Sylabs
Products
3- 4 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
7| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-64750 | Med | 0.22 | 4.5 | 0.00 | Dec 2, 2025 | SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label… | ||
| CVE-2022-39237 | 0.00 | — | 0.00 | Oct 6, 2022 | syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is… | |||
| CVE-2021-33027 | 0.00 | — | 0.01 | Jul 19, 2021 | Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. | |||
| CVE-2021-33622 | 0.00 | — | 0.01 | Jun 15, 2021 | Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. | |||
| CVE-2021-32635 | 0.00 | — | 0.01 | May 28, 2021 | Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt to retrieve the container from the… | |||
| CVE-2021-29499 | 0.00 | — | 0.01 | May 7, 2021 | SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the `github.com/satori/go.uuid` module used as a dependency. A patch… | |||
| CVE-2020-13847 | 0.00 | — | 0.01 | Jul 14, 2020 | Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file. |
- risk 0.22cvss 4.5epss 0.00
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain circumstances, an attacker can redirect the LSM label…
- CVE-2022-39237Oct 6, 2022risk 0.00cvss —epss 0.00
syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is…
- CVE-2021-33027Jul 19, 2021risk 0.00cvss —epss 0.01
Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.
- CVE-2021-33622Jun 15, 2021risk 0.00cvss —epss 0.01
Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.
- CVE-2021-32635May 28, 2021risk 0.00cvss —epss 0.01
Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always attempt to retrieve the container from the…
- CVE-2021-29499May 7, 2021risk 0.00cvss —epss 0.01
SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the `github.com/satori/go.uuid` module used as a dependency. A patch…
- CVE-2020-13847Jul 14, 2020risk 0.00cvss —epss 0.01
Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.