Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

sylabs singularity vulnerabilities and exploits

(subscribe to this query)
6.8
CVSSv2
CVE-2021-32635
Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt to retrieve the container from the default...
Sylabs Singularity 3.7.2Sylabs Singularity 3.7.3
NA
CVE-2022-23538
github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library servic...
Sylabs Singularity Container Services Library 1.3.3Sylabs Singularity Container Services Library 1.4.0Sylabs Singularity Container Services Library 1.4.1Sylabs Singularity Container Services Library 1.3.2
6.8
CVSSv2
CVE-2021-33622
Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO prior to 3.5-8, has an Incorrect Check of a Function's Return Value.
Sylabs SingularitySylabs Singularitypro
7.5
CVSSv2
CVE-2021-33027
Sylabs Singularity Enterprise up to and including 1.6.2 has Insufficient Entropy in a nonce.
Sylabs Singularity
5
CVSSv2
CVE-2019-19724
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
Sylabs Singularity
6.8
CVSSv2
CVE-2018-12021
Singularity 2.3.0 up to and including 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.
Sylabs Singularity
7.2
CVSSv2
CVE-2018-19295
Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.
Sylabs Singularity
5
CVSSv2
CVE-2020-13845
Sylabs Singularity 3.0 up to and including 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather ...
Sylabs Singularity
5
CVSSv2
CVE-2020-13846
Sylabs Singularity 3.5.0 up to and including 3.5.3 fails to report an error in a Status Code.
Sylabs Singularity
5
CVSSv2
CVE-2020-13847
Sylabs Singularity 3.0 up to and including 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.
Sylabs Singularity
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook