| Max CVSS | 9.0 | Min CVSS | 5.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2019-11328 | 9.0 |
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within `/run/singularity/in
|
28-02-2023 - 15:15 | 14-05-2019 - 21:29 | |
| CVE-2020-13847 | 5.0 |
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.
|
20-01-2023 - 20:11 | 14-07-2020 - 18:15 | |
| CVE-2020-13845 | 5.0 |
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the
|
20-01-2023 - 20:09 | 14-07-2020 - 18:15 | |
| CVE-2020-13846 | 5.0 |
Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.
|
20-01-2023 - 20:08 | 14-07-2020 - 18:15 | |
| CVE-2019-19724 | 5.0 |
Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an information leak, and malicious redirection of operations performed against Sylabs cloud services.
|
23-07-2020 - 12:15 | 18-12-2019 - 21:15 |