Page 2 of 9 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. Sylabs Singularity versiones 3.5.0 hasta 3.5.3, presenta un fallo al reportar un error en un Código de Estado • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92 https://medium.com/sylabs •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. Sylabs Singularity versiones 3.0 hasta 3.5, presenta una Comprobación Inapropiada de un Valor de Comprobación de Integridad. La integridad de la imagen no es comprobada cuando una política ECL es aplicada. • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c https://medium.com/sylabs • CWE-347: Improper Verification of Cryptographic Signature CWE-354: Improper Validation of Integrity Check Value •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file. Sylabs Singularity versiones 3.0 hasta 3.5, carece de soporte para una Comprobación de Integridad. Los comandos de firma y verificación de Singularity no firman metadatos encontrados en el encabezado global o en los descriptores de objetos de datos de un archivo SIF • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00053.html https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v https://medium.com/sylabs • CWE-354: Improper Validation of Integrity Check Value •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services. Los permisos no seguros (777) se establecen en $HOME/.singularity cuando son creados nuevamente por Singularity (versiones 3.3.0 hasta 3.5.1), lo que podría conllevar a un filtrado de información y un redireccionamiento malicioso de las operaciones realizadas contra los servicios en la nube de Sylabs. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00059.html https://github.com/sylabs/singularity/releases/tag/v3.5.2 • CWE-276: Incorrect Default Permissions •