CVE-2023-48795

CVE-2023-48795 is referenced across several connected advisories, detailing affected packages and required upgrades. Astra Linux/CBL-Mariner entries note: podman (<5.6.1-2) needs upgrade, erlang (<25.2-1), libssh2 (<1.11.1-1), libssh (<0.10.6-1), terraform (<1.3.2-25), kubevirt (&l...

CVE-2023-46446

CVE-2023-46446 is confirmed in IBM Storage Ceph (Python AsyncSSH) as a Rogue Session Attack affecting AsyncSSH prior to 2.14.1. IBM’s bulletin ties CVE-2023-46446 to IBM Storage Ceph versions 6.0, 6.1z0-z9, 7.0z0-z1, 7.1z0-z3, and 8.0z0-z3, with the remediation to upgrade to 7.0z2. The advisory n...

CVE-2023-46445

CVE-2023-46445 affects AsyncSSH before 2.14.1, allowing MITM-controlled extension info messages (Rogue Extension Negotiation). IBM Storage Ceph integrations and various Linux distros reference this flaw. Mitigation: upgrade AsyncSSH to 2.14.1 or newer (patching in affected products where applicab...

CVE-2018-7749

The CVE-2018-7749 issue affects the AsyncSSH SSH server implementation (Python library) prior to version 1.12.1. The root cause is that the server does not properly verify that authentication is completed before processing other requests, allowing a specially crafted client to skip authentication...