Search for packages
| purl | pkg:deb/debian/paramiko@2.4.2-0.1?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-3jh2-znva-2bb6 | transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step. |
CVE-2018-7750
GHSA-232r-66cg-79px PYSEC-2018-19 |
| VCID-9qz7-3cqa-tyd3 | Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity. |
CVE-2018-1000805
GHSA-f2j6-wrhh-v25m PYSEC-2018-69 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-16T13:23:36.031955+00:00 | Debian Importer | Fixing | VCID-9qz7-3cqa-tyd3 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T13:10:05.051159+00:00 | Debian Importer | Fixing | VCID-3jh2-znva-2bb6 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-13T09:14:11.682235+00:00 | Debian Importer | Fixing | VCID-9qz7-3cqa-tyd3 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-13T09:03:33.767281+00:00 | Debian Importer | Fixing | VCID-3jh2-znva-2bb6 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:49:21.140701+00:00 | Debian Importer | Fixing | VCID-3jh2-znva-2bb6 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:49:21.089793+00:00 | Debian Importer | Fixing | VCID-9qz7-3cqa-tyd3 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |