The remote Ubuntu 20.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5888-1 advisory.

    It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were     tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to     execute arbitrary code. (CVE-2015-20107)

    Hamza Avvan discovered that Python incorrectly handled certain inputs. If a user or an automated system     were tricked into running a specially crafted input, a remote attacker could possibly use this issue to     execute arbitrary code. (CVE-2021-28861)

    It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were     tricked into running a specially crafted input, a remote attacker could possibly use this issue to execute     arbitrary code. (CVE-2022-37454, CVE-2022-42919)

    It was discovered that Python incorrectly handled certain inputs. If a user or an automated system were     tricked into running a specially crafted input, a remote attacker could possibly use this issue to cause a     denial of service. (CVE-2022-45061, CVE-2023-24329)

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Ubuntu 20.04 ESM : Python vulnerabilities (USN-5888-1)

critical Nessus Plugin ID 171939

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.7 Aug 28, 2024, 7:43 PM CVSSv2 severity (based on None, severity decreased from "High" to "Low") Detection (updated detection logic) Plugin metadata CVSS metrics ("Cvssv4 score" set to 0.0) Plugin Feed: 202408281943
Version 1.6 Oct 21, 2023, 5:06 AM Detection Plugin Feed: 202310210506
Version 1.5 Sep 1, 2023, 4:18 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True". "Exploitability ease" changed from "No known exploits are available" to "Exploits are available") Plugin Feed: 202309011618
Version 1.4 Aug 31, 2023, 4:28 PM IAVM reference Plugin Feed: 202308311628
Version 1.3 Jun 16, 2023, 10:05 AM IAVM reference Plugin Feed: 202306161005
Version 1.2 Jun 16, 2023, 8:11 AM IAVM reference Plugin Feed: 202306160811
Version 1.1 Mar 3, 2023, 11:58 AM IAVM reference Plugin Feed: 202303031158
Version 1.0 Feb 28, 2023, 7:53 AM New Plugin Feed: 202302280753