rpm package
suse/singularity&distro=SUSE Package Hub 15 SP2
pkg:rpm/suse/singularity&distro=SUSE%20Package%20Hub%2015%20SP2
Vulnerabilities (7)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-29136 | — | < 3.7.3-bp152.2.19.3 | 3.7.3-bp152.2.19.3 | Apr 6, 2021 | Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used. | ||
| CVE-2020-15229 | — | < 3.6.4-bp152.2.12.1 | 3.6.4-bp152.2.12.1 | Oct 14, 2020 | Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the e | ||
| CVE-2020-25040 | — | < 3.6.3-bp152.2.8.1 | 3.6.3-bp152.2.8.1 | Sep 16, 2020 | Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. | ||
| CVE-2020-25039 | — | < 3.6.3-bp152.2.8.1 | 3.6.3-bp152.2.8.1 | Sep 16, 2020 | Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. | ||
| CVE-2020-13846 | — | < 3.6.0-bp152.2.4.1 | 3.6.0-bp152.2.4.1 | Jul 14, 2020 | Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. | ||
| CVE-2020-13845 | — | < 3.6.0-bp152.2.4.1 | 3.6.0-bp152.2.4.1 | Jul 14, 2020 | Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cr | ||
| CVE-2020-13847 | — | < 3.6.0-bp152.2.4.1 | 3.6.0-bp152.2.4.1 | Jul 14, 2020 | Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file. |
- CVE-2021-29136Apr 6, 2021affected < 3.7.3-bp152.2.19.3fixed 3.7.3-bp152.2.19.3
Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci unpack" or "umoci raw unpack" is used.
- CVE-2020-15229Oct 14, 2020affected < 3.6.4-bp152.2.12.1fixed 3.6.4-bp152.2.12.1
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible to overwrite/create any files on the host filesystem during the e
- CVE-2020-25040Sep 16, 2020affected < 3.6.3-bp152.2.8.1fixed 3.6.3-bp152.2.8.1
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
- CVE-2020-25039Sep 16, 2020affected < 3.6.3-bp152.2.8.1fixed 3.6.3-bp152.2.8.1
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
- CVE-2020-13846Jul 14, 2020affected < 3.6.0-bp152.2.4.1fixed 3.6.0-bp152.2.4.1
Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.
- CVE-2020-13845Jul 14, 2020affected < 3.6.0-bp152.2.4.1fixed 3.6.0-bp152.2.4.1
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cr
- CVE-2020-13847Jul 14, 2020affected < 3.6.0-bp152.2.4.1fixed 3.6.0-bp152.2.4.1
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.