Known Vulnerabilities for products from Sylabs

Listed below are 18 of the newest known vulnerabilities associated with the vendor "Sylabs".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2023-30549 json Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through ve... 7.8 - HIGH 2023-04-25 2023-11-25
CVE-2022-39237 json syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/... 9.8 - CRITICAL 2022-10-06 2023-07-14
CVE-2022-23538 json ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 7.6 - HIGH 2023-01-17 2023-07-14
CVE-2021-33622 json Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. 9.8 - CRITICAL 2021-06-15 2021-06-21
CVE-2021-33027 json Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. 9.8 - CRITICAL 2021-07-19 2021-07-28
CVE-2021-32635 json Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singula... 6.3 - MEDIUM 2021-05-28 2022-04-22
CVE-2021-29499 json SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.Ne... 7.5 - HIGH 2021-05-07 2021-05-19
CVE-2021-29136 json Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that caus... 5.5 - MEDIUM 2021-04-06 2021-05-20
CVE-2020-25040 json Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container bu... 8.8 - HIGH 2020-09-16 2021-07-21
CVE-2020-25039 json Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace c... 8.1 - HIGH 2020-09-16 2021-07-21
CVE-2020-15229 json Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handlin... 9.3 - CRITICAL 2020-10-14 2022-11-16
CVE-2020-13847 json Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign m... 7.5 - HIGH 2020-07-14 2023-01-20
CVE-2020-13846 json Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. 7.5 - HIGH 2020-07-14 2023-01-20
CVE-2020-13845 json Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when... 7.5 - HIGH 2020-07-14 2023-01-20
CVE-2019-19724 json Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1... 7.5 - HIGH 2019-12-18 2020-07-23
CVE-2019-11328 json An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g... 8.8 - HIGH 2019-05-14 2023-11-07
CVE-2018-19295 json Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks. 7.8 - HIGH 2018-12-17 2019-01-24
CVE-2018-12021 json Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When us... 6.5 - MEDIUM 2018-07-05 2019-05-16

Known software with vulnerabilities from Sylabs

Type Vendor Product Version
ApplicationSylabsSingularity1.0