Singularity Security Vulnerabilities and Issues — Singularity CVE List

Lucene search

SylabsSingularity

6 matches found

CVE•added 2020/07/14 6:15 p.m.•143 views

CVE-2020-13846

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.

7.5CVSS7.3AI score0.00368EPSS

CVE•added 2019/12/18 9:15 p.m.•142 views

CVE-2019-19724

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.

7.5CVSS7.3AI score0.00313EPSS

CVE•added 2020/07/14 6:15 p.m.•139 views

CVE-2020-13845

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically val...

7.5CVSS7.4AI score0.00079EPSS

CVE•added 2020/07/14 6:15 p.m.•134 views

CVE-2020-13847

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.

7.5CVSS7.6AI score0.00189EPSS

CVE•added 2018/12/17 3:29 p.m.•105 views

CVE-2018-19295

Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.

7.8CVSS7.2AI score0.00119EPSS

CVE•added 2023/04/25 9:15 p.m.•76 views

CVE-2023-30549

Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid

7.8CVSS7AI score0.00027EPSS