Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sylabs singularity vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2020-13847
Sylabs Singularity 3.0 up to and including 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.
Sylabs Singularity
5
CVSSv2
CVE-2020-13845
Sylabs Singularity 3.0 up to and including 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather ...
Sylabs Singularity
5
CVSSv2
CVE-2019-19724
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
Sylabs Singularity
4
CVSSv2
CVE-2021-29499
SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the `github.com/satori/go.uuid` module used as a dependency. A patch ...
NA
CVE-2023-30549
Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating systems where that CVE has not been patched. Tha...
Lfprojects Apptainer
Sylabs Singularity
Redhat Enterprise Linux 7.0
NA
CVE-2022-23538
github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library servic...
Sylabs Singularity Container Services Library 1.3.3
Sylabs Singularity Container Services Library 1.4.0
Sylabs Singularity Container Services Library 1.4.1
Sylabs Singularity Container Services Library 1.3.2
NA
CVE-2022-39237
syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions before 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is avail...
Sylabs Singularity Image Format
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2