Search CVE reports
1 – 5 of 5 results
CVE-2023-46447
Medium priorityThe POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.
1 affected package
python-asyncssh
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-asyncssh | — | Not affected | Not affected | Not affected | Not affected |
CVE-2023-48795
Medium prioritySome fixes available 29 of 79
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...
13 affected packages
dropbear, filezilla, golang-go.crypto, libssh, libssh2...
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
dropbear | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
filezilla | Fixed | Fixed | Fixed | Not affected | Not affected |
golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libssh | Not affected | Fixed | Fixed | Not affected | Not affected |
libssh2 | Not affected | Not affected | Not affected | Not affected | Not affected |
lxd | Not in release | Not in release | Not affected | Fixed | Fixed |
openssh | Fixed | Fixed | Fixed | Fixed | Fixed |
openssh-ssh1 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
paramiko | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
proftpd-dfsg | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
putty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
python-asyncssh | Fixed | Fixed | Fixed | Ignored | Ignored |
snapd | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2023-46446
Medium prioritySome fixes available 4 of 8
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
1 affected package
python-asyncssh
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-asyncssh | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2023-46445
Medium prioritySome fixes available 4 of 8
An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."
1 affected package
python-asyncssh
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-asyncssh | Fixed | Fixed | Fixed | Fixed | Ignored |
CVE-2018-7749
High prioritySome fixes available 1 of 5
The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
1 affected package
python-asyncssh
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-asyncssh | — | Not affected | Not affected | Fixed | Ignored |