Vulnerabilities > Sylabs

DATE CVE VULNERABILITY TITLE RISK
2020-09-16 CVE-2020-25039 Exposure of Resource to Wrong Sphere vulnerability in multiple products
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
network
low complexity
sylabs opensuse CWE-668
8.1
2020-07-14 CVE-2020-13847 Improper Validation of Integrity Check Value vulnerability in Sylabs Singularity
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check.
network
low complexity
sylabs CWE-354
7.5
2020-07-14 CVE-2020-13846 Unspecified vulnerability in Sylabs Singularity
Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.
network
low complexity
sylabs
7.5
2020-07-14 CVE-2020-13845 Improper Validation of Integrity Check Value vulnerability in Sylabs Singularity
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value.
network
low complexity
sylabs CWE-354
7.5
2019-12-18 CVE-2019-19724 Incorrect Default Permissions vulnerability in Sylabs Singularity
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
network
low complexity
sylabs CWE-276
7.5
2019-05-14 CVE-2019-11328 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g.
network
low complexity
sylabs fedoraproject opensuse CWE-732
8.8
2018-12-17 CVE-2018-19295 Improper Input Validation vulnerability in Sylabs Singularity
Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.
local
low complexity
sylabs CWE-20
7.8
2018-07-05 CVE-2018-12021 Information Exposure vulnerability in Sylabs Singularity
Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system.
network
low complexity
sylabs CWE-200
6.5