Vulnerabilities > Sylabs

DATE CVE VULNERABILITY TITLE RISK
2023-04-25 CVE-2023-30549 Use After Free vulnerability in multiple products
Apptainer is an open source container platform for Linux.
local
low complexity
lfprojects sylabs redhat CWE-416
7.8
2023-01-17 CVE-2022-23538 Insufficiently Protected Credentials vulnerability in Sylabs Singularity Container Services Library
github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service.
network
low complexity
sylabs CWE-522
7.6
2022-10-06 CVE-2022-39237 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Sylabs Singularity Image Format
syslabs/sif is the Singularity Image Format (SIF) reference implementation.
network
low complexity
sylabs CWE-327
critical
9.8
2021-07-19 CVE-2021-33027 Insufficient Entropy vulnerability in Sylabs Singularity
Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.
network
low complexity
sylabs CWE-331
7.5
2021-06-15 CVE-2021-33622 Improper Check for Unusual or Exceptional Conditions vulnerability in Sylabs Singularity and Singularitypro
Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.
network
sylabs CWE-754
6.8
2021-05-28 CVE-2021-32635 Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Sylabs Singularity 3.7.2/3.7.3
Singularity is an open source container platform.
network
sylabs CWE-923
6.8
2021-05-07 CVE-2021-29499 Use of Insufficiently Random Values vulnerability in Sylabs Singularity Image Format
SIF is an open source implementation of the Singularity Container Image Format.
network
low complexity
sylabs CWE-330
4.0
2021-04-06 CVE-2021-29136 Improper Input Validation vulnerability in multiple products
Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used.
local
low complexity
linuxfoundation sylabs CWE-20
2.1
2020-10-14 CVE-2020-15229 Path Traversal vulnerability in multiple products
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability.
network
low complexity
sylabs opensuse CWE-22
critical
9.3
2020-09-16 CVE-2020-25040 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
network
low complexity
sylabs opensuse CWE-732
6.5