MiracleLinux 9 : python3.9-3.9.14-1.el9.1 (AXSA:2022-4506:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4506:01 advisory. python: local privilege escalation via the multiprocessing forkserver start method CVE-2022-42919 Tenable has extracted the preceding description block...

EulerOS Virtualization 2.13.1 : python3 (EulerOS-SA-2025-2560)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted...

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-2276)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attacke...

EulerOS 2.0 SP13 : python3 (EulerOS-SA-2025-2308)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Directory traversal vulnerability in the 1 extract and 2 extractall functions in the tarfile module in Python allows user-assisted remote attacke...

BIT-LIBPYTHON-2022-42919

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...

BIT-PYTHON-MIN-2022-42919

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...

BIT-PYTHON-2022-42919

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...

EulerOS Virtualization 2.11.1 : python3 (EulerOS-SA-2023-2051)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system...

Amazon Linux 2023 : python3, python3-devel, python3-idle (ALAS2023-2023-104)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-104 advisory. Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non- default configuration. The Python multiprocessing library, when used with the forkserver...

SUSE CVE-2022-42919

Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network...

Amazon Linux 2022 : python3, python3-devel, python3-idle (ALAS2022-2023-273)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2023-273 advisory. Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non- default configuration. The Python multiprocessing library, when used with the forkserver...

Fedora 35 : python3.9 (2022-1166a1df1e)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-1166a1df1e advisory. Security fix for CVE-2022-42919 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora 35 : python3.10 (2022-f44dd1bec2)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-f44dd1bec2 advisory. Security fix for CVE-2022-42919 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora 35 : python3.11 (2022-a04a020e48)

The remote Fedora 35 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-a04a020e48 advisory. The final release of Python 3.11.0. Contains security fix for CVE-2022-42919. Tenable has extracted the preceding description block directly from th...

RHEL 9 : python3.9 (RHSA-2022:8493)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:8493 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

Privilege Escalation

python3.10 is vulnerable to privilege escalation. The vulnerability exists when used with the forkserver start method on Linux allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine which...

python: local privilege escalation via the multiprocessing forkserver start method

A vulnerability found in Python. The flaw occurs when used with the forkserver start method on Linux. The Python multiprocessing library allows Python pickles to be deserialized from any user in the same machine's local network namespace in many system configurations, which means any user on the...

Important: Red Hat Security Advisory: python3.9 security update

An update for python3.9 is now available for Red Hat Enterprise Linux 9 and Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

python: local privilege escalation via the multiprocessing forkserver start method

A vulnerability found in Python. The flaw occurs when used with the forkserver start method on Linux. The Python multiprocessing library allows Python pickles to be deserialized from any user in the same machine's local network namespace in many system configurations, which means any user on the...

Important: Red Hat Security Advisory: python39:3.9 security update

An update for the python39:3.9 module is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.4 Extended Update Support, and Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common...