Linux Distros Unpatched Vulnerability : CVE-2021-33027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. CVE-2021-33027 Note that Nessus relies on the presence of the package as report...

Linux Distros Unpatched Vulnerability : CVE-2022-23538

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services SCS Container Library Service. When the scs-library-client is used ...

CVE-2021-33027

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce...

Fedora 37 : apptainer (2023-01ff262091)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-01ff262091 advisory. Update to upstream 1.1.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

SUSE CVE-2022-23538

github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services SCS Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectl...

scs-library-client may leak user credentials to third-party service via HTTP redirect

Impact When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider. This occurs in a specific flow, where the library service redirects the...

GHSA-7P8M-22H4-9PJ7 scs-library-client may leak user credentials to third-party service via HTTP redirect

Impact When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider. This occurs in a specific flow, where the library service redirects the...

CVE-2022-23538

github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services SCS Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectl...

Authorization

github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services SCS Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectl...

UBUNTU-CVE-2022-23538

github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services SCS Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectl...

CVE-2022-23538 User credentials leaked to third-party service via HTTP redirect in scs-library-client

github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services SCS Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectl...

CVE-2022-23538

CVE-2022-23538 affects github.com/sylabs/scs-library-client (Go client for the Singularity Container Services library). The vulnerability occurs during a specific flow where, after authentication, the library service redirects to a backing S3 storage server to perform a multi-part concurrent down...

CVE-2022-23538

github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services SCS Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectl...

CVE-2022-23538 User credentials leaked to third-party service via HTTP redirect in scs-library-client

github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services SCS Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectl...

CVE-2021-33027

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce...

CVE-2021-33027

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce...

UBUNTU-CVE-2021-33027

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce...

Design/Logic Flaw

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce...

CVE-2021-33027

Removed by vendor...

Sylabs Singularity 安全特征问题漏洞

Sylabs Singularity is an open source container management platform from Sylabs, Inc. in the United States. The software supports building applications on their desktops and running hundreds or thousands of instances on any public cloud or at the compute edge. Sylabs Singularity Enterprise has a...