EUVD-2020-6058

Malware in sbrugna...

Privilege Escalation

singularity-container is vulnerable to privilege escalation. The vulnerability exists due to the singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file, allowing a malicious user to manipulate data without having a proper...

CVE-2020-13847

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file...

CVE-2020-13847

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file...

CVE-2020-13845

Removed by vendor...

CVE-2020-13845

CVE-2020-13845 affects Sylabs Singularity 3.0–3.5. The vulnerability is improper validation of an integrity check value: image integrity is not validated when an ECL policy is enforced, because the fingerprint is compared against the SIF descriptor instead of a cryptographically validated signatu...

CVE-2020-13847

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file...

CVE-2008-7148

CVE-2008-7148 affects Synfig Animation Studio prior to 0.61.08. A crafted .sif file could allow an attacker to execute arbitrary code. The vulnerability is described as unspecified in the product, with no concrete root-cause, exploit path, affected versions beyond the stated prerelease condition,...