Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sylabs singularity vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-29499
SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the `github.com/satori/go.uuid` module used as a dependency. A patch ...
7.5
CVSSv3
CVE-2020-13847
Sylabs Singularity 3.0 up to and including 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.
Sylabs Singularity
7.5
CVSSv3
CVE-2020-13845
Sylabs Singularity 3.0 up to and including 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather ...
Sylabs Singularity
7.5
CVSSv3
CVE-2020-13846
Sylabs Singularity 3.5.0 up to and including 3.5.3 fails to report an error in a Status Code.
Sylabs Singularity
7.5
CVSSv3
CVE-2019-19724
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
Sylabs Singularity
6.5
CVSSv3
CVE-2018-12021
Singularity 2.3.0 up to and including 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.
Sylabs Singularity
6.3
CVSSv3
CVE-2021-32635
Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt to retrieve the container from the default...
Sylabs Singularity 3.7.2
Sylabs Singularity 3.7.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2