Use of a Broken or Risky Cryptographic Algorithm

Overview paramiko is a library for making SSH2 connections client or server. Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the RSA key handling by allowing the use of the SHA-1 algorithm. An attacker can compromise the integrity of...

GHSA-R374-RXX8-8654 Paramiko rsakey.py allows the SHA-1 algorithm

In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm...

OESA-2024-1082 python-paramiko security update

This is a library for making SSH2 connections client or server. Emphasis is on using SSH2 as an alternative to SSL for making secure connections between python scripts. All major ciphers and hash methods are supported. SFTP client and server mode are both supported too. Security Fixes: The SSH...

Exploit for CVE-2022-21449

CVE-2023-25136 Proof-of-Concept Overview This is a DoS P...

Exploit for Double Free in Openbsd Openssh

CVE-2023-25136 Proof-of-Concept Overview This is a DoS P...

The vulnerability in the transport.py component of the SSHv2 protocol library for Python Paramiko allows a attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the transport.py component in the SSHv2 protocol library for Python Paramiko is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to gain access to confidential data, compromise its integrity, and cause service...

The vulnerability in the implementation of the SSHv2 protocol by the Paramiko library arises from synchronization errors when using a shared resource, allowing an attacker to gain access to confidential information.

The vulnerability of the SSHv2 protocol implementation by the Paramiko library is related to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to access confidential information...

UBUNTU-CVE-2022-24302

In Paramiko before 2.10.1, a race condition between creation and chmod in the writeprivatekeyfile function could allow unauthorized information disclosure...

Raspberry Pi 5.10 - Default Credentials Vulnerability

Exploit Title: Raspberry Pi 5.10 - Default Credentials Exploit Author: netspooky Vendor Homepage: https://www.raspberrypi.com/ Software Link: https://www.raspberrypi.com/software/operating-systems/ Version: Raspberry Pi OS = 5.10 Tested on: Raspberry Pi OS 5.10 CVE : CVE-2021-38759 Initial Releas...

CiscoExploit

This is a collection of three separate tools for exploiting vulnerabilities in Cisco devices. The tools are: 1. CiscoRV320Dump-master: This tool is designed to dump the configuration of a Cisco RV320 router. It includes a script called dumpconfig.py that extracts the configuration from the router...

GHSA-F2J6-WRHH-V25M Paramiko Authentication Bypass vulnerability

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity...

UBUNTU-CVE-2018-1000805

Paramiko version 2.4.1, 2.3.2, 2.2.3, 2.1.5, 2.0.8, 1.18.5, 1.17.6 contains a Incorrect Access Control vulnerability in SSH server that can result in RCE. This attack appear to be exploitable via network connectivity...

USN-3603-1 paramiko vulnerability

Matthijs Kooijman discovered that Paramiko's SSH server implementation did not properly require authentication before processing requests. An unauthenticated remote attacker could possibly use this to execute arbitrary code...