434 matches found
Insecure Permission
github.com/sylabs/singularity is vulnerable to insecure permissions. When a user's configuration directory $HOME/.singularity is newly created, it makes directories with insecure permissions 777 on $HOME/.singularity and SINGULARITYCACHEDIR directories, allowing other users to perform malicious...
Singularity Information Disclosure Vulnerability (CNVD-2020-03164)
Singularity is a Linux-based container platform for running standalone applications. A security vulnerability exists in Singularity versions 3.3.0 through 3.5.1, which stems from a program that sets insecure permissions 777 for $HOME/.singularity. An attacker can exploit the vulnerability to...
CVE-2019-19724
Insecure permissions 777 are set on $HOME/.singularity when it is newly created by Singularity version from 3.3.0 to 3.5.1, which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services...
CVE-2019-19724
Insecure permissions 777 are set on $HOME/.singularity when it is newly created by Singularity version from 3.3.0 to 3.5.1, which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services...
Information disclosure
Insecure permissions 777 are set on $HOME/.singularity when it is newly created by Singularity version from 3.3.0 to 3.5.1, which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services...
CVE-2019-19724
Insecure permissions 777 are set on $HOME/.singularity when it is newly created by Singularity version from 3.3.0 to 3.5.1, which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services...
CVE-2019-19724
CVE-2019-19724 affects Singularity 3.3.0–3.5.1, where newly created $HOME/.singularity could have insecure permissions (777), enabling information disclosure and malicious redirection of operations against Sylabs cloud services. Publicly available connected documents show openSUSE advisories (ope...
CVE-2019-19724
Insecure permissions 777 are set on $HOME/.singularity when it is newly created by Singularity version from 3.3.0 to 3.5.1, which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services...
OPENSUSE-SU-2019:2288-1 Security update for singularity
This update for singularity fixes the following issues: singularity was updated to version 3.4.1: This point release addresses the following issues: - Fixes an issue where a PID namespace was always being used - Fixes compilation on non 64-bit architectures - Allows fakeroot builds for zypper,...
Security update for singularity (moderate)
openSUSE Security Update: Security update for singularity Announcement ID: openSUSE-SU-2019:2288-1 Rating: moderate References: 1125369 1128598 Cross-References: CVE-2019-11328 Affected Products: openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 An update that solves one vulnerability and h...
Fedora 29 : singularity (2019-25ecc42592)
Security fix for CVE-2019-11328 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
Fedora Update for singularity FEDORA-2019-25ecc42592
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora Update for singularity FEDORA-2019-9f48c6fedc
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 28 : singularity (2019-9f48c6fedc)
Security fix for CVE-2019-11328 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
Fedora 30 : singularity (2019-da2ed3b0b5)
Security fix for CVE-2019-11328 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network...
Fedora Update for singularity FEDORA-2019-da2ed3b0b5
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 28 Update: singularity-3.1.1-1.1.fc28
Singularity provides functionality to make portable containers that can be used across host environments...
[SECURITY] Fedora 30 Update: singularity-3.1.1-1.1.fc30
Singularity provides functionality to make portable containers that can be used across host environments...
Privilege Escalation
Singularity is vulnerable to privilege escalation. The vulnerability exists because a malicious user with local network access to the host system may change the behavior of the starter-suid program which could result in potential privilege escalation. The attacker is able to perform this due to t...
CVE-2019-11328
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system e.g. ssh could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing//. The manipulation of those files ca...