RSS   Vulnerabilities for 'Singularity'   RSS

2021-06-15
 
CVE-2021-33622

CWE-754
 

 
Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.

 
2020-07-14
 
CVE-2020-13847

CWE-354
 

 
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.

 
 
CVE-2020-13846

NVD-CWE-Other
 

 
Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.

 
 
CVE-2020-13845

CWE-347
 

 
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.

 
2019-12-18
 
CVE-2019-19724

CWE-276
 

 
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.

 
2019-05-14
 
CVE-2019-11328

CWE-264
 

 
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/<user>/<instance>`. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.

 

 >>> Vendor: Sylabs 2 Products
Singularity
Singularitypro


Copyright 2024, cxsecurity.com

 

Back to Top