CVE-2020-13847
- EPSS 0.19%
- Veröffentlicht 14.07.2020 18:15:14
- Zuletzt bearbeitet 21.11.2024 05:01:59
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.
CVE-2019-19724
- EPSS 0.31%
- Veröffentlicht 18.12.2019 21:15:13
- Zuletzt bearbeitet 21.11.2024 04:35:15
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
- EPSS 0.84%
- Veröffentlicht 14.05.2019 21:29:01
- Zuletzt bearbeitet 21.11.2024 04:20:53
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/in...
CVE-2018-19295
- EPSS 0.12%
- Veröffentlicht 17.12.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:57:41
Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.
CVE-2018-12021
- EPSS 0.52%
- Veröffentlicht 05.07.2018 18:29:00
- Zuletzt bearbeitet 21.11.2024 03:44:25
Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a malicious user may access sensitive information by exploiting a few specific Singularity features.