Vulnerability Reportubuntu:jammy-20260322.1

ubuntu:jammy-20260322.1
DIGESTsha256:eb29ed27b0821dca09c2e28b39135e185fc1302036427d5f4d70a41ce8fd7659

Executive Summary

Last scanned:

Threat Score
75/100DANGEROUS
Reputation
TRUSTED

This base/runtime image ships critical vulnerabilities that any image built on it would inherit; they must be remediated before the final image goes to production. An attacker could exploit CVE-2026-42010 to bypass authentication for RSA-PSK servers, gain unauthorized access to sensitive data, or leverage CVE-2026-45447 for remote code execution through a crafted PKCS#7 message. Note that CVE-2026-42010 only applies if the RSA-PSK mode is configured; if not used, that specific risk is eliminated. Other vulnerabilities, such as DTLS-related flaws, depend on whether DTLS is utilized. Note: this is a general-purpose base/runtime image — many findings live in components that an application built on top may never load, so actual exploitability depends on the final image. For an accurate risk picture, re-scan the final application image with context.

Vulnerabilities

Vulnerability Log

83 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2026-42010HIGH7.84
libgnutls30
3.7.3-4ubuntu1.8
fixed in 3.7.3-4ubuntu1.9
1.1%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-45447MEDIUM6.48
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.25
2.7%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-33845MEDIUM6.18
libgnutls30
3.7.3-4ubuntu1.8
fixed in 3.7.3-4ubuntu1.9
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-42012MEDIUM6.03
libgnutls30
3.7.3-4ubuntu1.8
fixed in 3.7.3-4ubuntu1.9
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-33846MEDIUM6
libgnutls30
3.7.3-4ubuntu1.8
fixed in 3.7.3-4ubuntu1.9
1.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-42009MEDIUM6
libgnutls30
3.7.3-4ubuntu1.8
fixed in 3.7.3-4ubuntu1.9
1.3%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2026-4878MEDIUM5.95
libcap2
1:2.44-1ubuntu0.22.04.2
fixed in 1:2.44-1ubuntu0.22.04.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2024-2236MEDIUM5.9
libgcrypt20
1.9.4-3ubuntu3
No fix yet
1.1%
Low-Moderate Risk
Directly Exposed
CVE-2026-42014MEDIUM5.61
libgnutls30
3.7.3-4ubuntu1.8
fixed in 3.7.3-4ubuntu1.9
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-42013MEDIUM5.58
libgnutls30
3.7.3-4ubuntu1.8
fixed in 3.7.3-4ubuntu1.9
0.4%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-5260MEDIUM5.58
libgnutls30
3.7.3-4ubuntu1.8
fixed in 3.7.3-4ubuntu1.9
0.7%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-6238MEDIUM5.52
libc6
2.35-0ubuntu3.13
No fix yet
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-13757MEDIUM5.27
libp11-kit0
0.24.0-6build1
No fix yet
0.1%
Theoretical Threat
Directly Exposed
CVE-2026-41989MEDIUM5.1
libgcrypt20
1.9.4-3ubuntu3
fixed in 1.9.4-3ubuntu3.2
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-28389MEDIUM5.1
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.23
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-28390MEDIUM5.1
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.23
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-3833MEDIUM5.03
libgnutls30
3.7.3-4ubuntu1.8
fixed in 3.7.3-4ubuntu1.9
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-42011MEDIUM5.03
libgnutls30
3.7.3-4ubuntu1.8
fixed in 3.7.3-4ubuntu1.9
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-34182MEDIUM5.03
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.25
0.2%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-5435MEDIUM5.02
libc6
2.35-0ubuntu3.13
No fix yet
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-31790MEDIUM5.02
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.23
1.0%
Theoretical Threat
Directly Exposed
CVE-2026-42770MEDIUM5.02
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.25
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-9076MEDIUM5.02
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.25
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-31789MEDIUM5
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.23
0.2%
Theoretical Threat
Directly Exposed
CVE-2022-27943MEDIUM4.67
libgcc-s1
12.3.0-1ubuntu1~22.04.3
No fix yet
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-7383MEDIUM4.67
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.25
0.4%
Theoretical Threat
Directly Exposed
CVE-2022-27943MEDIUM4.67
libstdc++6
12.3.0-1ubuntu1~22.04.3
No fix yet
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-45445MEDIUM4.64
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.25
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-4046MEDIUM4.5
libc6
2.35-0ubuntu3.13
No fix yet
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42015MEDIUM4.5
libgnutls30
3.7.3-4ubuntu1.8
fixed in 3.7.3-4ubuntu1.9
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-34743MEDIUM4.5
liblzma5
5.2.5-2ubuntu1
fixed in 5.2.5-2ubuntu1.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42766MEDIUM4.5
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.25
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-42767MEDIUM4.5
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.25
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-34180MEDIUM4.25
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.25
0.5%
Theoretical Threat
Directly Exposed
CVE-2026-28387MEDIUM4.13
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.23
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-69720LOW3.98
ncurses-bin
6.3-2ubuntu0.1
fixed in 6.3-2ubuntu0.2
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-28388LOW3.83
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.23
0.9%
Theoretical Threat
Directly Exposed
CVE-2026-5958LOW3.21
sed
4.8-1ubuntu2
fixed in 4.8-1ubuntu2.1
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-3832LOW3.15
libgnutls30
3.7.3-4ubuntu1.8
fixed in 3.7.3-4ubuntu1.9
0.7%
Theoretical Threat
Directly Exposed
CVE-2026-45446LOW3.15
libssl3
3.0.2-0ubuntu1.21
fixed in 3.0.2-0ubuntu1.25
0.2%
Theoretical Threat
Directly Exposed
CVE-2026-8376LOW3
perl-base
5.34.0-3ubuntu1.5
fixed in 5.34.0-3ubuntu1.7
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-45582LOW2.86
tar
1.34+dfsg-1ubuntu0.1.22.04.2
fixed in 1.34+dfsg-1ubuntu0.1.22.04.4
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-5704LOW2.8
tar
1.34+dfsg-1ubuntu0.1.22.04.2
fixed in 1.34+dfsg-1ubuntu0.1.22.04.3
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-42496LOW2.78
perl-base
5.34.0-3ubuntu1.5
fixed in 5.34.0-3ubuntu1.7
0.4%
Theoretical Threat
Post-Exploit
CVE-2017-11164LOW2.7
libpcre3
2:8.39-13ubuntu0.22.04.1
No fix yet
3.1%
Low-Moderate Risk
Post-Exploit
CVE-2022-4899LOW2.7
libzstd1
1.4.8+dfsg-3build1
No fix yet
1.6%
Low-Moderate Risk
Post-Exploit
CVE-2026-4046LOW2.7
libc-bin
2.35-0ubuntu3.13
No fix yet
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-27456LOW2.4
bsdutils
1:2.37.2-4ubuntu3.5
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-41991LOW2.4
gzip
1.10-4ubuntu4.1
fixed in 1.10-4ubuntu4.2
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-27456LOW2.4
mount
2.37.2-4ubuntu3.5
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-27456LOW2.4
util-linux
2.37.2-4ubuntu3.5
No fix yet
0.1%
Theoretical Threat
Post-Exploit
CVE-2026-41992LOW2.29
gzip
1.10-4ubuntu4.1
fixed in 1.10-4ubuntu4.2
0.3%
Theoretical Threat
Post-Exploit
CVE-2022-41409LOW2.29
libpcre2-8-0
10.39-3ubuntu0.1
No fix yet
1.0%
Theoretical Threat
Post-Exploit
CVE-2026-6238LOW1.99
libc-bin
2.35-0ubuntu3.13
No fix yet
0.3%
Theoretical Threat
Post-Exploit
CVE-2023-50495LOW1.99
ncurses-bin
6.3-2ubuntu0.1
No fix yet
1.0%
Theoretical Threat
Post-Exploit
CVE-2024-56433LOW1.84
login
1:4.8.1-2ubuntu2.2
No fix yet
0.4%
Theoretical Threat
Post-Exploit
CVE-2024-56433LOW1.84
passwd
1:4.8.1-2ubuntu2.2
No fix yet
0.4%
Theoretical Threat
Post-Exploit
CVE-2026-5435LOW1.81
libc-bin
2.35-0ubuntu3.13
No fix yet
0.2%
Theoretical Threat
Post-Exploit
CVE-2023-29383LOW1.68
login
1:4.8.1-2ubuntu2.2
No fix yet
0.4%
Theoretical Threat
Post-Exploit
CVE-2023-29383LOW1.68
passwd
1:4.8.1-2ubuntu2.2
No fix yet
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-69720NONE0
libncurses6
6.3-2ubuntu0.1
fixed in 6.3-2ubuntu0.2
0.4%
Theoretical Threat
Not Applicable
CVE-2025-69720NONE0
libncursesw6
6.3-2ubuntu0.1
fixed in 6.3-2ubuntu0.2
0.4%
Theoretical Threat
Not Applicable
CVE-2026-29111NONE0
libsystemd0
249.11-0ubuntu3.17
fixed in 249.11-0ubuntu3.19
0.1%
Theoretical Threat
Not Applicable
CVE-2025-69720NONE0
libtinfo6
6.3-2ubuntu0.1
fixed in 6.3-2ubuntu0.2
0.4%
Theoretical Threat
Not Applicable
CVE-2026-29111NONE0
libudev1
249.11-0ubuntu3.17
fixed in 249.11-0ubuntu3.19
0.1%
Theoretical Threat
Not Applicable
CVE-2025-69720NONE0
ncurses-base
6.3-2ubuntu0.1
fixed in 6.3-2ubuntu0.2
0.4%
Theoretical Threat
Not Applicable
CVE-2023-50495NONE0
libncurses6
6.3-2ubuntu0.1
No fix yet
1.0%
Theoretical Threat
Not Applicable
CVE-2023-50495NONE0
libncursesw6
6.3-2ubuntu0.1
No fix yet
1.0%
Theoretical Threat
Not Applicable
CVE-2023-50495NONE0
libtinfo6
6.3-2ubuntu0.1
No fix yet
1.0%
Theoretical Threat
Not Applicable
CVE-2023-50495NONE0
ncurses-base
6.3-2ubuntu0.1
No fix yet
1.0%
Theoretical Threat
Not Applicable
CVE-2026-40225NONE0
libsystemd0
249.11-0ubuntu3.17
fixed in 249.11-0ubuntu3.19
0.1%
Theoretical Threat
Not Applicable
CVE-2026-40226NONE0
libsystemd0
249.11-0ubuntu3.17
fixed in 249.11-0ubuntu3.21
<0.1%
Theoretical Threat
Not Applicable
CVE-2026-40225NONE0
libudev1
249.11-0ubuntu3.17
fixed in 249.11-0ubuntu3.19
0.1%
Theoretical Threat
Not Applicable
CVE-2026-40226NONE0
libudev1
249.11-0ubuntu3.17
fixed in 249.11-0ubuntu3.21
<0.1%
Theoretical Threat
Not Applicable
CVE-2023-7008NONE0
libsystemd0
249.11-0ubuntu3.17
fixed in 249.11-0ubuntu3.21
0.8%
Theoretical Threat
Not Applicable
CVE-2023-7008NONE0
libudev1
249.11-0ubuntu3.17
fixed in 249.11-0ubuntu3.21
0.8%
Theoretical Threat
Not Applicable
CVE-2022-27943NONE0
gcc-12-base
12.3.0-1ubuntu1~22.04.3
No fix yet
0.9%
Theoretical Threat
Not Applicable
CVE-2026-27456NONE0
libblkid1
2.37.2-4ubuntu3.5
No fix yet
0.1%
Theoretical Threat
Not Applicable
CVE-2026-27456NONE0
libmount1
2.37.2-4ubuntu3.5
No fix yet
0.1%
Theoretical Threat
Not Applicable
CVE-2026-27456NONE0
libsmartcols1
2.37.2-4ubuntu3.5
No fix yet
0.1%
Theoretical Threat
Not Applicable
CVE-2026-27456NONE0
libuuid1
2.37.2-4ubuntu3.5
No fix yet
0.1%
Theoretical Threat
Not Applicable
CVE-2026-40228NONE0
libsystemd0
249.11-0ubuntu3.17
No fix yet
0.2%
Theoretical Threat
Not Applicable
CVE-2026-40228NONE0
libudev1
249.11-0ubuntu3.17
No fix yet
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.