Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 5 of 5 results

CVE-2023-48795

Medium priority

Some fixes available 29 of 79

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...

13 affected packages

dropbear, filezilla, golang-go.crypto, libssh, libssh2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dropbear Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
filezilla Fixed Fixed Fixed Not affected Not affected
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libssh Not affected Fixed Fixed Not affected Not affected
libssh2 Not affected Not affected Not affected Not affected Not affected
lxd Not in release Not in release Not affected Fixed Fixed
openssh Fixed Fixed Fixed Fixed Fixed
openssh-ssh1 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
paramiko Fixed Fixed Fixed Needs evaluation Needs evaluation
proftpd-dfsg Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
putty Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python-asyncssh Fixed Fixed Fixed Ignored Ignored
snapd Not affected Not affected Not affected Not affected Not affected
Show all 13 packages Show less packages

CVE-2022-24302

Medium priority

Some fixes available 10 of 11

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the write_private_key_file function could allow unauthorized information disclosure.

1 affected packages

paramiko

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
paramiko Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2018-1000805

Medium priority
Fixed

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity.

1 affected packages

paramiko

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
paramiko Fixed Fixed
Show less packages

CVE-2018-7750

High priority
Fixed

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether...

1 affected packages

paramiko

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
paramiko Fixed
Show less packages

CVE-2008-0299

Low priority
Ignored

common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

1 affected packages

paramiko

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
paramiko
Show less packages