48 matches found
EUVD-2020-6058
Malware in sbrugna...
EUVD-2021-0940
Malware in sbrugna...
CVE-2021-29499
SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version...
GO-2022-0912 Predictable SIF UUID Identifiers in github.com/sylabs/sif
Predictable SIF UUID Identifiers in github.com/sylabs/sif...
openSUSE: Security Advisory for apptainer (openSUSE-SU-2023:0018-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Design/Logic Flaw
Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer 1.1.0 and installations that include apptainer-suid 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterpri...
SUSE CVE-2020-13847
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file...
go.uuid has Predictable UUID Identifiers
CVE Description for go.uuid A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker. Updat...
GLSA-202210-19 : Apptainer: Lack of Digital Signature Hash Verification
The remote host is affected by the vulnerability described in GLSA-202210-19 Apptainer: Lack of Digital Signature Hash Verification - syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not veri...
GO-2022-1045 Improper validation of signature hash algorithms in github.com/sylabs/sif/v2
The Singularity Image Format SIF reference implementation does not verify that the hash algorithms used are cryptographically secure when verifying digital signatures...
Improper Verification Of Cryptographic Signatures
sylabs sif is vulnerable to a lack of cryptographic signature validations. The vulnerability exists due to the package not verifying the hash algorithm used is cryptographically secure when verifying digital signatures allowing an attacker to perform unauthorized actions...
CVE-2022-39237
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
UBUNTU-CVE-2022-39237
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
CVE-2022-39237
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
Design/Logic Flaw
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
CVE-2022-39237
CVE-2022-39237 affects the Syslabs/sif (Singularity Image Format) reference implementation. In versions prior to 2.8.1, the go module github.com/sylabs/sif/v2/pkg/integrity did not verify that the hash algorithms used for metadata digests and signatures are cryptographically secure when validatin...
CVE-2022-39237
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
CVE-2022-39237
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
CVE-2022-39237 Digital Signature Hash Algorithms Not Validated in sylabs/sif
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...
CVE-2022-39237 Digital Signature Hash Algorithms Not Validated in sylabs/sif
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...