Search CVE reports
1 – 10 of 20 results
SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM restrictions to prevent malicious operations then, under certain...
1 affected package
singularity-container
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| singularity-container | Needs evaluation | Needs evaluation | Not in release | — | Needs evaluation |
Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and installations that include apptainer-suid < 1.1.8 on older operating...
1 affected package
singularity-container
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| singularity-container | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP...
1 affected package
singularity-container
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| singularity-container | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
Some fixes available 3 of 33
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, webhook, singularity-container
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Not in release |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not affected | Not in release | Not in release |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Fixed | Fixed |
| kubernetes | Not in release | Not affected | Not affected | Not affected | Not in release |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
| singularity-container | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
Some fixes available 3 of 33
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Not in release |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not affected | Not in release | Not in release |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Fixed | Fixed |
| kubernetes | Not in release | Not affected | Not affected | Not affected | Not in release |
| singularity-container | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Ignored | Ignored |
syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure...
2 affected packages
golang-github-sylabs-sif, singularity-container
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-sylabs-sif | Not affected | Not affected | Vulnerable | Vulnerable | Not in release |
| singularity-container | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.
1 affected package
singularity-container
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| singularity-container | Not affected | Not affected | Not in release | — | Needs evaluation |
Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shell`/`exec`) specifying a container using a `library://` URI will always...
1 affected package
singularity-container
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| singularity-container | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the...
2 affected packages
golang-github-sylabs-sif, singularity-container
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-github-sylabs-sif | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Not in release |
| singularity-container | Needs evaluation | Needs evaluation | Not in release | Not in release | Ignored |
Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within `unsquashfs`, it is possible...
1 affected package
singularity-container
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| singularity-container | — | — | — | Not in release | Not affected |