CVE-2023-30549

all versions

Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through version

7.1HIGH

CVE-2021-33027

>= 1.2.0 and < 1.2.6

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.

9.8CRITICAL

CVE-2021-33622

>= 3.5.0 and < 3.7.0

Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.

9.8CRITICAL

CVE-2021-32635

all versions

Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, singularity

6.3MEDIUM

CVE-2021-29136

< 3.7.3

Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes sy

5.5MEDIUM

CVE-2020-15229

>= 3.1.1 and <= 3.6.3

Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of

8.2HIGH

CVE-2020-25040

<= 3.6.2

Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build o

8.8HIGH

CVE-2020-25039

>= 3.2.0 and <= 3.6.2

Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace contai

8.1HIGH

CVE-2020-13847

>= 3.0.0 and <= 3.5.0

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metada

7.5HIGH

CVE-2020-13846

>= 3.5.0 and <= 3.5.3

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.

7.5HIGH

CVE-2020-13845

>= 3.0.0 and <= 3.5.0

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an E

7.5HIGH

CVE-2019-19724

>= 3.3.0 and <= 3.5.1

Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), wh

7.5HIGH

CVE-2019-11328

>= 3.1.0 and < 3.2.0

An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh

8.8HIGH

CVE-2018-19295

>= 2.4 and <= 2.6.0

Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.

7.8HIGH

CVE-2018-12021

>= 2.3.0 and <= 2.5.1

Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using t

6.5MEDIUM