27 matches found
EUVD-2021-2562
Malware in sbrugna...
ecl.watersheep.org Cross Site Scripting vulnerability OBB-2946393
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ecl-soutien.fr Cross Site Scripting vulnerability OBB-2700698
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Execution Control List (ECL) Is Insecure in Singularity
Impact The Singularity Execution Control List ECL allows system administrators to set up a policy that defines rules about what signatures must be or must not be present on a SIF container image for it to be permitted to run. In Singularity 3.x versions below 3.6.0, the following issues allow the...
GHSA-PMFR-63C2-JR5C Execution Control List (ECL) Is Insecure in Singularity
Impact The Singularity Execution Control List ECL allows system administrators to set up a policy that defines rules about what signatures must be or must not be present on a SIF container image for it to be permitted to run. In Singularity 3.x versions below 3.6.0, the following issues allow the...
Unspecified Vulnerability in Sylabs Singularity (CNVD-2020-52438)
Singularity is a Linux-based container platform for running standalone applications. A security vulnerability exists in Sylabs Singularity versions 3.0 through 3.5. An attacker can exploit the vulnerability to bypass ECL protection...
CVE-2020-13845
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptors in the SIF file, rather than to a cryptographically...
CVE-2020-13845
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptors in the SIF file, rather than to a cryptographically...
Input validation
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptors in the SIF file, rather than to a cryptographically...
UBUNTU-CVE-2020-13845
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptors in the SIF file, rather than to a cryptographically...
CVE-2020-13845
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptors in the SIF file, rather than to a cryptographically...
CVE-2020-13845
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptors in the SIF file, rather than to a cryptographically...
CVE-2020-13845
Removed by vendor...
CVE-2020-13845
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptors in the SIF file, rather than to a cryptographically...
CVE-2020-13845
CVE-2020-13845 affects Sylabs Singularity 3.0–3.5. The vulnerability is improper validation of an integrity check value: image integrity is not validated when an ECL policy is enforced, because the fingerprint is compared against the SIF descriptor instead of a cryptographically validated signatu...
Rockwell Automation 1769-End Cap Left 1769-ECL
Binary data 754051.prm...
Design/Logic Flaw
IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List ECL protection...
CVE-2008-0862
IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List ECL protection...
CVE-2008-0862
CVE-2008-0862 affects IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0. The issue arises when forwarding an email, where Notes signs an unsigned applet, potentially bypassing the Execution Control List (ECL). The NVD entry lists the impact as user-assisted remote execution with partial confidentiality impa...
CVE-2008-0862
IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List ECL protection...