CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-33622
https://notcve.org/view.php?id=CVE-2021-33622
15 Jun 2021 — Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. Sylabs Singularity versiones 3.5.x y 3.6.x, y SingularityPRO versiones anteriores a 3.5-8, presenta una Comprobación Incorrecta del Valor de Retorno de una Función • https://medium.com/sylabs • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-29136
https://notcve.org/view.php?id=CVE-2021-29136
06 Apr 2021 — Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. Open Container Initiative umoci versiones anteriores a 0.4.7, permite a atacantes sobrescribir rutas de host arbitrarias por medio de una imagen diseñada que causa un salto de enlace simbólico cuando es usado "umoci unpack" o "umoci raw unpack" • http://www.openwall.com/lists/oss-security/2021/04/06/2 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2020-15229 – Path traversal and files overwrite with unsquashfs
https://notcve.org/view.php?id=CVE-2020-15229
14 Oct 2020 — Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with `allow setuid = no`) run of Singularity when a user attempt to run an image which is a local SIF image o... • http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00070.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25040
https://notcve.org/view.php?id=CVE-2020-25040
16 Sep 2020 — Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. Sylabs Singularity versiones hasta 3.6.2, presenta permisos no seguros en directorios temporales utilizados en operaciones de compilación de contenedores explícitas e implícitas, una vulnerabilidad diferente a CVE-2020-25039 • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 8.1EPSS: 0%CPEs: 3EXPL: 0CVE-2020-25039
https://notcve.org/view.php?id=CVE-2020-25039
16 Sep 2020 — Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. Sylabs Singularity versiones 3.2.0 hasta 3.6.2, presenta permisos no seguros en directorios temporales usados en fakeroot o en la ejecución del contenedor de espacio de nombres de usuario • http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00070.html • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13846
https://notcve.org/view.php?id=CVE-2020-13846
14 Jul 2020 — Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. Sylabs Singularity versiones 3.5.0 hasta 3.5.3, presenta un fallo al reportar un error en un Código de Estado • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13845
https://notcve.org/view.php?id=CVE-2020-13845
14 Jul 2020 — Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. Sylabs Singularity versiones 3.0 hasta 3.5, presenta una Comprobación Inapropiada de un Valor de Comprobación de Integridad. La integridad de la imagen no es comprobada cuando una política ECL es... • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html • CWE-347: Improper Verification of Cryptographic Signature CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-13847
https://notcve.org/view.php?id=CVE-2020-13847
14 Jul 2020 — Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file. Sylabs Singularity versiones 3.0 hasta 3.5, carece de soporte para una Comprobación de Integridad. Los comandos de firma y verificación de Singularity no firman metadatos encontrados en el encabezado global o en los descriptores de objetos de datos de un archivo SIF • http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html • CWE-354: Improper Validation of Integrity Check Value •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-19724
https://notcve.org/view.php?id=CVE-2019-19724
18 Dec 2019 — Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services. Los permisos no seguros (777) se establecen en $HOME/.singularity cuando son creados nuevamente por Singularity (versiones 3.3.0 hasta 3.5.1), lo que podría conllevar a un filtrado de información y un redireccionamiento malicioso de las operaciones realizadas co... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00025.html • CWE-276: Incorrect Default Permissions •
CVSS: 9.0EPSS: 0%CPEs: 10EXPL: 1CVE-2019-11328
https://notcve.org/view.php?id=CVE-2019-11328
14 May 2019 — An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/instances/sing/