Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-3c35-xvzk-eqdc

Summary mysql: race condition while setting stats during MyISAM table repair (CPU Oct 2016)

Aliases

alias	CVE-2016-5616

Fixed_packages

Affected_packages

url pkg:rpm/redhat/mariadb@1:5.5.52-1?arch=el7

purl pkg:rpm/redhat/mariadb@1:5.5.52-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3c35-xvzk-eqdc

vulnerability	VCID-g1pp-9qqg-1beb

vulnerability	VCID-gp4w-bdxg-6kab

vulnerability	VCID-gyjy-c8wc-qubd

vulnerability	VCID-mfgg-7s54-gqg8

vulnerability	VCID-rted-6vzz-mbcv

vulnerability	VCID-skzt-r7sx-1ucv

vulnerability	VCID-tvdv-3ed5-h3dt

vulnerability	VCID-vh5y-15tw-d7fd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mariadb@1:5.5.52-1%3Farch=el7

url pkg:rpm/redhat/mariadb55-mariadb@5.5.53-1?arch=el6

purl pkg:rpm/redhat/mariadb55-mariadb@5.5.53-1?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3c35-xvzk-eqdc

vulnerability	VCID-g1pp-9qqg-1beb

vulnerability	VCID-gp4w-bdxg-6kab

vulnerability	VCID-gyjy-c8wc-qubd

vulnerability	VCID-mfgg-7s54-gqg8

vulnerability	VCID-rted-6vzz-mbcv

vulnerability	VCID-skzt-r7sx-1ucv

vulnerability	VCID-tvdv-3ed5-h3dt

vulnerability	VCID-tyes-eb5w-jqfa

vulnerability	VCID-vh5y-15tw-d7fd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mariadb55-mariadb@5.5.53-1%3Farch=el6

url pkg:rpm/redhat/mariadb55-mariadb@5.5.53-1?arch=el7

purl pkg:rpm/redhat/mariadb55-mariadb@5.5.53-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3c35-xvzk-eqdc

vulnerability	VCID-g1pp-9qqg-1beb

vulnerability	VCID-gp4w-bdxg-6kab

vulnerability	VCID-gyjy-c8wc-qubd

vulnerability	VCID-mfgg-7s54-gqg8

vulnerability	VCID-rted-6vzz-mbcv

vulnerability	VCID-skzt-r7sx-1ucv

vulnerability	VCID-tvdv-3ed5-h3dt

vulnerability	VCID-tyes-eb5w-jqfa

vulnerability	VCID-vh5y-15tw-d7fd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mariadb55-mariadb@5.5.53-1%3Farch=el7

url pkg:rpm/redhat/mysql@5.1.73-8?arch=el6_8

purl pkg:rpm/redhat/mysql@5.1.73-8?arch=el6_8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3c35-xvzk-eqdc

vulnerability	VCID-g1pp-9qqg-1beb

vulnerability	VCID-skzt-r7sx-1ucv

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mysql@5.1.73-8%3Farch=el6_8

url pkg:rpm/redhat/mysql55-mysql@5.5.52-1?arch=el6

purl pkg:rpm/redhat/mysql55-mysql@5.5.52-1?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3c35-xvzk-eqdc

vulnerability	VCID-8djb-knkk-s3c8

vulnerability	VCID-g1pp-9qqg-1beb

vulnerability	VCID-gp4w-bdxg-6kab

vulnerability	VCID-gyjy-c8wc-qubd

vulnerability	VCID-mfgg-7s54-gqg8

vulnerability	VCID-rted-6vzz-mbcv

vulnerability	VCID-skzt-r7sx-1ucv

vulnerability	VCID-tvdv-3ed5-h3dt

vulnerability	VCID-vh5y-15tw-d7fd

vulnerability	VCID-vurx-quz5-sbdg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mysql55-mysql@5.5.52-1%3Farch=el6

url pkg:rpm/redhat/mysql55-mysql@5.5.52-1?arch=el7

purl pkg:rpm/redhat/mysql55-mysql@5.5.52-1?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3c35-xvzk-eqdc

vulnerability	VCID-8djb-knkk-s3c8

vulnerability	VCID-g1pp-9qqg-1beb

vulnerability	VCID-gp4w-bdxg-6kab

vulnerability	VCID-gyjy-c8wc-qubd

vulnerability	VCID-mfgg-7s54-gqg8

vulnerability	VCID-rted-6vzz-mbcv

vulnerability	VCID-skzt-r7sx-1ucv

vulnerability	VCID-tvdv-3ed5-h3dt

vulnerability	VCID-vh5y-15tw-d7fd

vulnerability	VCID-vurx-quz5-sbdg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/mysql55-mysql@5.5.52-1%3Farch=el7

url pkg:rpm/redhat/rh-mariadb100-mariadb@1:10.0.28-5?arch=el7

purl pkg:rpm/redhat/rh-mariadb100-mariadb@1:10.0.28-5?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3c35-xvzk-eqdc

vulnerability	VCID-f8p4-hpsh-2fcw

vulnerability	VCID-g1pp-9qqg-1beb

vulnerability	VCID-gp4w-bdxg-6kab

vulnerability	VCID-gyjy-c8wc-qubd

vulnerability	VCID-jj46-73tp-nub5

vulnerability	VCID-mfgg-7s54-gqg8

vulnerability	VCID-rted-6vzz-mbcv

vulnerability	VCID-skzt-r7sx-1ucv

vulnerability	VCID-tvdv-3ed5-h3dt

vulnerability	VCID-tyes-eb5w-jqfa

vulnerability	VCID-v165-afmm-w3er

vulnerability	VCID-vh5y-15tw-d7fd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-mariadb100-mariadb@1:10.0.28-5%3Farch=el7

url pkg:rpm/redhat/rh-mariadb100-mariadb@1:10.0.28-5?arch=el6

purl pkg:rpm/redhat/rh-mariadb100-mariadb@1:10.0.28-5?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3c35-xvzk-eqdc

vulnerability	VCID-f8p4-hpsh-2fcw

vulnerability	VCID-g1pp-9qqg-1beb

vulnerability	VCID-gp4w-bdxg-6kab

vulnerability	VCID-gyjy-c8wc-qubd

vulnerability	VCID-jj46-73tp-nub5

vulnerability	VCID-mfgg-7s54-gqg8

vulnerability	VCID-rted-6vzz-mbcv

vulnerability	VCID-skzt-r7sx-1ucv

vulnerability	VCID-tvdv-3ed5-h3dt

vulnerability	VCID-tyes-eb5w-jqfa

vulnerability	VCID-v165-afmm-w3er

vulnerability	VCID-vh5y-15tw-d7fd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-mariadb100-mariadb@1:10.0.28-5%3Farch=el6

url pkg:rpm/redhat/rh-mariadb101-mariadb@1:10.1.19-6?arch=el7

purl pkg:rpm/redhat/rh-mariadb101-mariadb@1:10.1.19-6?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3c35-xvzk-eqdc

vulnerability	VCID-f8p4-hpsh-2fcw

vulnerability	VCID-g1pp-9qqg-1beb

vulnerability	VCID-gp4w-bdxg-6kab

vulnerability	VCID-mfgg-7s54-gqg8

vulnerability	VCID-rted-6vzz-mbcv

vulnerability	VCID-skzt-r7sx-1ucv

vulnerability	VCID-tvdv-3ed5-h3dt

vulnerability	VCID-tyes-eb5w-jqfa

vulnerability	VCID-v165-afmm-w3er

vulnerability	VCID-vh5y-15tw-d7fd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-mariadb101-mariadb@1:10.1.19-6%3Farch=el7

url pkg:rpm/redhat/rh-mariadb101-mariadb@1:10.1.19-6?arch=el6

purl pkg:rpm/redhat/rh-mariadb101-mariadb@1:10.1.19-6?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3c35-xvzk-eqdc

vulnerability	VCID-f8p4-hpsh-2fcw

vulnerability	VCID-g1pp-9qqg-1beb

vulnerability	VCID-gp4w-bdxg-6kab

vulnerability	VCID-mfgg-7s54-gqg8

vulnerability	VCID-rted-6vzz-mbcv

vulnerability	VCID-skzt-r7sx-1ucv

vulnerability	VCID-tvdv-3ed5-h3dt

vulnerability	VCID-tyes-eb5w-jqfa

vulnerability	VCID-v165-afmm-w3er

vulnerability	VCID-vh5y-15tw-d7fd

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-mariadb101-mariadb@1:10.1.19-6%3Farch=el6

url pkg:rpm/redhat/rh-mysql56-mysql@5.6.34-2?arch=el6

purl pkg:rpm/redhat/rh-mysql56-mysql@5.6.34-2?arch=el6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3c35-xvzk-eqdc

vulnerability	VCID-4maq-x6xs-x7gm

vulnerability	VCID-8djb-knkk-s3c8

vulnerability	VCID-g1pp-9qqg-1beb

vulnerability	VCID-gp4w-bdxg-6kab

vulnerability	VCID-rted-6vzz-mbcv

vulnerability	VCID-skzt-r7sx-1ucv

vulnerability	VCID-tvdv-3ed5-h3dt

vulnerability	VCID-vh5y-15tw-d7fd

vulnerability	VCID-vurx-quz5-sbdg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-mysql56-mysql@5.6.34-2%3Farch=el6

url pkg:rpm/redhat/rh-mysql56-mysql@5.6.34-2?arch=el7

purl pkg:rpm/redhat/rh-mysql56-mysql@5.6.34-2?arch=el7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3c35-xvzk-eqdc

vulnerability	VCID-4maq-x6xs-x7gm

vulnerability	VCID-8djb-knkk-s3c8

vulnerability	VCID-g1pp-9qqg-1beb

vulnerability	VCID-gp4w-bdxg-6kab

vulnerability	VCID-rted-6vzz-mbcv

vulnerability	VCID-skzt-r7sx-1ucv

vulnerability	VCID-tvdv-3ed5-h3dt

vulnerability	VCID-vh5y-15tw-d7fd

vulnerability	VCID-vurx-quz5-sbdg

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-mysql56-mysql@5.6.34-2%3Farch=el7

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5616.json

reference_id

reference_type

scores

value	7.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5616.json

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6
scoring_system	cvssv2
scoring_elements	AV:L/AC:H/Au:S/C:C/I:C/A:C

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1378936
reference_id	1378936
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1378936

reference_url	https://access.redhat.com/errata/RHSA-2016:2130
reference_id	RHSA-2016:2130
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2130

reference_url	https://access.redhat.com/errata/RHSA-2016:2131
reference_id	RHSA-2016:2131
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2131

reference_url	https://access.redhat.com/errata/RHSA-2016:2595
reference_id	RHSA-2016:2595
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2595

reference_url	https://access.redhat.com/errata/RHSA-2016:2749
reference_id	RHSA-2016:2749
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2749

reference_url	https://access.redhat.com/errata/RHSA-2016:2927
reference_id	RHSA-2016:2927
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2927

reference_url	https://access.redhat.com/errata/RHSA-2016:2928
reference_id	RHSA-2016:2928
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2016:2928

reference_url	https://access.redhat.com/errata/RHSA-2017:0184
reference_id	RHSA-2017:0184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2017:0184

Weaknesses

cwe_id	362
name	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
description	The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Exploits

date_added	2016-11-01
description	MySQL / MariaDB / PerconaDB 5.5.x/5.6.x/5.7.x - 'mysql' System User Privilege Escalation / Race Condition
required_action	`null`
due_date	`null`
notes	`null`
known_ransomware_campaign_use	`false`
source_date_published	2016-11-01
exploit_type	local
platform	linux
source_date_updated	2017-01-30
data_source	Exploit-DB
source_url	https://legalhackers.com/advisories/MySQL-Maria-Percona-PrivEscRace-CVE-2016-6663-5616-Exploit.html

Severity_range_score 6.0 - 7.0

Exploitability 2.0

Weighted_severity 6.3

Risk_score 10.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3c35-xvzk-eqdc

Vulnerability Instance