EUVD-2018-17947

Malware in sbrugna...

EUVD-2015-4189

Malware in sbrugna...

CVE-2018-6185

In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...

Cloudera Navigator Key Trustee KMS Encryption Issue Vulnerability

Cloudera Navigator Key Trustee KMS is a customized secret key management server from Cloudera. A security vulnerability exists in Cloudera Navigator Key Trustee KMS versions 5.12 and 5.13. An attacker can exploit the vulnerability to recover previously deleted but not cleaned keys or delete the...

CVE-2018-6185

In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...

Design/Logic Flaw

In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...

CVE-2018-6185

In Cloudera Navigator Key Trustee KMS 5.12 and 5.13, incorrect default ACL values allow remote access to purge and undelete API calls on encryption zone keys. The Navigator Key Trustee KMS includes 2 API calls in addition to those in Apache Hadoop KMS: purge and undelete. The KMS ACL values for...

CVE-2018-6185

CVE-2018-6185 concerns Cloudera Navigator Key Trustee KMS (versions 5.12 and 5.13). The root cause is an incorrect default ACL configuration for the two additional APIs (PURGE and UNDELETE) that govern encryption-zone keys; the ACLs default to “*”, permitting remote access to these commands. This...

Cloudera Key Trustee Server Key Data Disclosure Vulnerability

Cloudera Key Trustee Server is an enterprise-grade virtual safe deposit box for storing and managing encryption keys and other data from Cloudera, USA. A security vulnerability exists in versions of Cloudera Key Trustee Server prior to 5.4.3. An attacker could exploit the vulnerability to obtain...

Design/Logic Flaw

Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key...

CVE-2015-4166

Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key...

CVE-2015-4166

Cloudera Key Trustee Server prior to 5.4.3 is affected: it does not store keys synchronously, which could lead to loss of an encryption key with unspecified impact. Vulnerable component: Key Trustee Server (before 5.4.3). Root cause: non-synchronous key storage. Impact: confidentiality, integrity...

CVE-2015-4166

Cloudera Key Trustee Server before 5.4.3 does not store keys synchronously, which might allow attackers to have unspecified impact via vectors related to loss of an encryption key...