VulnerableCode Package Details - pkg:deb/debian/paramiko@1.10.1-1~bpo70%2B1

Search for packages

Vulnerability	Summary	Fixed by
VCID-9k5y-a5st-aaap Aliases: CVE-2018-1000805 GHSA-f2j6-wrhh-v25m PYSEC-2018-69	Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.	2.4.2-0.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-u5kv-fs72-aaar Aliases: CVE-2022-24302 GHSA-f8q4-jwww-x3wv PYSEC-2022-166	In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.	2.6.0-1~bpo10+1 Affected by 0 other vulnerabilities. 2.7.2-1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.12.0-2 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-zx4q-ry22-aaam Aliases: CVE-2018-7750 GHSA-232r-66cg-79px PYSEC-2018-19	transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.	2.4.2-0.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-9k5y-a5st-aaap
Aliases:
CVE-2018-1000805
GHSA-f2j6-wrhh-v25m
PYSEC-2018-69

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

2.4.2-0.1
Affected by 1 other vulnerability.

VCID-u5kv-fs72-aaar
Aliases:
CVE-2022-24302
GHSA-f8q4-jwww-x3wv
PYSEC-2022-166

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

2.6.0-1~bpo10+1
Affected by 0 other vulnerabilities.

2.7.2-1
Affected by 2 other vulnerabilities.

2.12.0-2
Affected by 1 other vulnerability.

VCID-zx4q-ry22-aaam
Aliases:
CVE-2018-7750
GHSA-232r-66cg-79px
PYSEC-2018-19

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

2.4.2-0.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-21T14:59:58.089446+00:00	Debian Oval Importer	Affected by	VCID-9k5y-a5st-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:49:32.107213+00:00	Debian Oval Importer	Affected by	VCID-u5kv-fs72-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-21T13:01:29.662921+00:00	Debian Oval Importer	Affected by	VCID-zx4q-ry22-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.3
2025-06-20T22:03:30.163673+00:00	Debian Oval Importer	Affected by	VCID-9k5y-a5st-aaap	None	36.1.3
2025-06-20T21:58:10.355294+00:00	Debian Oval Importer	Affected by	VCID-u5kv-fs72-aaar	None	36.1.3
2025-06-20T20:33:25.821630+00:00	Debian Oval Importer	Affected by	VCID-zx4q-ry22-aaam	None	36.1.3
2025-06-08T12:47:45.146961+00:00	Debian Oval Importer	Affected by	VCID-zx4q-ry22-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.1.0
2025-06-08T07:53:21.212068+00:00	Debian Oval Importer	Affected by	VCID-9k5y-a5st-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T06:43:42.201388+00:00	Debian Oval Importer	Affected by	VCID-u5kv-fs72-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-08T05:56:24.568034+00:00	Debian Oval Importer	Affected by	VCID-zx4q-ry22-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.1.0
2025-06-07T15:27:14.755679+00:00	Debian Oval Importer	Affected by	VCID-9k5y-a5st-aaap	None	36.1.0
2025-06-07T15:21:37.029300+00:00	Debian Oval Importer	Affected by	VCID-u5kv-fs72-aaar	None	36.1.0
2025-06-07T14:06:27.270157+00:00	Debian Oval Importer	Affected by	VCID-zx4q-ry22-aaam	None	36.1.0
2025-04-12T22:26:53.087812+00:00	Debian Oval Importer	Affected by	VCID-9k5y-a5st-aaap	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-12T18:34:40.184502+00:00	Debian Oval Importer	Affected by	VCID-zx4q-ry22-aaam	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	36.0.0
2025-04-08T06:25:45.720625+00:00	Debian Oval Importer	Affected by	VCID-9k5y-a5st-aaap	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T05:16:10.284679+00:00	Debian Oval Importer	Affected by	VCID-u5kv-fs72-aaar	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-08T04:28:17.097939+00:00	Debian Oval Importer	Affected by	VCID-zx4q-ry22-aaam	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	36.0.0
2025-04-07T13:58:23.863051+00:00	Debian Oval Importer	Affected by	VCID-9k5y-a5st-aaap	None	36.0.0
2025-04-07T13:52:59.021614+00:00	Debian Oval Importer	Affected by	VCID-u5kv-fs72-aaar	None	36.0.0
2025-04-07T12:40:11.390126+00:00	Debian Oval Importer	Affected by	VCID-zx4q-ry22-aaam	None	36.0.0