Skip to main content

Asyncssh

4 CVEs product

Monthly

CVE-2023-48795 LIB MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js SSH Java +66
NVD GitHub
CVSS 3.1
5.9
EPSS
53.6%
Threat
4.3
CVE-2023-46446 PyPI MEDIUM PATCH This Month

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Asyncssh
NVD GitHub
CVSS 3.1
6.8
EPSS
0.9%
CVE-2023-46445 PyPI MEDIUM PATCH This Month

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation.". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Asyncssh
NVD GitHub
CVSS 3.1
5.9
EPSS
0.6%
CVE-2018-7749 PyPI CRITICAL PATCH Act Now

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Asyncssh
NVD GitHub
CVSS 3.0
9.8
EPSS
1.8%
EPSS 54% 4.3 CVSS 5.9
MEDIUM POC PATCH THREAT This Month

The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 53.6%.

Authentication Bypass Apache Node.js +68
NVD GitHub
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Asyncssh
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM PATCH This Month

An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation.". Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Asyncssh
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL PATCH Act Now

The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Asyncssh
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy