Search CVE reports
1 – 5 of 5 results
Some fixes available 38 of 85
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation...
13 affected packages
dropbear, golang-go.crypto, snapd, lxd, libssh...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| dropbear | Needs evaluation | Fixed | Fixed | Fixed |
| golang-go.crypto | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| snapd | Not affected | Not affected | Not affected | Not affected |
| lxd | Not in release | Not in release | Not affected | Fixed |
| libssh | Not affected | Fixed | Fixed | Not affected |
| openssh-ssh1 | Ignored | Ignored | Ignored | Ignored |
| libssh2 | Not affected | Not affected | Not affected | Not affected |
| openssh | Fixed | Fixed | Fixed | Fixed |
| paramiko | Fixed | Fixed | Fixed | Needs evaluation |
| putty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| proftpd-dfsg | Not affected | Not affected | Fixed | Needs evaluation |
| python-asyncssh | Fixed | Fixed | Fixed | Ignored |
| filezilla | Fixed | Fixed | Fixed | Not affected |
The POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.
1 affected package
python-asyncssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-asyncssh | — | Not affected | Not affected | Not affected |
Some fixes available 4 of 8
An issue in AsyncSSH before 2.14.1 allows attackers to control the remote end of an SSH client session via packet injection/removal and shell emulation, aka a "Rogue Session Attack."
1 affected package
python-asyncssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-asyncssh | Fixed | Fixed | Fixed | Fixed |
Some fixes available 4 of 8
An issue in AsyncSSH before 2.14.1 allows attackers to control the extension info message (RFC 8308) via a man-in-the-middle attack, aka a "Rogue Extension Negotiation."
1 affected package
python-asyncssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-asyncssh | Fixed | Fixed | Fixed | Fixed |
Some fixes available 1 of 5
The SSH server implementation of AsyncSSH before 1.12.1 does not properly check whether authentication is completed before processing other requests. A customized SSH client can simply skip the authentication step.
1 affected package
python-asyncssh
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-asyncssh | — | Not affected | Not affected | Fixed |