Product:

Singularity

(Sylabs)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 15
Date Id Summary Products Score Patch Annotated
2020-07-14 CVE-2020-13845 Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. Singularity 7.5
2020-07-14 CVE-2020-13846 Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. Singularity 7.5
2020-07-14 CVE-2020-13847 Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file. Singularity 7.5
2020-09-16 CVE-2020-25039 Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. Leap, Singularity 8.1
2020-09-16 CVE-2020-25040 Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. Leap, Singularity 8.8
2020-10-14 CVE-2020-15229 Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a... Backports_sle, Leap, Singularity 9.3
2021-04-06 CVE-2021-29136 Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. Umoci, Singularity 5.5
2021-05-28 CVE-2021-32635 Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt to retrieve the container from the default remote endpoint (`cloud.sylabs.io`) rather than the configured remote endpoint. An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a... Singularity 6.3
2021-06-15 CVE-2021-33622 Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. Singularity, Singularitypro 9.8
2021-07-19 CVE-2021-33027 Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. Singularity 9.8