Sylabs Singularity
16 CVEs affecting Sylabs Singularity. Latest disclosed: 2025-12-02. Critical: 2, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2021-33027 | Critical | 9.8 | 2021-07-19 | Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce. |
CVE-2021-33622 | Critical | 9.8 | 2021-06-15 | Sylabs Singularity 3.5.x and 3.6.x, and SingularityPRO before 3.5-8, has an Incorrect Check of a Function's Return Value. |
CVE-2020-25040 | High | 8.8 | 2020-09-16 | Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulner… |
CVE-2019-11328 | High | 8.8 | 2019-05-14 | An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerab… |
CVE-2020-15229 | High | 8.2 | 2020-10-14 | Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path traversal and the lack o… |
CVE-2020-25039 | High | 8.1 | 2020-09-16 | Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. |
CVE-2018-19295 | High | 7.8 | 2018-12-17 | Sylabs Singularity 2.4 to 2.6 allows local users to conduct Improper Input Validation attacks. |
CVE-2020-13847 | High | 7.5 | 2020-07-14 | Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header… |
CVE-2020-13846 | High | 7.5 | 2020-07-14 | Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. |
CVE-2020-13845 | High | 7.5 | 2020-07-14 | Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fi… |
CVE-2019-19724 | High | 7.5 | 2019-12-18 | Insecure permissions (777) are set on $HOME/.singularity when it is newly created by Singularity (version from 3.3.0 to 3.5.1), which could lead to an informat… |
CVE-2023-30549 | High | 7.1 | 2023-04-25 | Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0 and in… |
CVE-2018-12021 | Medium | 6.5 | 2018-07-05 | Singularity 2.3.0 through 2.5.1 is affected by an incorrect access control on systems supporting overlay file system. When using the overlay option, a maliciou… |
CVE-2021-32635 | Medium | 6.3 | 2021-05-28 | Singularity is an open source container platform. In verions 3.7.2 and 3.7.3, Dde to incorrect use of a default URL, `singularity` action commands (`run`/`shel… |
CVE-2021-29136 | Medium | 5.5 | 2021-04-06 | Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when "umoci u… |
CVE-2025-64750 | Medium | 4.5 | 2025-12-02 | SingularityCE and SingularityPRO are open source container platforms. Prior to SingularityCE 4.3.5 and SingularityPRO 4.1.11 and 4.3.5, if a user relies on LSM… |