RSS   Podatności dla 'Paramiko'   RSS

2022-03-17
 
CVE-2022-24302

CWE-362
 

 
In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

 
2018-10-08
 
CVE-2018-1000805

CWE-732
 

 
Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

 
2018-03-13
 
CVE-2018-7750

CWE-287
 

 
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

 


Copyright 2024, cxsecurity.com

 

Back to Top