Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Paramiko Subscribe
Filtered by product Paramiko
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24302 3 Debian, Fedoraproject, Paramiko 3 Debian Linux, Fedora, Paramiko 2022-09-12 4.3 MEDIUM 5.9 MEDIUM
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
CVE-2018-7750 3 Debian, Paramiko, Redhat 11 Debian Linux, Paramiko, Ansible Engine and 8 more 2022-04-18 7.5 HIGH 9.8 CRITICAL
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
CVE-2018-1000805 4 Canonical, Debian, Paramiko and 1 more 11 Ubuntu Linux, Debian Linux, Paramiko and 8 more 2022-04-06 6.5 MEDIUM 8.8 HIGH
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.