Singularity Security Vulnerabilities and Issues — Singularity CVE List

Lucene search

SylabsSingularity

6 matches found

CVE•added 2020/07/14 6:15 p.m.•143 views

CVE-2020-13846

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.

7.5CVSS7.3AI score0.00368EPSS

CVE•added 2020/10/14 7:15 p.m.•143 views

CVE-2020-15229

Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within unsquashfs, it is possible to overwrite/create any files on the host filesystem during the extraction with a craf...

9.3CVSS8.5AI score0.00876EPSS

CVE•added 2020/09/16 6:15 p.m.•142 views

CVE-2020-25039

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.

8.1CVSS8.2AI score0.00815EPSS

CVE•added 2020/09/16 6:15 p.m.•140 views

CVE-2020-25040

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.

8.8CVSS8.1AI score0.00815EPSS

CVE•added 2020/07/14 6:15 p.m.•139 views

CVE-2020-13845

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically val...

7.5CVSS7.4AI score0.00079EPSS

CVE•added 2020/07/14 6:15 p.m.•134 views

CVE-2020-13847

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.

7.5CVSS7.6AI score0.00189EPSS