Lucene search
K

14 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2025/12/19 8:17 p.m.9 views

Security Bulletin: IBM Storage Ceph is vulnerable to a Rogue Session Attack and Rogue Extension Negotiation in python-asyncssh (CVE-2023-46446, CVE-2023-46445)

Summary python-asyncssh is used by IBM Storage Ceph as an asynchronous client and server implementation of the SSHv2 protocol. CVE-2023-46446, CVE-2023-46445 Vulnerability Details CVEID:CVE-2023-46446 DESCRIPTION: An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an...

6.8CVSS6.7AI score0.00867EPSS
Exploits0Affected Software1
OpenVAS
OpenVAS
added 2024/12/13 12:0 a.m.12 views

Ubuntu: Security Advisory (USN-7108-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS7.5AI score0.00867EPSS
Exploits0References2
OSV
OSV
added 2024/12/12 6:58 a.m.4 views

USN-7108-2 python-asyncssh vulnerabilities

USN-7108-1 fixed vulnerabilities in AysncSSH. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept...

6.8CVSS6.7AI score0.00867EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2024/11/15 12:0 a.m.9 views

Ubuntu: Security Advisory (USN-7108-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

6.8CVSS6.8AI score0.00867EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/11/14 12:0 a.m.16 views

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : AsyncSSH vulnerabilities (USN-7108-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7108-1 advisory. Fabian Bumer, Marcus Brinkmann, and Jrg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An...

6.8CVSS6.9AI score0.00867EPSS
Exploits0References3
Debian
Debian
added 2024/09/27 8:44 p.m.53 views

[SECURITY] [DLA 3899-1] python-asyncssh security update

Debian LTS Advisory DLA-3899-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert September 27, 2024 https://wiki.debian.org/LTS Package : python-asyncssh Version : 2.5.0-0.1+deb11u1 CVE ID : CVE-2023-46445 CVE-2023-46446 CVE-2023-48795 Debian Bug : 1055999 1056000...

6.8CVSS6.9AI score0.93305EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2024/09/27 12:0 a.m.20 views

Debian dla-3899 : python-asyncssh-doc - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3899 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3899-1 [email protected]...

6.8CVSS7.1AI score0.93305EPSS
Exploits4References8
F5 Networks
F5 Networks
added 2024/02/12 9:47 a.m.53 views

K000138577: Python-asyncssh vulnerability CVE-2023-46446

Security Advisory Description An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack." CVE-2023-46446 Impact There is no impact; F5 products are not affected by this...

6.8CVSS7.7AI score0.00867EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/11/25 12:0 a.m.16 views

Fedora 39 : python-asyncssh (2023-d2956318e4)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d2956318e4 advisory. Security fix for CVE-2023-46446 and CVE-2023-46445 Tenable has extracted the preceding description block directly from the Fedora security advisory...

6.8CVSS6.9AI score0.00867EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2023/11/17 6:51 p.m.38 views

CVE-2023-46446

A flaw was found in python-synch before the 2.14.1 versions, where the client can log in to the attacker's account without the client being able to detect this. This flaw allows an attacker to control the remote end of the SSH session completely, resulting in a complete break of the confidentiali...

6.8CVSS6.6AI score0.00867EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2023/11/14 3:15 a.m.4 views

aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46446 via asyncssh (>=1.10.0 <=2.14.0)

asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.21 and more Source cves: CVE-2023-46446 Source advisory: OSV:PYSEC-2023-239...

6.8CVSS6.7AI score0.00867EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2023/11/14 3:15 a.m.18 views

CVE-2023-46446

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."...

6.8CVSS6.7AI score0.00867EPSS
Exploits0References4
CVE
CVE
added 2023/11/14 12:0 a.m.141 views

CVE-2023-46446

CVE-2023-46446 is confirmed in IBM Storage Ceph (Python AsyncSSH) as a Rogue Session Attack affecting AsyncSSH prior to 2.14.1. IBM’s bulletin ties CVE-2023-46446 to IBM Storage Ceph versions 6.0, 6.1z0-z9, 7.0z0-z1, 7.1z0-z3, and 8.0z0-z3, with the remediation to upgrade to 7.0z2. The advisory n...

6.8CVSS6.4AI score0.00867EPSS
Exploits0References8Affected Software1
vulnersOsv
vulnersOsv
added 2023/11/09 6:35 p.m.5 views

aioasuswrt (>=1.1.20 <=1.3.3), aiosftp (>=0.0.1 <=0.3.0) +28 more potentially affected by CVE-2023-46446 via asyncssh (>=1.10.0 <=2.14.0)

asyncssh PYPI version =1.10.0, =1.1.20, =0.0.1, =0.6.0, =0.3.0, =1.2.1, =0.4.0, =0.1.0, =4.3.5, =0.35.0, =3.1.1, =0.6.5, =0.8.0, =2.8.1, =0.2.0, =0.1.0, =0.3.21 and more Source cves: CVE-2023-46446 Source advisory: OSV:GHSA-C35Q-FFPF-5QPM...

6.8CVSS6.7AI score0.00867EPSS
Exploits0
Rows per page
Query Builder