{"url":"http://public2.vulnerablecode.io/api/packages/54894?format=json","purl":"pkg:deb/debian/libpam-ldap@178-1sarge1?distro=bullseye","type":"deb","namespace":"debian","name":"libpam-ldap","version":"178-1sarge1","qualifiers":{"distro":"bullseye"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"180-1.2","latest_non_vulnerable_version":"186-4","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200170?format=json","vulnerability_id":"VCID-brru-z9nu-f7b5","summary":"Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges.  NOTE: CVE-2005-2497 had also been assigned to this issue, but CVE-2005-2641 is the correct candidate.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2641.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2641.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2641","reference_id":"","reference_type":"","scores":[{"value":"0.02197","scoring_system":"epss","scoring_elements":"0.84772","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02197","scoring_system":"epss","scoring_elements":"0.84824","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02197","scoring_system":"epss","scoring_elements":"0.84833","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02197","scoring_system":"epss","scoring_elements":"0.84825","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2641"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617737","reference_id":"1617737","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617737"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324899","reference_id":"324899","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324899"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:767","reference_id":"RHSA-2005:767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:767"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54894?format=json","purl":"pkg:deb/debian/libpam-ldap@178-1sarge1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@178-1sarge1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/54892?format=json","purl":"pkg:deb/debian/libpam-ldap@186-4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@186-4%3Fdistro=bullseye"}],"aliases":["CVE-2005-2641"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-brru-z9nu-f7b5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/200120?format=json","vulnerability_id":"VCID-w4bj-mvky-43f7","summary":"pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers to sniff the password.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2069.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2069.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2069","reference_id":"","reference_type":"","scores":[{"value":"0.02839","scoring_system":"epss","scoring_elements":"0.86513","published_at":"2026-06-11T12:55:00Z"},{"value":"0.02839","scoring_system":"epss","scoring_elements":"0.86563","published_at":"2026-06-12T12:55:00Z"},{"value":"0.02839","scoring_system":"epss","scoring_elements":"0.86573","published_at":"2026-06-13T12:55:00Z"},{"value":"0.02839","scoring_system":"epss","scoring_elements":"0.86571","published_at":"2026-06-14T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2005-2069"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2069"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617681","reference_id":"1617681","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617681"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316972","reference_id":"316972","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316972"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316973","reference_id":"316973","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=316973"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:751","reference_id":"RHSA-2005:751","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:751"},{"reference_url":"https://access.redhat.com/errata/RHSA-2005:767","reference_id":"RHSA-2005:767","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2005:767"},{"reference_url":"https://usn.ubuntu.com/152-1/","reference_id":"USN-152-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/152-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54894?format=json","purl":"pkg:deb/debian/libpam-ldap@178-1sarge1?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@178-1sarge1%3Fdistro=bullseye"},{"url":"http://public2.vulnerablecode.io/api/packages/54892?format=json","purl":"pkg:deb/debian/libpam-ldap@186-4?distro=bullseye","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@186-4%3Fdistro=bullseye"}],"aliases":["CVE-2005-2069"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w4bj-mvky-43f7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libpam-ldap@178-1sarge1%3Fdistro=bullseye"}