10 matches found
EUVD-2018-17947
Malware in sbrugna...
EUVD-2018-0806
Malware in sbrugna...
CVE-2018-6185
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...
Security Bulletin: Multiple vulnerabilities in hadoop-mapreduce-client-core-2.7.3.jar affect IBM Application Performance Management products
Summary There are multiple vulnerabilities in hadoop-mapreduce-client-core-2.7.3.jar used by IBM Application Performance Management. IBM Applicatoon Performance Management has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2017-3166 DESCRIPTION: Apache Hadoop could allow a remote...
CVE-2018-6185
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...
Design/Logic Flaw
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...
CVE-2018-6185
In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...
CVE-2018-6185
CVE-2018-6185 concerns Cloudera Navigator Key Trustee KMS (versions 5.12 and 5.13). The root cause is an incorrect default ACL configuration for the two additional APIs (PURGE and UNDELETE) that govern encryption-zone keys; the ACLs default to “*”, permitting remote access to these commands. This...
GHSA-99QR-9CC9-FV2X Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and 3.0.0-alpha1, if a file in an encryption zone with access permissions that make it world readable is localized via YARN's localization mechanism, that file will be stored in a world-readable location and can be shared freely with any...