VulnerableCode Package Details - pkg:deb/debian/paramiko@1.10.1-1~bpo70%2B1

Search for packages

Package details: pkg:deb/debian/paramiko@1.10.1-1~bpo70%2B1

Essentials
History (2)

purl	pkg:deb/debian/paramiko@1.10.1-1~bpo70%2B1

Next non-vulnerable version	2.4.2-0.1
Latest non-vulnerable version	3.5.1-3
Risk	10.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-3nbs-d4je-67fb Aliases: CVE-2018-7750 GHSA-232r-66cg-79px PYSEC-2018-19	transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.	2.4.2-0.1 Affected by 0 other vulnerabilities.
VCID-6zuj-xf3s-nbf9 Aliases: CVE-2018-1000805 GHSA-f2j6-wrhh-v25m PYSEC-2018-69	Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.	2.4.2-0.1 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:58:51.407969+00:00	Debian Oval Importer	Affected by	VCID-6zuj-xf3s-nbf9	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T14:49:21.145119+00:00	Debian Oval Importer	Affected by	VCID-3nbs-d4je-67fb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0