Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

127 matches found

OSV
OSVadded 2023/11/14 3:15 a.m.0 views

UBUNTU-CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

6.8CVSS6.7AI score0.00388EPSS
Exploits0References5
vulnersOsv
vulnersOsvadded 2023/11/14 3:15 a.m.0 views

aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46445 via asyncssh (>=1.10.0 <=2.14.0)

asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.10 and more Source cves: CVE-2023-46445 Source advisory: OSV:PYSEC-2023-237...

5.9CVSS6.2AI score0.00448EPSS
Exploits0
UbuntuCve
UbuntuCveadded 2023/11/14 3:15 a.m.41 views

CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

5.9CVSS6.2AI score0.00448EPSS
Exploits0References4
Prion
Prionadded 2023/11/14 3:15 a.m.6 views

Design/Logic Flaw

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

3.6CVSS6.4AI score0.00388EPSS
Exploits0References7Affected Software1
PyPA
PyPAadded 2023/11/14 3:15 a.m.4 views

PYSEC-2023-239

An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation...

6.8CVSS7.1AI score0.00388EPSS
Exploits0References1Affected Software1
OSV
OSVadded 2023/11/14 3:15 a.m.0 views

PYSEC-2023-237

An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack...

5.9CVSS5.9AI score0.00448EPSS
Exploits0References1
Cvelist
Cvelistadded 2023/11/14 12:0 a.m.11 views

CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

5.8AI score0.00448EPSS
Exploits0References7
CNNVD
CNNVDadded 2023/11/14 12:0 a.m.1 views

AsyncSSH Security Vulnerability

AsyncSSH is a Python package that provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. A security vulnerability exists in AsyncSSH v2.14.0 and earlier versions, which stems from a vulnerability that allows an attacker to take...

6.8CVSS6.9AI score0.00388EPSS
Exploits0References6
Debian CVE
Debian CVEadded 2023/11/14 12:0 a.m.26 views

CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

5.9CVSS5.8AI score0.00448EPSS
Exploits0
CNNVD
CNNVDadded 2023/11/14 12:0 a.m.1 views

AsyncSSH Data Forgery Issue Vulnerability

AsyncSSH is a Python package that provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. A data forgery issue vulnerability exists in AsyncSSH v2.14.0 and earlier versions, which stems from a vulnerability that allows an attacker to...

5.9CVSS6.6AI score0.00448EPSS
Exploits0References6
Cvelist
Cvelistadded 2023/11/14 12:0 a.m.22 views

CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

6.7AI score0.00388EPSS
Exploits0References7
Debian CVE
Debian CVEadded 2023/11/14 12:0 a.m.26 views

CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

6.8CVSS6.8AI score0.00388EPSS
Exploits0
CVE
CVEadded 2023/11/14 12:0 a.m.82 views

CVE-2023-46445

CVE-2023-46445 affects AsyncSSH before 2.14.1, allowing MITM-controlled extension info messages (Rogue Extension Negotiation). IBM Storage Ceph integrations and various Linux distros reference this flaw. Mitigation: upgrade AsyncSSH to 2.14.1 or newer (patching in affected products where applicab...

5.9CVSS5.4AI score0.00448EPSS
Exploits0References8Affected Software1
CVE
CVEadded 2023/11/14 12:0 a.m.122 views

CVE-2023-46446

CVE-2023-46446 is confirmed in IBM Storage Ceph (Python AsyncSSH) as a Rogue Session Attack affecting AsyncSSH prior to 2.14.1. IBM’s bulletin ties CVE-2023-46446 to IBM Storage Ceph versions 6.0, 6.1z0-z9, 7.0z0-z1, 7.1z0-z3, and 8.0z0-z3, with the remediation to upgrade to 7.0z2. The advisory n...

6.8CVSS6.4AI score0.00388EPSS
Exploits0References8Affected Software1
SUSE CVE
SUSE CVEadded 2023/11/11 1:51 a.m.1 views

SUSE CVE-2023-46445

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message RFC 8308 via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."...

5.9CVSS9AI score0.00448EPSS
Exploits0References3
Veracode
Veracodeadded 2023/11/10 9:21 a.m.10 views

Rogue Extension Negotiation

asyncssh is vulnerable to Rogue Extension Negotiation. The vulnerability is caused by an implementation flaw in the AsyncSSH server implementation which leads to an injection of an extension info message chosen by the attacker via a man-in-the-middle attack. This is achieved by downgrading the...

5.9CVSS7.3AI score0.00448EPSS
Exploits0References8Affected Software1
Veracode
Veracodeadded 2023/11/10 7:22 a.m.10 views

Rogue Session

asyncssh is vulnerable to a Rogue Session. The vulnerability is caused by a state machine flaw in the the AsyncSSH server while authenticating a client in which results in the client being forced to to log into the attacker's account without the client being able to detect this. An attacker can...

6.8CVSS7.1AI score0.00388EPSS
Exploits0References8Affected Software1
OSV
OSVadded 2023/11/09 6:35 p.m.0 views

GHSA-C35Q-FFPF-5QPM AsyncSSH Rogue Session Attack

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...

8.1CVSS5.8AI score0.00388EPSS
Exploits0References12
Github Security Blog
Github Security Blogadded 2023/11/09 6:35 p.m.22 views

AsyncSSH Rogue Session Attack

Summary An issue in AsyncSSH v2.14.0 and earlier allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation. Details The rogue session attack targets any SSH client connecting to an AsyncSSH server, on which the attacker must have a shell...

6.8CVSS7.3AI score0.00388EPSS
Exploits0References11Affected Software1
vulnersOsv
vulnersOsvadded 2023/11/09 6:35 p.m.1 views

aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46446 via asyncssh (>=1.10.0 <=2.14.0)

asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.10 and more Source cves: CVE-2023-46446 Source advisory: OSV:GHSA-C35Q-FFPF-5QPM...

6.8CVSS6.7AI score0.00388EPSS
Exploits0
Rows per page
Query Builder