{"url":"http://public2.vulnerablecode.io/api/packages/97951?format=json","purl":"pkg:deb/debian/openldap@0?distro=trixie","type":"deb","namespace":"debian","name":"openldap","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0","latest_non_vulnerable_version":"2.6.10+dfsg-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167214?format=json","vulnerability_id":"VCID-8xv6-7e1u-d3fq","summary":"A Untrusted Search Path vulnerability in openldap2 of openSUSE Factory allows local attackers with control of the ldap user or group to change ownership of arbitrary directory entries to this user/group, leading to escalation to root. This issue affects: openSUSE Factory openldap2 versions prior to 2.6.3-404.1.","references":[{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=1202931","reference_id":"show_bug.cgi?id=1202931","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2025-05-01T14:21:33Z/"}],"url":"https://bugzilla.suse.com/show_bug.cgi?id=1202931"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97951?format=json","purl":"pkg:deb/debian/openldap@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97944?format=json","purl":"pkg:deb/debian/openldap@2.4.57%2Bdfsg-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-re8r-bh8s-6fem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@2.4.57%252Bdfsg-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97942?format=json","purl":"pkg:deb/debian/openldap@2.5.13%2Bdfsg-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-re8r-bh8s-6fem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@2.5.13%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97945?format=json","purl":"pkg:deb/debian/openldap@2.6.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@2.6.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2022-31253"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xv6-7e1u-d3fq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218678?format=json","vulnerability_id":"VCID-bp19-z9jk-5kc9","summary":"An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97951?format=json","purl":"pkg:deb/debian/openldap@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97944?format=json","purl":"pkg:deb/debian/openldap@2.4.57%2Bdfsg-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-re8r-bh8s-6fem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@2.4.57%252Bdfsg-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97942?format=json","purl":"pkg:deb/debian/openldap@2.5.13%2Bdfsg-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-re8r-bh8s-6fem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@2.5.13%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97945?format=json","purl":"pkg:deb/debian/openldap@2.6.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@2.6.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2014-8182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bp19-z9jk-5kc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218679?format=json","vulnerability_id":"VCID-c11q-jszb-w7e1","summary":"/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets weak permissions for the TLS certificate, which allows local users to obtain the TLS certificate by leveraging a race condition between the creation of the certificate, and the chmod to protect it.","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97951?format=json","purl":"pkg:deb/debian/openldap@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97944?format=json","purl":"pkg:deb/debian/openldap@2.4.57%2Bdfsg-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-re8r-bh8s-6fem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@2.4.57%252Bdfsg-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97942?format=json","purl":"pkg:deb/debian/openldap@2.5.13%2Bdfsg-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-re8r-bh8s-6fem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@2.5.13%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97945?format=json","purl":"pkg:deb/debian/openldap@2.6.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@2.6.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2016-4984"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c11q-jszb-w7e1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/181252?format=json","vulnerability_id":"VCID-u5ty-7ddy-yqh8","summary":"Multiple vulnerabilities were found in OpenLDAP, allowing for\n    Denial of Service or a man-in-the-middle attack.","references":[{"reference_url":"https://security.gentoo.org/glsa/201406-36","reference_id":"GLSA-201406-36","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/97951?format=json","purl":"pkg:deb/debian/openldap@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97944?format=json","purl":"pkg:deb/debian/openldap@2.4.57%2Bdfsg-3%2Bdeb11u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-re8r-bh8s-6fem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@2.4.57%252Bdfsg-3%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97942?format=json","purl":"pkg:deb/debian/openldap@2.5.13%2Bdfsg-5?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-re8r-bh8s-6fem"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@2.5.13%252Bdfsg-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/97945?format=json","purl":"pkg:deb/debian/openldap@2.6.10%2Bdfsg-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@2.6.10%252Bdfsg-1%3Fdistro=trixie"}],"aliases":["CVE-2012-2668"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u5ty-7ddy-yqh8"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/openldap@0%3Fdistro=trixie"}