Lucene search
+L

16 matches found

nessus
nessus
added 6 days ago7 views

Linux Distros Unpatched Vulnerability : CVE-2026-54591

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior...

8.1CVSS6.2AI score0.00317EPSS
Exploits0References3
vulnersosv
vulnersosv
added 2026/05/27 9:35 p.m.7 views

aiida-abacus (>=0.3.0 <=0.3.1), aiida-abinit (=0.5.0) +155 more potentially affected by CVE-2026-45309 via asyncssh (>=2.0.1 <=2.22.0)

asyncssh PYPI version =2.0.1, =0.3.0, =0.4.1, =0.1.0, =0.0.6, =2.0.0, =0.1.3, =2.7.0, =2.8.0rc2 and more Source cves: CVE-2026-45309 Source advisory: SNYK:PYTHON-ASYNCSSH-16959998...

5.7AI score0.00221EPSS
Exploits0
ubuntu
ubuntu
added 2024/10/02 3:58 a.m.10 views

USN-7051-1: AsyncSSH vulnerability

Fabian Bäumer, Marcus Brinkmann, Jörg Schwenk discovered that the SSH protocol was vulnerable to a prefix truncation attack. If a remote attacker was able to intercept SSH communications, extension negotiation messages could be truncated, possibly leading to certain algorithms and features being...

5.9CVSS7AI score0.93305EPSS
Exploits4
f5
f5
added 2024/02/12 9:47 a.m.53 views

K000138577: Python-asyncssh vulnerability CVE-2023-46446

Security Advisory Description An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." CVE-2023-46446 Impact There is no impact; F5 products are not affected by this...

6.8CVSS7.7AI score0.00867EPSS
Exploits0
susecve
susecve
added 2023/11/15 1:57 a.m.2 views

SUSE CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

6.8CVSS9.2AI score0.00867EPSS
Exploits0References3
osv
osv
added 2023/11/14 3:15 a.m.1 views

DEBIAN-CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

5.9CVSS5.8AI score0.00586EPSS
Exploits0References1
vulnersosv
vulnersosv
added 2023/11/14 3:15 a.m.4 views

aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46446 via asyncssh (>=1.10.0 <=2.14.0)

asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.21 and more Source cves: CVE-2023-46446 Source advisory: OSV:PYSEC-2023-239...

6.8CVSS6.7AI score0.00867EPSS
Exploits0
susecve
susecve
added 2023/11/11 1:51 a.m.4 views

SUSE CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

5.9CVSS9AI score0.00586EPSS
Exploits0References3
vulnersosv
vulnersosv
added 2023/11/09 6:35 p.m.5 views

aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46446 via asyncssh (>=1.10.0 <=2.14.0)

asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.21 and more Source cves: CVE-2023-46446 Source advisory: OSV:GHSA-C35Q-FFPF-5QPM...

6.8CVSS6.7AI score0.00867EPSS
Exploits0
osv
osv
added 2023/11/09 6:35 p.m.22 views

GHSA-C35Q-FFPF-5QPM AsyncSSH Rogue Session Attack

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...

8.1CVSS5.8AI score0.00867EPSS
Exploits0References12
vulnersosv
vulnersosv
added 2023/11/09 6:34 p.m.3 views

aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46445 via asyncssh (>=1.10.0 <=2.14.0)

asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.21 and more Source cves: CVE-2023-46445 Source advisory: OSV:GHSA-CFC2-WR2V-GXM5...

5.9CVSS6.2AI score0.00586EPSS
Exploits0
osv
osv
added 2023/11/09 6:34 p.m.20 views

GHSA-CFC2-WR2V-GXM5 AsyncSSH Rogue Extension Negotiation

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack. Details The rogue extension negotiation attack targets an AsyncSSH client connecting to any SSH server sending an extension info message. The attack...

5.3CVSS6.1AI score0.00586EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2023/11/09 12:0 a.m.7 views

PT-2023-9801 · Asyncssh +3 · Asyncssh +3

Name of the Vulnerable Software and Affected Versions: AsyncSSH versions 2.14.0 and earlier Description: The issue in AsyncSSH allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, also known as a "Rogue Session Attack." This can lea...

7.1CVSS7AI score0.93305EPSS
Exploits4References51
ptsecurity
ptsecurity
added 2023/11/09 12:0 a.m.5 views

PT-2023-9800 · Asyncssh +3 · Asyncssh +3

Name of the Vulnerable Software and Affected Versions: AsyncSSH versions prior to 2.14.1 Description: The issue in AsyncSSH allows attackers to control the extension info message via a man-in-the-middle attack, enabling them to conduct algorithm downgrade attacks during user authentication. This...

6.8CVSS6.5AI score0.93305EPSS
Exploits4References50
vulnersosv
vulnersosv
added 2022/05/14 1:29 a.m.6 views

pyplanet (>=0.1.5 <=0.5.4) potentially affected by CVE-2018-7749 via asyncssh (>=1.10.0 <=1.11.1)

asyncssh PYPI version =1.10.0, =0.1.5, =0.5.4 Source cves: CVE-2018-7749 Source advisory: OSV:GHSA-97CV-6PJF-5F9Q...

9.8CVSS7.2AI score0.0178EPSS
Exploits0
pypa
pypa
added 2018/03/12 7:29 p.m.9 views

PYSEC-2018-108

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step...

9.8CVSS7.2AI score0.0178EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder