Sylabs Singularity

16 CVEs affecting Sylabs Singularity. Latest disclosed: 2025-12-02. Critical: 2, High: 10.

Top CVEs affecting Sylabs Singularity
CVESeverityScorePublishedSummary
CVE-2021-33027Critical9.82021-07-19Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.
CVE-2021-33622Critical9.82021-06-15Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value.
CVE-2020-25040High8.82020-09-16Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulner…
CVE-2019-11328High8.82019-05-14An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerab…
CVE-2020-15229High8.22020-10-14Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack o…
CVE-2020-25039High8.12020-09-16Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
CVE-2018-19295High7.82018-12-17Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks.
CVE-2020-13847High7.52020-07-14Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header…
CVE-2020-13846High7.52020-07-14Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.
CVE-2020-13845High7.52020-07-14Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fi…
CVE-2019-19724High7.52019-12-18Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an informat…
CVE-2023-30549High7.12023-04-25Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and in…
CVE-2018-12021Medium6.52018-07-05Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a maliciou…
CVE-2021-32635Medium6.32021-05-28Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shel…
CVE-2021-29136Medium5.52021-04-06Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci u…
CVE-2025-64750Medium4.52025-12-02SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM…