Lucene search
K

143 matches found

Tenable Nessus
Tenable Nessus
added 4 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior...

8.1CVSS6.2AI score0.00317EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 4 days ago5 views

Linux Distros Unpatched Vulnerability : CVE-2026-45309

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - python-asyncssh - None Ubuntu Linux - Unknown description CVE-2026-45309 Note that Nessus relies on the presence of the package as reported by th...

6.1AI score0.00221EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 4 days ago9 views

Linux Distros Unpatched Vulnerability : CVE-2026-54590

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Versi...

5.9CVSS6.2AI score0.00285EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 5 days ago6 views

CVE-2026-54591

A flaw was found in AsyncSSH, a Python package for SSHv2 protocol implementation. A malicious SSH server could exploit this vulnerability by sending specially crafted filenames containing directory traversal sequences to an AsyncSSH SCP client. This could allow the server to write arbitrary files...

8.1CVSS6AI score0.00317EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 5 days ago7 views

CVE-2026-54590

A flaw was found in AsyncSSH, a Python package for implementing the SSHv2 protocol. An incomplete fix for a previous vulnerability allowed an attacker to bypass security restrictions in the AuthorizedKeysFile processing. By using specific characters like or environment variables $ENV in the...

5.9CVSS6AI score0.00285EPSS
Exploits0References2
OSV
OSV
added 6 days ago3 views

DEBIAN-CVE-2026-54590

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig.settokens that blocks /, , and .. before %u substitution in...

5.9CVSS6.1AI score0.00285EPSS
Exploits0References1
NVD
NVD
added 6 days ago8 views

CVE-2026-54590

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig.settokens that blocks /, , and .. before %u substitution in...

5.9CVSS0.00285EPSS
Exploits0References3
NVD
NVD
added 6 days ago11 views

CVE-2026-54591

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.1, a malicious SSH server can write arbitrary files on the asyncssh SCP client's filesystem by sending filenames containing ../...

8.1CVSS0.00317EPSS
Exploits0References3
CVE
CVE
added 6 days ago6 views

CVE-2026-54590

AsyncSSH (Python, v2.23.0) contains an incomplete fix for CVE-2026-45309 in SSHServerConfig._set_tokens that blocks /, , and .. before %u substitution in AuthorizedKeysFile but fails to block a leading ~ or ${ENV}. This allows later expansion in _expand_val and Path(filename).expanduser() to esca...

5.9CVSS6AI score0.00285EPSS
Exploits0References3
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-54590 AsyncSSH AuthorizedKeysFile username substitution bypass through ~ and environment expansion

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Version 2.23.0 contains an incomplete fix for CVE-2026-45309 in SSHServerConfig.settokens that blocks /, , and .. before %u substitution in...

5.9CVSS0.00285EPSS
Exploits0References3
CVE
CVE
added 6 days ago8 views

CVE-2026-54591

AsyncSSH (Python) prior to 2.23.1 is vulnerable to SCP path traversal: a malicious SSH server can craft filenames with ../, since _parse_cd_args returns server-provided names verbatim and _recv_files joins them to the destination path without enforcing directory boundaries, enabling arbitrary fil...

8.1CVSS6.1AI score0.00317EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 6 days ago6 views

PT-2026-56578

Name of the Vulnerable Software and Affected Versions AsyncSSH versions prior to 2.23.1 Description AsyncSSH is a Python package providing an asynchronous client and server implementation of the SSHv2 protocol. A malicious SSH server can write arbitrary files on the SCP client's filesystem by...

8.1CVSS6.2AI score0.00317EPSS
Exploits0References7
OSV
OSV
added 2026/06/16 12:0 a.m.5 views

OPENSUSE-SU-2026:11042-1 python311-asyncssh-2.23.1-1.1 on GA media

These are all security issues fixed in the python311-asyncssh-2.23.1-1.1 package on the GA media of openSUSE Tumbleweed...

5.4AI score0.00221EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/27 9:35 p.m.7 views

aiida-abacus (>=0.3.0 <=0.3.1), aiida-abinit (=0.5.0) +155 more potentially affected by CVE-2026-45309 via asyncssh (>=2.0.1 <=2.22.0)

asyncssh PYPI version =2.0.1, =0.3.0, =0.4.1, =0.1.0, =0.0.6, =2.0.0, =0.1.3, =2.7.0, =2.8.0rc2 and more Source cves: CVE-2026-45309 Source advisory: SNYK:PYTHON-ASYNCSSH-16959998...

5.7AI score0.00221EPSS
Exploits0
OSV
OSV
added 2026/05/27 9:35 p.m.6 views

GHSA-G794-3FMP-753H AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username

Summary AsyncSSH 2.22.0 expands the OpenSSH-compatible AuthorizedKeysFile %u token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as AuthorizedKeysFile authorizedkeys/%u can be made to read an authorized-ke...

8.2CVSS5.8AI score0.00221EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.13 views

PT-2026-44151

Name of the Vulnerable Software and Affected Versions asyncssh versions 2.22.0 through 2.23.0 Description An issue exists during pre-authentication server configuration reload where the %u token in the AuthorizedKeysFile setting is expanded using the raw SSH username without rejecting path...

8.2CVSS5.4AI score0.00221EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/19 8:17 p.m.9 views

Security Bulletin: IBM Storage Ceph is vulnerable to a Rogue Session Attack and Rogue Extension Negotiation in python-asyncssh (CVE-2023-46446, CVE-2023-46445)

Summary python-asyncssh is used by IBM Storage Ceph as an asynchronous client and server implementation of the SSHv2 protocol. CVE-2023-46446, CVE-2023-46445 Vulnerability Details CVEID:CVE-2023-46446 DESCRIPTION: An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an...

6.8CVSS6.7AI score0.00867EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/12/19 8:16 p.m.8 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Validation of Integrity Check Value in python-asyncssh (CVE-2023-48795)

Summary python-asyncss is used by IBM Storage Ceph ias an asynchronous client and server implementation of the SSHv2 protocol. CVE-2023-48795 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

5.9CVSS6.6AI score0.93305EPSS
Exploits4Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.14 views

EUVD-2018-0022

Malware in sbrugna...

9.8CVSS9.2AI score0.0178EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/08/30 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-46446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a...

6.8CVSS6.9AI score0.00867EPSS
Exploits0References2
Rows per page
Query Builder