{"url":"http://public2.vulnerablecode.io/api/packages/54892?format=json","purl":"pkg:deb/debian/libpam-ldap@186-4?distro=bullseye","type":"deb","namespace":"debian","name":"libpam-ldap","version":"186-4","qualifiers":{"distro":"bullseye"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200170?format=json","vulnerability_id":"VCID-brru-z9nu-f7b5","summary":"Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges.  NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2641.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2641.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2641","reference_id":"","reference_type":"","scores":[{"value":"0.02197","scoring_system":"epss","scoring_elements":"0.84772","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02197","scoring_system":"epss","scoring_elements":"0.84824","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02197","scoring_system":"epss","scoring_elements":"0.84833","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02197","scoring_system":"epss","scoring_elements":"0.84825","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617737","reference_id":"1617737","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617737"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324899","reference_id":"324899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:767","reference_id":"RHSA-2005:767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:767"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54894?format=json","purl":"pkg:deb/debian/libpam-ldap@178-1sarge1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@178-1sarge1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/54892?format=json","purl":"pkg:deb/debian/libpam-ldap@186-4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@186-4%3Fdistro=bullseye"}],"aliases":["CVE-2005-2641"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brru-z9nu-f7b5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181276?format=json","vulnerability_id":"VCID-na83-pdm7-x7ac","summary":"pam_ldap contains a vulnerability that may allow a remote user with a\n    locked account to gain unauthorized system access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5170.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-5170.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5170","reference_id":"","reference_type":"","scores":[{"value":"0.04353","scoring_system":"epss","scoring_elements":"0.89184","published_at":"2026-06-11T12:55:00Z"},{"value":"0.04353","scoring_system":"epss","scoring_elements":"0.89221","published_at":"2026-06-12T12:55:00Z"},{"value":"0.04353","scoring_system":"epss","scoring_elements":"0.89229","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-5170"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5170"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618208","reference_id":"1618208","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1618208"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392984","reference_id":"392984","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=392984"},{"reference_url":"https://security.gentoo.org/glsa/200612-19","reference_id":"GLSA-200612-19","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200612-19"},{"reference_url":"https://access.redhat.com/errata/RHSA-2006:0719","reference_id":"RHSA-2006:0719","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2006:0719"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54895?format=json","purl":"pkg:deb/debian/libpam-ldap@180-1.2?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@180-1.2%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/54892?format=json","purl":"pkg:deb/debian/libpam-ldap@186-4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@186-4%3Fdistro=bullseye"}],"aliases":["CVE-2006-5170"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-na83-pdm7-x7ac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/199595?format=json","vulnerability_id":"VCID-udrc-jtcr-37d5","summary":"Unknown vulnerability in the pam_filter mechanism in pam_ldap before version 162, when LDAP based authentication is being used, allows users to bypass host-based access restrictions and log onto the system.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0734","reference_id":"","reference_type":"","scores":[{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.62195","published_at":"2026-06-11T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.62296","published_at":"2026-06-12T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.62307","published_at":"2026-06-13T12:55:00Z"},{"value":"0.00417","scoring_system":"epss","scoring_elements":"0.62303","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0734"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54893?format=json","purl":"pkg:deb/debian/libpam-ldap@164-1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@164-1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/54892?format=json","purl":"pkg:deb/debian/libpam-ldap@186-4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@186-4%3Fdistro=bullseye"}],"aliases":["CVE-2003-0734"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-udrc-jtcr-37d5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200120?format=json","vulnerability_id":"VCID-w4bj-mvky-43f7","summary":"pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2069.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2069.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2069","reference_id":"","reference_type":"","scores":[{"value":"0.02839","scoring_system":"epss","scoring_elements":"0.86513","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02839","scoring_system":"epss","scoring_elements":"0.86563","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02839","scoring_system":"epss","scoring_elements":"0.86573","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02839","scoring_system":"epss","scoring_elements":"0.86571","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2069"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617681","reference_id":"1617681","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617681"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316972","reference_id":"316972","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316972"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316973","reference_id":"316973","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316973"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:751","reference_id":"RHSA-2005:751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:751"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:767","reference_id":"RHSA-2005:767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:767"},{"reference_url":"https://usn.ubuntu.com/152-1/","reference_id":"USN-152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/152-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54894?format=json","purl":"pkg:deb/debian/libpam-ldap@178-1sarge1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@178-1sarge1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/54892?format=json","purl":"pkg:deb/debian/libpam-ldap@186-4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@186-4%3Fdistro=bullseye"}],"aliases":["CVE-2005-2069"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4bj-mvky-43f7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@186-4%3Fdistro=bullseye"}