Known Vulnerabilities for products from Sylabs
Listed below are 16 of the newest known vulnerabilities associated with the vendor "Sylabs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-23538 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.6 - HIGH | 2023-01-17 | 2023-07-14 |
| CVE-2021-33622 | Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. | 9.8 - CRITICAL | 2021-06-15 | 2021-06-21 |
| CVE-2021-33027 | Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. | 9.8 - CRITICAL | 2021-07-19 | 2021-07-28 |
| CVE-2021-32635 | Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singula... | 6.3 - MEDIUM | 2021-05-28 | 2022-04-22 |
| CVE-2021-29499 | SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.Ne... | 7.5 - HIGH | 2021-05-07 | 2021-05-19 |
| CVE-2021-29136 | Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that caus... | 5.5 - MEDIUM | 2021-04-06 | 2021-05-20 |
| CVE-2020-25040 | Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container bu... | 8.8 - HIGH | 2020-09-16 | 2021-07-21 |
| CVE-2020-25039 | Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace c... | 8.1 - HIGH | 2020-09-16 | 2021-07-21 |
| CVE-2020-15229 | Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handlin... | 9.3 - CRITICAL | 2020-10-14 | 2022-11-16 |
| CVE-2020-13847 | Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign m... | 7.5 - HIGH | 2020-07-14 | 2023-01-20 |
| CVE-2020-13846 | Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. | 7.5 - HIGH | 2020-07-14 | 2023-01-20 |
| CVE-2020-13845 | Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when... | 7.5 - HIGH | 2020-07-14 | 2023-01-20 |
| CVE-2019-19724 | Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1... | 7.5 - HIGH | 2019-12-18 | 2020-07-23 |
| CVE-2019-11328 | An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g... | 8.8 - HIGH | 2019-05-14 | 2023-11-07 |
| CVE-2018-19295 | Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks. | 7.8 - HIGH | 2018-12-17 | 2019-01-24 |
| CVE-2018-12021 | Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When us... | 6.5 - MEDIUM | 2018-07-05 | 2019-05-16 |
Known software with vulnerabilities from Sylabs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Sylabs | Singularity | 1.0 |