Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Singularity
(Sylabs)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-07-14 | CVE-2020-13845 | Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. | Singularity | 7.5 | ||
| 2020-07-14 | CVE-2020-13846 | Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. | Singularity | 7.5 | ||
| 2020-07-14 | CVE-2020-13847 | Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file. | Singularity | 7.5 | ||
| 2020-09-16 | CVE-2020-25039 | Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. | Leap, Singularity | 8.1 | ||
| 2020-09-16 | CVE-2020-25040 | Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. | Leap, Singularity | 8.8 |