Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2018-7750
transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.
- http://www.securityfocus.com/bid/103713
- https://access.redhat.com/errata/RHSA-2018:0591
- https://access.redhat.com/errata/RHSA-2018:0646
- https://access.redhat.com/errata/RHSA-2018:1124
- https://access.redhat.com/errata/RHSA-2018:1125
- https://access.redhat.com/errata/RHSA-2018:1213
- https://access.redhat.com/errata/RHSA-2018:1274
- https://access.redhat.com/errata/RHSA-2018:1328
- https://access.redhat.com/errata/RHSA-2018:1525
- https://access.redhat.com/errata/RHSA-2018:1972
- https://github.com/paramiko/paramiko/blob/master/sites/www/changelog.rst
- https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
- https://github.com/paramiko/paramiko/issues/1175
- https://lists.debian.org/debian-lts-announce/2018/10/msg00018.html
- https://lists.debian.org/debian-lts-announce/2021/12/msg00025.html
- https://usn.ubuntu.com/3603-1/
- https://usn.ubuntu.com/3603-2/
- https://www.exploit-db.com/exploits/45712/