Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/libpam-ldap@186-4?distro=bullseye

Type deb

Namespace debian

Name libpam-ldap

Version 186-4

Qualifiers

distro	bullseye

Subpath

Is_vulnerable false

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-brru-z9nu-f7b5

vulnerability_id VCID-brru-z9nu-f7b5

summary Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges. NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2641.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2641.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-2641

reference_id

reference_type

scores

value	0.02197
scoring_system	epss
scoring_elements	0.84772
published_at	2026-06-11T12:55:00Z

value	0.02197
scoring_system	epss
scoring_elements	0.84824
published_at	2026-06-12T12:55:00Z

value	0.02197
scoring_system	epss
scoring_elements	0.84833
published_at	2026-06-13T12:55:00Z

value	0.02197
scoring_system	epss
scoring_elements	0.84825
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-2641

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617737
reference_id	1617737
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617737

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324899
reference_id	324899
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324899

reference_url	https://access.redhat.com/errata/RHSA-2005:767
reference_id	RHSA-2005:767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:767

fixed_packages

url	pkg:deb/debian/libpam-ldap@178-1sarge1?distro=bullseye
purl	pkg:deb/debian/libpam-ldap@178-1sarge1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@178-1sarge1%3Fdistro=bullseye

url	pkg:deb/debian/libpam-ldap@186-4?distro=bullseye
purl	pkg:deb/debian/libpam-ldap@186-4?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@186-4%3Fdistro=bullseye

aliases CVE-2005-2641

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-brru-z9nu-f7b5

url VCID-na83-pdm7-x7ac

vulnerability_id VCID-na83-pdm7-x7ac

summary

pam_ldap contains a vulnerability that may allow a remote user with a
    locked account to gain unauthorized system access.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5170.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5170.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-5170

reference_id

reference_type

scores

value	0.04353
scoring_system	epss
scoring_elements	0.89184
published_at	2026-06-11T12:55:00Z

value	0.04353
scoring_system	epss
scoring_elements	0.89221
published_at	2026-06-12T12:55:00Z

value	0.04353
scoring_system	epss
scoring_elements	0.89229
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-5170

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1618208
reference_id	1618208
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1618208

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392984
reference_id	392984
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392984

reference_url	https://security.gentoo.org/glsa/200612-19
reference_id	GLSA-200612-19
reference_type
scores
url	https://security.gentoo.org/glsa/200612-19

reference_url	https://access.redhat.com/errata/RHSA-2006:0719
reference_id	RHSA-2006:0719
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0719

fixed_packages

url	pkg:deb/debian/libpam-ldap@180-1.2?distro=bullseye
purl	pkg:deb/debian/libpam-ldap@180-1.2?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@180-1.2%3Fdistro=bullseye

url	pkg:deb/debian/libpam-ldap@186-4?distro=bullseye
purl	pkg:deb/debian/libpam-ldap@186-4?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@186-4%3Fdistro=bullseye

aliases CVE-2006-5170

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-na83-pdm7-x7ac

url VCID-udrc-jtcr-37d5

vulnerability_id VCID-udrc-jtcr-37d5

summary Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2003-0734

reference_id

reference_type

scores

value	0.00417
scoring_system	epss
scoring_elements	0.62195
published_at	2026-06-11T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.62296
published_at	2026-06-12T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.62307
published_at	2026-06-13T12:55:00Z

value	0.00417
scoring_system	epss
scoring_elements	0.62303
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2003-0734

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0734
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0734

fixed_packages

url	pkg:deb/debian/libpam-ldap@164-1?distro=bullseye
purl	pkg:deb/debian/libpam-ldap@164-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@164-1%3Fdistro=bullseye

url	pkg:deb/debian/libpam-ldap@186-4?distro=bullseye
purl	pkg:deb/debian/libpam-ldap@186-4?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@186-4%3Fdistro=bullseye

aliases CVE-2003-0734

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-udrc-jtcr-37d5

url VCID-w4bj-mvky-43f7

vulnerability_id VCID-w4bj-mvky-43f7

summary pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2069.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2069.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-2069

reference_id

reference_type

scores

value	0.02839
scoring_system	epss
scoring_elements	0.86513
published_at	2026-06-11T12:55:00Z

value	0.02839
scoring_system	epss
scoring_elements	0.86563
published_at	2026-06-12T12:55:00Z

value	0.02839
scoring_system	epss
scoring_elements	0.86573
published_at	2026-06-13T12:55:00Z

value	0.02839
scoring_system	epss
scoring_elements	0.86571
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-2069

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617681
reference_id	1617681
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617681

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316972
reference_id	316972
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316972

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316973
reference_id	316973
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316973

reference_url	https://access.redhat.com/errata/RHSA-2005:751
reference_id	RHSA-2005:751
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:751

reference_url	https://access.redhat.com/errata/RHSA-2005:767
reference_id	RHSA-2005:767
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:767

reference_url	https://usn.ubuntu.com/152-1/
reference_id	USN-152-1
reference_type
scores
url	https://usn.ubuntu.com/152-1/

fixed_packages

url	pkg:deb/debian/libpam-ldap@178-1sarge1?distro=bullseye
purl	pkg:deb/debian/libpam-ldap@178-1sarge1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@178-1sarge1%3Fdistro=bullseye

url	pkg:deb/debian/libpam-ldap@186-4?distro=bullseye
purl	pkg:deb/debian/libpam-ldap@186-4?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@186-4%3Fdistro=bullseye

aliases CVE-2005-2069

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w4bj-mvky-43f7

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@186-4%3Fdistro=bullseye

Package Instance