/debian/nss-pam-ldapd@0.9.12-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss-pam-ldapd@0.9.12-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119663?format=json","purl":"pkg:deb/debian/nss-pam-ldapd@0.9.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss-pam-ldapd@0.9.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119662?format=json","purl":"pkg:deb/debian/nss-pam-ldapd@0.9.13-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss-pam-ldapd@0.9.13-2%3Fdistro=trixie"}],"aliases":["CVE-2011-0438"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5ybx-4587-hff4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95493?format=json","vulnerability_id":"VCID-nykz-cdwz-ekcz","summary":"nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code by performing a name lookup on an application with a large number of open file descriptors, which triggers a stack-based buffer overflow related to incorrect use of the FD_SET macro.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0288.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0288.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0288","reference_id":"","reference_type":"","scores":[{"value":"0.02899","scoring_system":"epss","scoring_elements":"0.86614","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02899","scoring_system":"epss","scoring_elements":"0.86637","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02899","scoring_system":"epss","scoring_elements":"0.86636","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02899","scoring_system":"epss","scoring_elements":"0.86632","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02899","scoring_system":"epss","scoring_elements":"0.86622","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02899","scoring_system":"epss","scoring_elements":"0.86633","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-0288"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0288","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0288"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319","reference_id":"690319","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690319"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=909119","reference_id":"909119","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=909119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0590","reference_id":"RHSA-2013:0590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0590"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119664?format=json","purl":"pkg:deb/debian/nss-pam-ldapd@0.8.10-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss-pam-ldapd@0.8.10-3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119661?format=json","purl":"pkg:deb/debian/nss-pam-ldapd@0.9.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss-pam-ldapd@0.9.11-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119659?format=json","purl":"pkg:deb/debian/nss-pam-ldapd@0.9.12-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss-pam-ldapd@0.9.12-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119663?format=json","purl":"pkg:deb/debian/nss-pam-ldapd@0.9.13-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss-pam-ldapd@0.9.13-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119662?format=json","purl":"pkg:deb/debian/nss-pam-ldapd@0.9.13-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss-pam-ldapd@0.9.13-2%3Fdistro=trixie"}],"aliases":["CVE-2013-0288"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nykz-cdwz-ekcz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss-pam-ldapd@0.9.11-1%3Fdistro=trixie"}