Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP2 package singularity, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2020-25040 — CVSS 8.8 (high): Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build…
CVE-2020-15229 — CVSS 8.2 (high): Singularity (an open source container platform) from version 3.1.1 through 3.6.3 has a vulnerability. Due to insecure handling of path…
CVE-2020-25039 — CVSS 8.1 (high): Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container…
CVE-2020-13847 — CVSS 7.5 (high): Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found…
CVE-2020-13845 — CVSS 7.5 (high): Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy…
CVE-2021-29136 — CVSS 5.5 (medium): Open Container Initiative umoci before 0.4.7 allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink…