CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/05/27 12:0 a.m.•8 views

PT-2026-44151

Name of the Vulnerable Software and Affected Versions asyncssh versions 2.22.0 through 2.23.0 Description An issue exists during pre-authentication server configuration reload where the %u token in the AuthorizedKeysFile setting is expanded using the raw SSH username without rejecting path...

8.2CVSS5.4AI score0.00221EPSS

Exploits0References5

IBM Security Bulletins•added 2025/12/19 8:17 p.m.•8 views

Security Bulletin: IBM Storage Ceph is vulnerable to a Rogue Session Attack and Rogue Extension Negotiation in python-asyncssh (CVE-2023-46446, CVE-2023-46445)

Summary python-asyncssh is used by IBM Storage Ceph as an asynchronous client and server implementation of the SSHv2 protocol. CVE-2023-46446, CVE-2023-46445 Vulnerability Details CVEID:CVE-2023-46446 DESCRIPTION: An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an...

6.8CVSS6.7AI score0.00867EPSS

Exploits0Affected Software1

IBM Security Bulletins•added 2025/12/19 8:16 p.m.•6 views

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Validation of Integrity Check Value in python-asyncssh (CVE-2023-48795)

Summary python-asyncss is used by IBM Storage Ceph ias an asynchronous client and server implementation of the SSHv2 protocol. CVE-2023-48795 Vulnerability Details CVEID:CVE-2023-48795 DESCRIPTION: The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other...

5.9CVSS6.6AI score0.93305EPSS

Exploits4Affected Software1

EUVD•added 2025/10/07 12:30 a.m.•11 views

EUVD-2018-0022

Malware in sbrugna...

9.8CVSS9.2AI score0.0178EPSS

Exploits0References8

Tenable Nessus•added 2025/08/30 12:0 a.m.•3 views

Linux Distros Unpatched Vulnerability : CVE-2023-46446

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a...

Tenable Nessus•added 2025/06/16 12:0 a.m.•4 views

TencentOS Server 4: python-asyncssh (TSSA-2024:1054)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1054 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

RedHat Linux•added 2025/05/07 12:48 p.m.•3 views

python-asyncssh: Rogue Session Attack

A flaw was found in python-synch before the 2.14.1 versions, where the client can log in to the attacker's account without the client being able to detect this. This flaw allows an attacker to control the remote end of the SSH session completely, resulting in a complete break of the confidentiali...

6.8CVSS5.8AI score0.00867EPSS

Exploits0References5

BDU FSTEC•added 2024/12/19 12:0 a.m.•2 views

The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python programming language allows attackers to carry out “man-in-the-middle” type attacks.

The vulnerability of the client-side and server-side implementations of the SSHv2 asyncssh protocol in Python lies in insufficient validation of data authenticity. Exploiting this vulnerability allows a malicious actor to carry out “man-in-the-middle” attacks remotely...

5.9CVSS6.1AI score0.00586EPSS

Exploits0References12Affected Software6

OpenVAS•added 2024/12/13 12:0 a.m.•11 views

Ubuntu: Security Advisory (USN-7108-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.5AI score0.00867EPSS

Ubuntu•added 2024/12/12 6:58 a.m.•6 views

USN-7108-2: AsyncSSH vulnerabilities

USN-7108-1 fixed vulnerabilities in AysncSSH. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept...

6.8CVSS7AI score0.00867EPSS

Exploits0

OSV•added 2024/12/12 6:58 a.m.•1 views

USN-7108-2 python-asyncssh vulnerabilities

6.8CVSS6.7AI score0.00867EPSS

Tenable Nessus•added 2024/12/12 12:0 a.m.•10 views

Ubuntu 18.04 LTS : AsyncSSH vulnerabilities (USN-7108-2)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7108-2 advisory. USN-7108-1 fixed vulnerabilities in AysncSSH. This update provides the corresponding update for Ubuntu 18.04 LTS. Tenable has extracted the preceding...

6.8CVSS6.8AI score0.00867EPSS

Ubuntu•added 2024/11/18 5:27 a.m.•15 views

USN-7108-1: AsyncSSH vulnerabilities

Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. CVE-2023-46445 Fabian Bäumer, Marcus...

OSV•added 2024/11/18 5:27 a.m.•1 views

Exploits0

USN-7108-1 python-asyncssh vulnerabilities

6.8CVSS6.7AI score0.00867EPSS

OpenVAS•added 2024/11/15 12:0 a.m.•8 views

Ubuntu: Security Advisory (USN-7108-1)

6.8CVSS6.8AI score0.00867EPSS

Tenable Nessus•added 2024/11/14 12:0 a.m.•15 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : AsyncSSH vulnerabilities (USN-7108-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7108-1 advisory. Fabian Bumer, Marcus Brinkmann, and Jrg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An...