Skip to main content

Singularity

15 CVEs product

Monthly

CVE-2023-30549 Go HIGH PATCH This Week

Apptainer is an open source container platform for Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Ubuntu Use After Free Privilege Escalation Linux +6
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-33027 CRITICAL Act Now

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-33622 CRITICAL Act Now

Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Singularity Singularitypro
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-32635 Go MEDIUM PATCH This Month

Singularity is an open source container platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub
CVSS 3.1
6.3
EPSS
1.4%
CVE-2021-29136 Go MEDIUM PATCH This Month

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Umoci Singularity
NVD GitHub
CVSS 3.1
5.5
EPSS
0.3%
CVE-2020-15229 Go CRITICAL PATCH Act Now

Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Singularity Backports Sle Leap
NVD GitHub
CVSS 3.1
9.3
EPSS
2.0%
CVE-2020-25040 Go HIGH PATCH This Week

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Singularity Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.0%
CVE-2020-25039 Go HIGH PATCH This Week

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Singularity Leap
NVD GitHub
CVSS 3.1
8.1
EPSS
2.0%
CVE-2020-13847 HIGH This Week

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub
CVSS 3.1
7.5
EPSS
0.6%
CVE-2020-13846 Go HIGH PATCH This Week

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Singularity
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2020-13845 Go HIGH PATCH This Week

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Singularity
NVD GitHub
CVSS 3.1
7.5
EPSS
0.5%
CVE-2019-19724 Go HIGH PATCH This Week

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Singularity
NVD GitHub
CVSS 3.1
7.5
EPSS
1.2%
CVE-2019-11328 Go HIGH POC PATCH This Week

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Singularity Fedora Backports Leap
NVD GitHub
CVSS 3.1
8.8
EPSS
2.1%
CVE-2018-19295 Go HIGH PATCH This Week

Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub
CVSS 3.0
7.8
EPSS
0.5%
CVE-2018-12021 Go MEDIUM PATCH This Month

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub
CVSS 3.0
6.5
EPSS
1.6%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Apptainer is an open source container platform for Linux. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Ubuntu Use After Free +8
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Singularity Singularitypro
NVD
EPSS 1% CVSS 6.3
MEDIUM PATCH This Month

Singularity is an open source container platform. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Umoci Singularity
NVD GitHub
EPSS 2% CVSS 9.3
CRITICAL PATCH Act Now

Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Singularity Backports Sle +1
NVD GitHub
EPSS 2% CVSS 8.8
HIGH PATCH This Week

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Singularity Leap
NVD GitHub
EPSS 2% CVSS 8.1
HIGH PATCH This Week

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Singularity Leap
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Singularity
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Singularity
NVD GitHub
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Singularity
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Singularity Fedora +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Singularity
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy