Vulnerabilities > Sylabs > Singularity

DATE CVE VULNERABILITY TITLE RISK
2023-04-25 CVE-2023-30549 Use After Free vulnerability in multiple products
Apptainer is an open source container platform for Linux.
local
low complexity
lfprojects sylabs redhat CWE-416
7.8
7.8
2021-07-19 CVE-2021-33027 Insufficient Entropy vulnerability in Sylabs Singularity
Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.
network
low complexity
sylabs CWE-331
7.5
7.5
2021-06-15 CVE-2021-33622 Improper Check for Unusual or Exceptional Conditions vulnerability in Sylabs Singularity and Singularitypro
Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.
network
sylabs CWE-754
6.8
6.8
2021-05-28 CVE-2021-32635 Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Sylabs Singularity 3.7.2/3.7.3
Singularity is an open source container platform.
network
sylabs CWE-923
6.8
6.8
2021-04-06 CVE-2021-29136 Improper Input Validation vulnerability in multiple products
Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used.
local
low complexity
linuxfoundation sylabs CWE-20
2.1
2.1
2020-10-14 CVE-2020-15229 Path Traversal vulnerability in multiple products
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability.
network
low complexity
sylabs opensuse CWE-22
critical
 9.3
9.3
2020-09-16 CVE-2020-25040 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
network
low complexity
sylabs opensuse CWE-732
6.5
6.5
2020-09-16 CVE-2020-25039 Incorrect Permission Assignment for Critical Resource vulnerability in multiple products
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
network
low complexity
sylabs opensuse CWE-732
5.5
5.5
2020-07-14 CVE-2020-13847 Improper Validation of Integrity Check Value vulnerability in Sylabs Singularity
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check.
network
low complexity
sylabs CWE-354
7.5
7.5
2020-07-14 CVE-2020-13846 Unspecified vulnerability in Sylabs Singularity
Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.
network
low complexity
sylabs
7.5
7.5