Vulnerability Reportcouchdb:latest

Name: couchdb:3.5 Security Vulnerability Report
Creator: BaseImage
Keywords: couchdb:3.5, Docker security, vulnerability scan, CVE, container security, SBOM

couchdb:latestcouchdb:3.5.2couchdb:3.5couchdb:3

DIGESTsha256:9a84b943671e9587a690e0c4418e0bd89984b5045db84532add2e560e6b76127

Executive Summary

CAUTION

This image carries significant risk; production deployment is highly discouraged without strict compensating controls. An attacker could potentially trigger a denial of service (e.g., CVE-2018-20796) in core system libraries or, under specific operational conditions, exploit vulnerabilities for information disclosure (CVE-2026-6276) or even arbitrary code execution (CVE-2026-7598 if acting as an SSH client). It should be noted that the most severe findings, like CVE-2019-1010022, are mitigation bypasses requiring a separate vulnerability or are disputed by maintainers. Additionally, CVE-2015-3276, affecting OpenLDAP, only applies if CouchDB is configured to use LDAP for authentication. While this is an official and trusted image, the cumulative number of high-severity vulnerabilities presents a significant attack surface.

Threat Score

50/100

CAUTION

The image contains 10 vulnerabilities with severity 6.0 or higher on the exposed surface, with the highest severity being 6.66.
Notable exposed vulnerabilities include potential denial-of-service risks in glibc (e.g., CVE-2018-20796) and information disclosure in libcurl (CVE-2026-6276).
One significant vulnerability, CVE-2026-7598 in libssh2, involves an integer overflow that could lead to arbitrary code execution or denial of service if the container acts as an SSH client.
Many high-severity findings are disputed by upstream maintainers (CVE-2019-1010022, CVE-2019-9192) or require specific conditions for exploitation, which lowers their practical impact.
A vulnerability in OpenLDAP, CVE-2015-3276, requires CouchDB to be specifically configured for LDAP authentication to be relevant.
The image is an Official Docker Hub Image and is pinned by digest, providing a strong trust foundation and immutability.

Reputation

TRUSTED

Docker Official

OFFICIAL

Official Docker Hub Image
Pinned by digest (Immutable)

BaseImage/

couchdb:latest

Hardened

Grade

A+

Vulns

Verified & secured for production

Vulnerabilities

Vulnerability Log

233 total

CVE ID	Adjusted Severity	Package	Exploit Probability	Risk Context
CVE-2019-1010022	MEDIUM6.66	libc-bin 2.41-12+deb13u3 No fix yet	0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2019-1010022	MEDIUM6.66	libc6 2.41-12+deb13u3 No fix yet	0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2019-9192	MEDIUM6.38	libc-bin 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2019-9192	MEDIUM6.38	libc6 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-5773	MEDIUM6.38	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6276	MEDIUM6.38	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-7598	MEDIUM6.18	libssh2-1t64 1.11.1-1 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2018-20796	MEDIUM6	libc-bin 2.41-12+deb13u3 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2018-20796	MEDIUM6	libc6 2.41-12+deb13u3 No fix yet	1.5% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2015-3276	MEDIUM6	libldap2 2.6.10+dfsg-1 No fix yet	2.6% Low-Moderate Risk	Directly ExposedContext importance: MEDIUM
CVE-2026-1965	MEDIUM5.78	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14819	MEDIUM5.78	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-22185	MEDIUM5.78	libldap2 2.6.10+dfsg-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6238	MEDIUM5.52	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3784	MEDIUM5.52	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5545	MEDIUM5.52	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6429	MEDIUM5.52	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14524	MEDIUM5.52	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-15079	MEDIUM5.5	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-3805	MEDIUM5.35	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-14104	MEDIUM5.18	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2018-6829	MEDIUM5.1	libgcrypt20 1.11.0-7+deb13u1 No fix yet	0.5% Theoretical Threat	Directly ExposedContext importance: MEDIUM
CVE-2026-5435	MEDIUM5.02	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5435	MEDIUM5.02	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-10966	MEDIUM5.02	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-2236	MEDIUM5.02	libgcrypt20 1.11.0-7+deb13u1 No fix yet	0.7% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libgssapi-krb5-2 1.21.3-5+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26461	MEDIUM5.02	libgssapi-krb5-2 1.21.3-5+deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libk5crypto3 1.21.3-5+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26461	MEDIUM5.02	libk5crypto3 1.21.3-5+deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5-3 1.21.3-5+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26461	MEDIUM5.02	libkrb5-3 1.21.3-5+deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2024-26458	MEDIUM5.02	libkrb5support0 1.21.3-5+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2024-26461	MEDIUM5.02	libkrb5support0 1.21.3-5+deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-13151	MEDIUM5.02	libtasn1-6 4.20.0-2 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-42250	MEDIUM5	libbz2-1.0 1.0.8-6 No fix yet	—	Directly Exposed
CVE-2026-3783	MEDIUM4.84	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-48962	MEDIUM4.68	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2022-0563	MEDIUM4.67	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2022-0563	MEDIUM4.67	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27171	MEDIUM4.67	zlib1g 1:1.3.dfsg+really1.3.1-1+b1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM4.5	libc-bin 2.41-12+deb13u3 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc-bin 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2019-1010024	MEDIUM4.5	libc6 2.41-12+deb13u3 No fix yet	0.6% Theoretical Threat	Directly Exposed
CVE-2019-1010025	MEDIUM4.5	libc6 2.41-12+deb13u3 No fix yet	0.8% Theoretical Threat	Directly Exposed
CVE-2026-4873	MEDIUM4.5	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-6253	MEDIUM4.5	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-7168	MEDIUM4.5	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-34743	MEDIUM4.5	liblzma5 5.8.1-1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libsystemd0 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31437	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2023-31438	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2023-31439	MEDIUM4.5	libudev1 257.13-1~deb13u1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-3184	MEDIUM4.5	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2011-3389	MEDIUM4.3	libgnutls30t64 3.8.9-3+deb13u4 No fix yet	3.8% Low-Moderate Risk	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc-bin 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5450	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-5928	MEDIUM4.25	libc6 2.41-12+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-15079	MEDIUM4.13	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14017	MEDIUM4.08	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libblkid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2025-15224	MEDIUM4	libcurl4t64 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2017-14159	MEDIUM4	libldap2 2.6.10+dfsg-1 No fix yet	0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libmount1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-27456	MEDIUM4	libuuid1 2.41-5 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-24882	LOW3.98	dirmngr 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-24882	LOW3.98	gnupg 2.4.7-21+deb13u1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-24882	LOW3.98	gpg 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-24882	LOW3.98	gpg-agent 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-24882	LOW3.98	gpgconf 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-24882	LOW3.98	gpgsm 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5773	LOW3.82	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-6276	LOW3.82	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW3.7	libapt-pkg7.0 3.0.3 No fix yet	1.5% Low-Moderate Risk	Directly Exposed
CVE-2021-45346	LOW3.65	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	0.3% Theoretical Threat	Directly Exposed
CVE-2005-2541	LOW3.6	tar 1.35+dfsg-3.1 No fix yet	3.8% Low-Moderate Risk	Post-Exploit
CVE-2020-15719	LOW3.57	libldap2 2.6.10+dfsg-1 No fix yet	0.2% Theoretical Threat	Directly Exposed
CVE-2026-8376	LOW3.53	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-1965	LOW3.47	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14819	LOW3.47	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2010-4756	LOW3.4	libc-bin 2.41-12+deb13u3 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2010-4756	LOW3.4	libc6 2.41-12+deb13u3 No fix yet	0.4% Theoretical Threat	Directly Exposed
CVE-2026-3784	LOW3.31	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5545	LOW3.31	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-6429	LOW3.31	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14524	LOW3.31	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-42496	LOW3.28	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-3805	LOW3.21	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-14104	LOW3.11	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-10966	LOW3.01	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3783	LOW2.91	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-5704	LOW2.8	tar 1.35+dfsg-3.1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-0563	LOW2.8	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-70873	LOW2.8	libsqlite3-0 3.46.1-7+deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libsystemd0 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2013-4392	LOW2.8	libudev1 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2026-40228	LOW2.8	libudev1 257.13-1~deb13u1 No fix yet	<0.1% Theoretical Threat	Directly Exposed
CVE-2018-5709	LOW2.7	libgssapi-krb5-2 1.21.3-5+deb13u1 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libk5crypto3 1.21.3-5+deb13u1 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libkrb5-3 1.21.3-5+deb13u1 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2018-5709	LOW2.7	libkrb5support0 1.21.3-5+deb13u1 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2017-17740	LOW2.7	libldap2 2.6.10+dfsg-1 No fix yet	6.1% Low-Moderate Risk	Post-Exploit
CVE-2026-42497	LOW2.7	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-9538	LOW2.7	perl-base 5.40.1-6 No fix yet	—	Post-Exploit
CVE-2026-3184	LOW2.7	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-4873	LOW2.7	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-6253	LOW2.7	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-7168	LOW2.7	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-3184	LOW2.7	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW2.69	libc-bin 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2019-1010023	LOW2.69	libc6 2.41-12+deb13u3 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2007-5686	LOW2.5	passwd 1:4.17.4-2 No fix yet	0.3% Theoretical Threat	Post-Exploit
CVE-2025-14017	LOW2.45	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	bsdutils 1:2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2017-18018	LOW2.4	coreutils 9.7-3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-15224	LOW2.4	curl 8.14.1-2+deb13u3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	dirmngr 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gnupg 2.4.7-21+deb13u1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpg 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpg-agent 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpgconf 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-68972	LOW2.4	gpgsm 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	mount 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2026-27456	LOW2.4	util-linux 2.41-5 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2025-5278	LOW2.24	coreutils 9.7-3 No fix yet	0.1% Theoretical Threat	Post-Exploit
CVE-2011-3374	LOW2.22	apt 3.0.3 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2011-3374	LOW2.22	apt-transport-https 3.0.3 No fix yet	1.5% Low-Moderate Risk	Post-Exploit
CVE-2024-56433	LOW2.16	passwd 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Post-Exploit
CVE-2022-3219	LOW1.68	dirmngr 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-3219	LOW1.68	gnupg 2.4.7-21+deb13u1 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-3219	LOW1.68	gpg 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-3219	LOW1.68	gpg-agent 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-3219	LOW1.68	gpgconf 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2022-3219	LOW1.68	gpgsm 2.4.7-21+deb13u1+b3 No fix yet	<0.1% Theoretical Threat	Post-Exploit
CVE-2011-4116	LOW1.68	perl-base 5.40.1-6 No fix yet	0.2% Theoretical Threat	Post-Exploit
CVE-2018-7738	NONE0	bash-completion 1:2.16.0-7 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-24882	NONE0	gnupg-l10n 2.4.7-21+deb13u1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	libncursesw6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-69720	NONE0	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2018-5709	NONE0	krb5-locales 1.21.3-5+deb13u1 No fix yet	1.5% Low-Moderate Risk	Not Applicable
CVE-2025-14104	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-14104	NONE0	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2024-26458	NONE0	krb5-locales 1.21.3-5+deb13u1 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2024-26461	NONE0	krb5-locales 1.21.3-5+deb13u1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2022-0563	NONE0	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-3184	NONE0	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2007-5686	NONE0	login.defs 1:4.17.4-2 No fix yet	0.3% Theoretical Threat	Not Applicable
CVE-2025-68972	NONE0	gnupg-l10n 2.4.7-21+deb13u1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	liblastlog2-2 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	libsmartcols1 2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-27456	NONE0	login 1:4.16.0-2+really2.41-5 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2024-56433	NONE0	login.defs 1:4.17.4-2 No fix yet	4.5% Low-Moderate Risk	Not Applicable
CVE-2022-3219	NONE0	gnupg-l10n 2.4.7-21+deb13u1 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	libncursesw6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	libtinfo6 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	ncurses-base 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2025-6141	NONE0	ncurses-bin 6.5+20250216-2 No fix yet	<0.1% Theoretical Threat	Not Applicable
TEMP-0841856-B18BAF	NONE0	bash 5.2.37-2+b9 No fix yet	—	Not Applicable
CVE-2026-34180	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34181	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34182	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34183	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42764	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42766	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42767	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42768	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42769	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42770	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45445	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45446	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45447	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-7383	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-9076	NONE0	libssl3t64 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	login.defs 1:4.17.4-2 No fix yet	—	Not Applicable
CVE-2026-34180	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34181	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34182	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34183	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42764	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42766	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42767	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42768	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42769	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42770	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45445	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45446	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45447	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-7383	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-9076	NONE0	openssl 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34180	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34181	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34182	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-34183	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42764	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42766	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42767	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42768	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42769	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-42770	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45445	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45446	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-45447	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-7383	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
CVE-2026-9076	NONE0	openssl-provider-legacy 3.5.6-1~deb13u1 No fix yet	—	Not Applicable
TEMP-0628843-DBAD28	NONE0	passwd 1:4.17.4-2 No fix yet	—	Not Applicable
CVE-2026-48959	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
CVE-2025-15649	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
CVE-2026-7010	NONE0	perl-base 5.40.1-6 No fix yet	<0.1% Theoretical Threat	Not Applicable
CVE-2026-48961	NONE0	perl-base 5.40.1-6 No fix yet	—	Not Applicable
TEMP-0517018-A83CE6	NONE0	sysvinit-utils 3.14-4 No fix yet	—	Not Applicable
TEMP-0290435-0B57B5	NONE0	tar 1.35+dfsg-3.1 No fix yet	—	Not Applicable