Lucene search
K
SylabsSingularity

15 matches found

CVE
CVE
added 2021/04/06 3:57 p.m.190 views

CVE-2021-29136

CVE-2021-29136 affects Open Container Initiative tool umoci before 0.4.7. A crafted image can trigger symlink traversal during “umoci unpack” or “umoci raw unpack,” allowing an attacker to overwrite arbitrary host paths by manipulating the layer’s contents. Several advisories (openSUSE/SUSE) docu...

5.5CVSS5.4AI score0.00344EPSS
CVE
CVE
added 2019/12/18 8:52 p.m.163 views

CVE-2019-19724

CVE-2019-19724 affects Singularity 3.3.0–3.5.1, where newly created $HOME/.singularity could have insecure permissions (777), enabling information disclosure and malicious redirection of operations against Sylabs cloud services. Publicly available connected documents show openSUSE advisories (ope...

7.5CVSS7.3AI score0.01234EPSS
CVE
CVE
added 2020/07/14 5:30 p.m.160 views

CVE-2020-13846

CVE-2020-13846 affects Sylabs Singularity 3.5.0–3.5.3, where the verify command (e.g., --all/-a) reports success for containers or objects that are not signed or cannot be verified. Public advisories from openSUSE/SUSE indicate this vulnerability exists in Singularity 3.x below 3.6.0 and was fixe...

7.5CVSS7.3AI score0.01336EPSS
CVE
CVE
added 2020/09/16 5:47 p.m.157 views

CVE-2020-25040

CVE-2020-25040 affects Sylabs Singularity prior to 3.6.3, with insecure permissions on temporary directories during container build operations, enabling a logged-in user to read image contents and potentially inject content if world-writable files exist. Public advisories (openSUSE/SLE updates) s...

8.8CVSS8.1AI score0.0204EPSS
CVE
CVE
added 2020/09/16 5:42 p.m.156 views

CVE-2020-25039

CVE-2020-25039 affects Sylabs Singularity from version 3.2.0 through 3.6.2, where insecure permissions on temporary directories used during fakeroot or user namespace container execution can allow read access to image contents. The issue is addressed in Singularity 3.6.3; openSUSE advisories HS i...

8.1CVSS8.2AI score0.02014EPSS
CVE
CVE
added 2019/05/14 8:24 p.m.155 views

CVE-2019-11328

CVE-2019-11328 affects Singularity 3.1.0–3.2.0-rc2, where insecure permissions in /run/singularity/instances/sing// could allow a local attacker to influence starter-suid and escalate privileges on the host. Public documents indicate a remediation path via upgrading to a newer Singularity release...

9CVSS8.6AI score0.02127EPSS
CVE
CVE
added 2020/07/14 5:23 p.m.155 views

CVE-2020-13845

CVE-2020-13845 affects Sylabs Singularity 3.0–3.5. The vulnerability is improper validation of an integrity check value: image integrity is not validated when an ECL policy is enforced, because the fingerprint is compared against the SIF descriptor instead of a cryptographically validated signatu...

7.5CVSS7.4AI score0.00517EPSS
CVE
CVE
added 2020/10/14 6:55 p.m.155 views

CVE-2020-15229

CVE-2020-15229 affects Singularity 3.1.1–3.6.3 due to insecure handling of path traversal and missing path sanitization in unsquashfs. When extracting a crafted squashfs filesystem, unprivileged execution (–without-suid or allow setuid = no) can overwrite or create files on the host, with the ext...

9.3CVSS8.5AI score0.02022EPSS
CVE
CVE
added 2020/07/14 5:16 p.m.149 views

CVE-2020-13847

CVE-2020-13847 affects Sylabs Singularity 3.0–3.5 where the signing/verification code does not sign metadata in the SIF global header or data-object descriptors, allowing signed containers to potentially behave unexpectedly if modified. Public advisories (openSUSE/SUSE) note a fix in Singularity ...

7.5CVSS7.6AI score0.00629EPSS
CVE
CVE
added 2021/05/28 8:20 p.m.125 views

CVE-2021-32635

Summary (CVE-2021-32635) : Singularity (open source container platform) versions 3.7.2–3.7.3 expose a flaw where action commands using a library:// URI ignore the configured remote endpoint and always fetch from the default endpoint cloud.sylabs.io. This can allow an attacker to push a malicious ...

6.8CVSS6.6AI score0.01415EPSS
CVE
CVE
added 2018/07/05 6:0 p.m.117 views

CVE-2018-12021

CVE-2018-12021 affects Singularity releases 2.3.0–2.5.1, where an overlay filesystem access-control flaw may let a malicious user access sensitive information. Public references in OSV/GHSA show fixes in later releases (2.6.x), e.g., 2.6.0/2.6.1, addressing the overlay-propagation and access-cont...

6.8CVSS6.2AI score0.01596EPSS
CVE
CVE
added 2018/12/17 3:0 p.m.116 views

CVE-2018-19295

CVE-2018-19295 affects Sylabs Singularity 2.4–2.6. The issue is tied to improper handling of mount namespaces, enabling local users to escalate privileges due to how mount points were joined or propagated. Public records in OSV/USN/SUSE advisories indicate a fix in Singularity 2.6.1 (openSUSE/SUS...

7.8CVSS7.2AI score0.00466EPSS
CVE
CVE
added 2023/04/25 12:0 a.m.101 views

CVE-2023-30549

CVE-2023-30549 (Apptainer ext4 use-after-free) Affects Apptainer < 1.1.0 with apptainer-suid

7.8CVSS7AI score0.00369EPSS
CVE
CVE
added 2021/06/15 6:59 p.m.66 views

CVE-2021-33622

CVE-2021-33622 affects Sylabs Singularity 3.5.x, 3.6.x, and SingularityPRO before 3.5-8. Root cause: an incorrect check of a function’s return value. This leads to potential improper handling of return codes in that code path. Remediation in the connected sources is to upgrade to Singularity 3.5-...

9.8CVSS9.4AI score0.01258EPSS
CVE
CVE
added 2021/07/19 11:52 a.m.44 views

CVE-2021-33027

The CVE-2021-33027 entry concerns Sylabs Singularity Enterprise

9.8CVSS9.4AI score0.01325EPSS