Product:

Singularity

(Sylabs)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 15
Date Id Summary Products Score Patch Annotated
2023-04-25 CVE-2023-30549 Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for... Apptainer, Enterprise_linux, Singularity 7.8
2019-05-14 CVE-2019-11328 An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host. Fedora, Backports, Leap, Singularity 8.8
2020-07-14 CVE-2020-13845 Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. Singularity 7.5
2020-07-14 CVE-2020-13846 Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. Singularity 7.5
2020-07-14 CVE-2020-13847 Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file. Singularity 7.5