CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14053
https://notcve.org/view.php?id=CVE-2017-14053
NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 does not set the secure flag for an unspecified cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. NetApp OnCommand Unified Manager para Clustered Data ONTAP en versiones anteriores a la 7.2P1 no establece la marca segura para una cookie sin especificar en una sesión HTTPS, lo que facilita que atacantes remotos capturen esta cookie interceptando su transmisión en una sesión HTTP. • https://kb.netapp.com/support/s/article/NTAP-20170831-0001 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 3EXPL: 0CVE-2016-6667
https://notcve.org/view.php?id=CVE-2016-6667
NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through 6.4P1 contain a default privileged account, which allows remote attackers to execute arbitrary code via unspecified vectors. NetApp OnCommand Unified Manager para Clustered Data ONTAP 6.3 hasta la versión 6.4P1 contiene una cuenta privilegiada por defecto, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados. • https://kb.netapp.com/support/s/article/NTAP-20161017-0002 •
CVSS: 7.8EPSS: 81%CPEs: 41EXPL: 32CVE-2016-5195 – Linux Kernel Race Condition Vulnerability
https://notcve.org/view.php?id=CVE-2016-5195
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW." La condición de carrera en mm / gup.c en el kernel de Linux 2.x a 4.x antes de 4.8.3 permite a los usuarios locales obtener privilegios aprovechando el manejo incorrecto de una función copy-on-write (COW) para escribir en un read- only la cartografía de la memoria, como explotados en la naturaleza en octubre de 2016, vulnerabilidad también conocida como "Dirty COW". A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged, local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the system. Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. • https://github.com/dirtycow/dirtycow.github.io https://www.exploit-db.com/exploits/40611 https://www.exploit-db.com/exploits/40838 https://www.exploit-db.com/exploits/40616 https://www.exploit-db.com/exploits/40839 https://www.exploit-db.com/exploits/40847 https://github.com/timwr/CVE-2016-5195 https://github.com/gbonacini/CVE-2016-5195 https://github.com/whu-enjoy/CVE-2016-5195 https://github.com/jas502n/CVE-2016-5195 https://github.com/arttnba3/CVE-2016- • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •