Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0, installations that include apptainer-suid < 1.1.8, and all versions of Singularity in their default configurations on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and …
An issue was discovered in Singularity 3.1.0 to 3.2.0-rc2, a malicious user with local/network access to the host system (e.g. ssh) could exploit this vulnerability due to insecure permissions allowing a user to edit files within /run/singularity/instances/sing/<user>/<instance>. The manipulation of those files can change the behavior of the starter-suid program when instances are joined resulting in potential privilege escalation on the host.
Sylabs Singularity Enterprise has Insufficient Entropy in a nonce value.
Sylabs Singularity, and SingularityPRO, has an Incorrect Check of a Function's Return Value.
An attacker may be able to push a malicious container to the default remote endpoint with a URI that is identical to the URI used by a victim with a non-default remote endpoint, thus executing the malicious container. Only action commands against library:// URIs are affected. Other commands such as pull / push respect the configured remote endpoint.
Open Container Initiative umoci allows attackers to overwrite arbitrary host paths via a crafted image that causes symlink traversal when umoci unpack or umoci raw unpack is used.
Singularity (an open source container platform) from has a vulnerability. Due to insecure handling of path traversal and the lack of path sanitization within unsquashfs, it is possible to overwrite/create any files on the host filesystem during the extraction with a crafted squashfs filesystem. The extraction occurs automatically for unprivileged (either installation or with allow setuid = no) run of Singularity when a user attempt to run an image which …
Sylabs Singularity has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
Sylabs Singularity has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.