Vulnerabilities > Sylabs

DATE CVE VULNERABILITY TITLE RISK
2021-07-19 CVE-2021-33027 Insufficient Entropy vulnerability in Sylabs Singularity
Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.
network
low complexity
sylabs CWE-331
7.5
2021-06-15 CVE-2021-33622 Improper Check for Unusual or Exceptional Conditions vulnerability in Sylabs Singularity and Singularitypro
Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.
network
sylabs CWE-754
6.8
2021-05-28 CVE-2021-32635 Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Sylabs Singularity 3.7.2/3.7.3
Singularity is an open source container platform.
network
sylabs CWE-923
6.8
2021-05-07 CVE-2021-29499 Use of Insufficiently Random Values vulnerability in Sylabs Singularity Image Format
SIF is an open source implementation of the Singularity Container Image Format.
network
low complexity
sylabs CWE-330
4.0
2021-04-06 CVE-2021-29136 Improper Input Validation vulnerability in multiple products
Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used.
local
low complexity
linuxfoundation sylabs CWE-20
2.1
2020-10-14 CVE-2020-15229 Path Traversal vulnerability in Sylabs Singularity
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability.
network
sylabs CWE-22
5.8
2020-09-16 CVE-2020-25040 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
network
low complexity
sylabs opensuse CWE-732
6.5
2020-09-16 CVE-2020-25039 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
network
low complexity
sylabs opensuse CWE-732
5.5
2020-07-14 CVE-2020-13847 Improper Validation of Integrity Check Value vulnerability in Sylabs Singularity
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check.
network
low complexity
sylabs CWE-354
5.0
2020-07-14 CVE-2020-13846 Unspecified vulnerability in Sylabs Singularity
Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.
network
low complexity
sylabs
5.0