python-paramiko (SUSE:Linux Enterprise Module for Public Cloud 12) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Public Cloud 12 package python-paramiko, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2018-7750 — CVSS 9.8 (critical): transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5…
CVE-2013-7459 — CVSS 9.8 (critical): Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers…
CVE-2018-1000805 — CVSS 8.8 (high): Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can…
CVE-2021-33503 — CVSS 7.5 (high): An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component, the…
CVE-2015-2296 — CVSS 6.8 (medium): The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session fixation attacks…
CVE-2022-24302 — CVSS 5.9 (medium): In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized…
CVE-2013-5123 — CVSS 5.9 (medium): The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows…
CVE-2014-8991 — CVSS 2.1 (low): pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-*…