Search for packages
Package details: pkg:deb/debian/paramiko@1.7.4-0.1
purl pkg:deb/debian/paramiko@1.7.4-0.1
Next non-vulnerable version 3.5.1-2
Latest non-vulnerable version 3.5.1-2
Risk 10.0
Vulnerabilities affecting this package (3)
Vulnerability Summary Fixed by
VCID-9k5y-a5st-aaap
Aliases:
CVE-2018-1000805
GHSA-f2j6-wrhh-v25m
PYSEC-2018-69
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.
2.4.2-0.1
Affected by 1 other vulnerability.
VCID-u5kv-fs72-aaar
Aliases:
CVE-2022-24302
GHSA-f8q4-jwww-x3wv
PYSEC-2022-166
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.
2.6.0-1~bpo10+1
Affected by 0 other vulnerabilities.
2.7.2-1
Affected by 2 other vulnerabilities.
2.12.0-2
Affected by 1 other vulnerability.
VCID-zx4q-ry22-aaam
Aliases:
CVE-2018-7750
GHSA-232r-66cg-79px
PYSEC-2018-19
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
2.4.2-0.1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-ndkx-zuac-aaab common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool. CVE-2008-0299
GHSA-wqmm-q65g-2hqr
PYSEC-2008-8

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T18:00:35.993935+00:00 Debian Oval Importer Fixing VCID-ndkx-zuac-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:59:58.083276+00:00 Debian Oval Importer Affected by VCID-9k5y-a5st-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:49:32.099698+00:00 Debian Oval Importer Affected by VCID-u5kv-fs72-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:01:29.656514+00:00 Debian Oval Importer Affected by VCID-zx4q-ry22-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T00:53:21.743064+00:00 Debian Oval Importer Fixing VCID-ndkx-zuac-aaab None 36.1.3
2025-06-20T22:03:30.157885+00:00 Debian Oval Importer Affected by VCID-9k5y-a5st-aaap None 36.1.3
2025-06-20T21:58:10.349458+00:00 Debian Oval Importer Affected by VCID-u5kv-fs72-aaar None 36.1.3
2025-06-20T20:33:25.816082+00:00 Debian Oval Importer Affected by VCID-zx4q-ry22-aaam None 36.1.3
2025-06-08T12:47:45.141610+00:00 Debian Oval Importer Affected by VCID-zx4q-ry22-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:32:18.561155+00:00 Debian Oval Importer Fixing VCID-ndkx-zuac-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:53:21.207513+00:00 Debian Oval Importer Affected by VCID-9k5y-a5st-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:43:42.196843+00:00 Debian Oval Importer Affected by VCID-u5kv-fs72-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T05:56:24.562627+00:00 Debian Oval Importer Affected by VCID-zx4q-ry22-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T18:15:43.212529+00:00 Debian Oval Importer Fixing VCID-ndkx-zuac-aaab None 36.1.0
2025-06-07T15:27:14.750591+00:00 Debian Oval Importer Affected by VCID-9k5y-a5st-aaap None 36.1.0
2025-06-07T15:21:37.023038+00:00 Debian Oval Importer Affected by VCID-u5kv-fs72-aaar None 36.1.0
2025-06-07T14:06:27.264752+00:00 Debian Oval Importer Affected by VCID-zx4q-ry22-aaam None 36.1.0
2025-04-12T22:26:53.073138+00:00 Debian Oval Importer Affected by VCID-9k5y-a5st-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:03:04.092807+00:00 Debian Oval Importer Fixing VCID-ndkx-zuac-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:34:40.169468+00:00 Debian Oval Importer Affected by VCID-zx4q-ry22-aaam https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:13:38.224803+00:00 Debian Oval Importer Fixing VCID-ndkx-zuac-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:25:45.706582+00:00 Debian Oval Importer Affected by VCID-9k5y-a5st-aaap https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:16:10.269377+00:00 Debian Oval Importer Affected by VCID-u5kv-fs72-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T04:28:17.083041+00:00 Debian Oval Importer Affected by VCID-zx4q-ry22-aaam https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T16:53:11.530480+00:00 Debian Oval Importer Fixing VCID-ndkx-zuac-aaab None 36.0.0
2025-04-07T13:58:23.846669+00:00 Debian Oval Importer Affected by VCID-9k5y-a5st-aaap None 36.0.0
2025-04-07T13:52:59.005195+00:00 Debian Oval Importer Affected by VCID-u5kv-fs72-aaar None 36.0.0
2025-04-07T12:40:11.370099+00:00 Debian Oval Importer Affected by VCID-zx4q-ry22-aaam None 36.0.0
2024-11-26T12:08:49.976387+00:00 Debian Oval Importer Fixing VCID-ndkx-zuac-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 35.0.0
2024-10-12T14:40:03.106418+00:00 Debian Oval Importer Fixing VCID-ndkx-zuac-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.2
2024-09-20T15:32:22.910819+00:00 Debian Oval Importer Fixing VCID-ndkx-zuac-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 34.0.1