Scan Summary
CIS Azure v1.5.0
Compliance status: 44 issuesPCI DSS v4.0
Compliance status: 30 issuesContainer Images
Among 5 analyzed container images, the following were found to be vulnerable:
| glibc: memory corruption in memcpy-sse2-unaligned.S | |
| openssl: c_rehash script allows command injection | |
| perl: Heap-based buffer overflow in S_handle_regex_sets() | |
| perl: Heap-based buffer overflow in S_regatom() | |
| ncurses: Stack-based buffer overflow in fmt_entry function in dump_entry.c |
| Incorrect sanitation of the 302 redirect field in HTTP transport metho ... | |
| systemd: line splitting via fgets() allows for state injection during daemon-reexec | |
| systemd: Out-of-bounds heap write in systemd-networkd dhcpv6 option handling | |
| systemd: stack overflow when calling syslog from a command with long cmdline | |
| systemd: stack overflow when receiving many journald entries |
| python: Missing salt initialization in _elementtree.c module | |
| python: Command injection in the shutil module | |
| e2fsprogs: Crafted ext4 partition leads to out-of-bounds write | |
| e2fsprogs: Out-of-bounds write in e2fsck/rehash.c | |
| systemd: Spoofing of XDG_SEAT allows for actions to be checked against "allow_active" instead of "allow_any" |
Latest malicious container images:
| Repository | Image tag | Malware |
|---|---|---|
| prevasio.azurecr.io/samples/82zge/zagit | tag1 | Multios.Coinminer.Miner-6781728-2 |
| prevasio.azurecr.io/021982/xmrig2 | xmrig2, xmrig3 | Multios.Coinminer.Miner-6781728-2 |
Top malware detections:
| Malware | Malicious files |
|---|---|
| Multios.Coinminer.Miner-6781728-2 | 2 |
Top ports found to be exposed by containers:
Top networking services that match the ports exposed by containers: