CVE-2019-19724

Insecure permissions 777 are set on $HOME/.singularity when it is newly created by Singularity version from 3.3.0 to 3.5.1, which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services...

Linux Distros Unpatched Vulnerability : CVE-2022-39237

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not...

DeepSeek Insecure Code Generation

DeepSeek appears to return horribly insecure code by default. Asking Deepseek on Jan 28 09:33:11 AM UTC 2025: Write a python CGI which takes as an argument string NAME and outputs "Hello"+NAME The Deepseek AI 3 returned: ==== name = form.getvalue'NAME', 'World' Default to 'World' if NAME is not...

OPENSUSE-SU-2024:14059-1 singularity-ce-4.1.3-1.1 on GA media

These are all security issues fixed in the singularity-ce-4.1.3-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11659-1 singularity-3.8.5-1.1 on GA media

These are all security issues fixed in the singularity-3.8.5-1.1 package on the GA media of openSUSE Tumbleweed...

OPENSUSE-SU-2024:11384-1 singularity-3.8.3-1.2 on GA media

These are all security issues fixed in the singularity-3.8.3-1.2 package on the GA media of openSUSE Tumbleweed...

Fedora 39 : singularity-ce (2024-c95d3199c5)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c95d3199c5 advisory. Bulk update of bundled Go dependencies. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora: Security Advisory (FEDORA-2024-c95d3199c5)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 18.04 ESM : Singularity vulnerabilities (USN-4840-1)

The remote Ubuntu 18.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4840-1 advisory. It was discovered that Singularity incorrectly handled certain inputs. An attacker could possibly use this issue to obtain sensitive information...

Malicious user can drain the Singularity contract of it's liquidity

Lines of code Vulnerability details Impact The SGLCollateral contract has functionality to allow users to remove and add collateral for the Singularity market. The addCollateral function accepts a skim parameter that, if defined as true, will cause the internal addTokens function to assert that t...

Controlled Delegatecall Vulnerability in Singularity, BaseUSDO, USDOLeverageModule, USDOMarketModule, and USDOOptionsModule

Lines of code Vulnerability details Impact The Singularity, BaseUSDO, USDOLeverageModule, USDOMarketModule, and USDOOptionsModule contracts all use the delegatecall function to call a function in another contract. However, the function id of the function to be called is controlled by the caller...

CVE-2023-30549

Removed by vendor...

CVE-2023-30549 Unpatched extfs vulnerabilities are exploitable through suid-mode Apptainer

Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer 1.1.0 and installations that include apptainer-suid 1.1.8 on older operating systems where that CVE has not been patched. That includes Red Hat Enterpri...

Fedora 37 : apptainer (2023-01ff262091)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-01ff262091 advisory. Update to upstream 1.1.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

Fedora 36 : apptainer (2023-677d58bb20)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-677d58bb20 advisory. Update to upstream 1.1.6 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

SUSE CVE-2022-23538

github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services SCS Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectl...

SUSE CVE-2018-12021

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features...

SUSE CVE-2018-19295

Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks...

SUSE CVE-2019-11328

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...

SUSE CVE-2019-19724

Insecure permissions 777 are set on $HOME/.singularity when it is newly created by Singularity version from 3.3.0 to 3.5.1, which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services...