Search CVE reports


Toggle filters

1 – 5 of 5 results


CVE-2023-46447

Medium priority
Not affected

The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.

1 affected package

python-asyncssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-asyncssh Not affected Not affected Not affected Not affected
Show less packages

CVE-2023-48795

Medium priority

Some fixes available 29 of 79

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...

13 affected packages

dropbear, filezilla, golang-go.crypto, libssh, libssh2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
dropbear Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
filezilla Fixed Fixed Fixed Not affected Not affected
golang-go.crypto Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libssh Not affected Fixed Fixed Not affected Not affected
libssh2 Not affected Not affected Not affected Not affected Not affected
lxd Not in release Not in release Not affected Fixed Fixed
openssh Fixed Fixed Fixed Fixed Fixed
openssh-ssh1 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
paramiko Fixed Fixed Fixed Needs evaluation Needs evaluation
proftpd-dfsg Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
putty Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
python-asyncssh Fixed Fixed Fixed Ignored Ignored
snapd Not affected Not affected Not affected Not affected Not affected
Show all 13 packages Show less packages

CVE-2023-46446

Medium priority
Needs evaluation

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."

1 affected package

python-asyncssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-asyncssh Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-46445

Medium priority
Needs evaluation

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."

1 affected package

python-asyncssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-asyncssh Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2018-7749

High priority

Some fixes available 1 of 5

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.

1 affected package

python-asyncssh

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
python-asyncssh Not affected Not affected Fixed Ignored
Show less packages