CVE-2021-33622

Removed by vendor...

Singularity 代码问题漏洞

Singularity is an open source container management platform from the Singularity team Singularity. The software supports building applications on their desktops and running hundreds or thousands of instances on any public cloud or at the compute edge. A security vulnerability exists in a number o...

[SECURITY] Fedora 34 Update: singularity-3.7.4-1.fc34

Singularity provides functionality to make portable containers that can be used across host environments...

[SECURITY] Fedora 33 Update: singularity-3.7.4-1.fc33

Singularity provides functionality to make portable containers that can be used across host environments...

Fedora: Security Advisory for singularity (FEDORA-2021-08df3bb58a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for singularity (FEDORA-2021-ac3ef133e8)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Insecure Container Configuration

github.com/hpcng/singularity uses insecure container configuration. An attacker is able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint...

Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint

Impact Due to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint cloud.sylabs.io rather than the configured remote endpoint. An attacker may be able...

GHSA-5MV9-Q7FQ-9394 Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint

Impact Due to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint cloud.sylabs.io rather than the configured remote endpoint. An attacker may be able...

GHSA-JQ42-HFCH-42F3 Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint

Impact Due to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint cloud.sylabs.io rather than the configured remote endpoint. An attacker may be able...

Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint

Impact Due to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint cloud.sylabs.io rather than the configured remote endpoint. An attacker may be able...

OPENSUSE-SU-2021:0810-1 Security update for singularity

This update for singularity fixes the following issues: singularity was updated to version 3.7.3: - Fix for CVE-2021-29136: A dependency used to extract docker/OCI image layers can be tricked into modifying host files by creating a malicious layer that has a symlink with the name '.' or '/', when...

Security update for singularity (moderate)

openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2021:0810-1 Rating: moderate References: 1184147 Cross-References: CVE-2021-29136 CVSS scores: CVE-2021-29136 NVD : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVE-2021-29136 SUSE: 7.3...

CVE-2021-32635

Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint...

CVE-2021-32635

Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint...

Design/Logic Flaw

Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint...

CVE-2021-32635

Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint...

UBUNTU-CVE-2021-32635

Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint...

CVE-2021-32635 Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint

Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, singularity action commands run/shell/exec specifying a container using a library:// URI will always attempt to retrieve the container from the default remote endpoint...

CVE-2021-32635

Summary (CVE-2021-32635) : Singularity (open source container platform) versions 3.7.2–3.7.3 expose a flaw where action commands using a library:// URI ignore the configured remote endpoint and always fetch from the default endpoint cloud.sylabs.io. This can allow an attacker to push a malicious ...