You are here

MariaDB Security Risk Matrix

MariaDB Vulnerabilities

CVE# Product Component Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2022-27458 MariaDB
Server
No 7.5 CE 10.7.3 an prior,
CE 10.6.7 and prior,
CE 10.5.15 an prior,
CE 10.4.24 and prior,
CE 10.3.34 and prior,
EE 10.6.7 and prior,
EE 10.5.15 and prior,
EE 10.4.24 and prior,
EE 10.3.34 and prior
CVE-2022-24052 MariaDB
Server
No ERR 10.2.41 and prior,
10.3.32 and prior,
10.4.22 and prior,
10.5.13 and prior,
10.6.5 and prior,
10.7.1 and prior
CVE-2022-24051 MariaDB
Server
No ERR 10.2.41 and prior,
10.3.32 and prior,
10.4.22 and prior,
10.5.13 and prior,
10.6.5 and prior,
10.7.1 and prior
CVE-2022-24050 MariaDB
Server
No ERR 10.2.41 and prior,
10.3.32 and prior,
10.4.22 and prior,
10.5.13 and prior,
10.6.5 and prior,
10.7.1 and prior
CVE-2022-24048 MariaDB
Server
No ERR 10.2.41 and prior,
10.3.32 and prior,
10.4.22 and prior,
10.5.13 and prior,
10.6.5 and prior,
10.7.1 and prior
CVE-2022-21451 MariaDB
Server
InnoDB multiple Yes 4.4 Network High High None Un-
changed
None None High CE 10.6.7 and prior,
CE 10.5.15 and prior,
CE 10.4.24 and prior,
EE 10.6.7 and prior,
EE 10.5.15 and prior,
EE 10.4.24 and prior
CVE-2022-21427 MariaDB
Server
FTS multiple Yes 4.9 Network Low High None Un-
changed
None None High CE 10.5.6 and prio,
CE 10.4.24 and prior,
CE 10.3.34 and prior,
CE 10.2.43 and prior,
EE 10.5.7 and prior,
EE 10.4.24 and prior,
EE 10.3.34 an prior
CVE-2021-46668 MariaDB
Server
Parser multiple Yes 7.5 Network Low None None Un-
changed
None None High 10.2.42 and prior,
10.3.33 and prior,
10.4.23 and prior,
10.5.14 and prior,
10.6.6 and prior,
10.7.2 and prior
CVE-2021-46667 MariaDB
Server
Parser multiple No 5.7 Network Low None None Un-
changed
None None High 10.2.40 and prior,
10.3.31 and prior,
10.4.21 and prior,
10.5.12 and prior,
10.6.4 and prior
CVE-2021-46665 MariaDB
Server
Parser multiple Yes 7.5 Network Low None None Un-
changed
None None High 10.2.42 and prior,
10.3.33 and prior,
10.4.23 and prior,
10.5.14 and prior,
10.6.6 and prior,
10.7.2 and prior
CVE-2021-46664 MariaDB
Server
Parser multiple Yes 7.5 Network Low None None Un-
changed
None None High 10.2.42 and prior,
10.3.33 and prior,
10.4.23 and prior,
10.5.14 and prior,
10.6.6 and prior,
10.7.2 and prior
CVE-2021-46663 MariaDB
Server
Handler
Interface
multiple Yes 7.5 Network Low None None Un-
changed
None None High 10.2.42 and prior,
10.3.33 and prior,
10.4.23 and prior,
10.5.14 and prior,
10.6.6 and prior,
10.7.2 and prior
CVE-2021-46662 MariaDB
Server
Configuration multiple Yes 7.5 Network Low None None Un-
changed
None None High 10.3.31 and prior,
10.4.21 and prior,
10.5.12 and prior,
10.6.4 and prior
CVE-2021-46661 MariaDB
Server
Common
Table
Expression
(CTE)
multiple Yes 7.5 Network Low None None Un-
changed
None None High 10.2.42 and prior,
10.3.33 and prior,
10.4.23 and prior,
10.5.14 and prior,
10.6.6 and prior,
10.7.2 and prior
CVE-2021-46659 MariaDB
Server
Parser multiple Yes 5.5 Local Low Low None Un-
changed
None None High 10.2.41 and prior,
10.3.32 and prior,
10.4.22 and prior,
10.5.13 and prior,
10.6.5 and prior,
10.7.1 and prior
CVE-2021-46658 MariaDB
Server
Window
Functions
multiple Yes 5.5 Local Low Low None Un-
changed
None None High 10.2.39 and prior,
10.3.30 and prior,
10.4.20 and prior,
10.5.11 and prior,
10.6.2 and prior
CVE-2021-35604 MariaDB
Server
InnoDB multiple Yes 5.5 Network Low High None Un-
changed
None Low High 10.2.40 and prior,
10.3.31 and prior,
10.4.21 and prior,
10.5.12 and prior,
10.6.2 and prior
CVE-2021-27928 MariaDB
Server
Galera
plug-in
No ERR Un-
changed
None Low High 10.2.36 and prior,
10.3.27 and prior,
10.4.17 and prior,
10.5.6 and prior
CVE-2021-2389 MariaDB
Server
InnoDB multiple Yes 5.9 Network High None None Un-
changed
None None High 10.2.39 and prior,
10.3.30 and prior,
10.4.20 and prior,
10.5.11 and prior,
10.6.3 and prior
CVE-2021-2372 MariaDB
Server
InnoDB multiple Yes 4.4 Network High High None Un-
changed
None None High 10.2.39 and prior,
10.3.30 and prior,
10.4.20 and prior,
10.5.11 and prior,
10.6.3 and prior
CVE-2021-2194 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.2.34 and prior,
10.3.25 and prior,
10.4.15 and prior,
10.5.6 and prior
CVE-2021-2180 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.2.37 and prior
CVE-2021-2174 MariaDB
Server
InnoDB No 4.4 Network High High None Un-
changed
None None High 10.2.17 and prior
CVE-2021-2166 MariaDB
Server
Server:
DML
No 4.9 Network Low High None Un-
changed
None None High 10.2.37 and prior,
10.3.28 and prior,
10.4.18 and prior,
10.5.9 and prior
CVE-2021-2154 MariaDB
Server
Server:
DML
No 4.9 Network Low High None Un-
changed
None None High 10.2.37 and prior,
10.3.28 and prior,
10.4.18 and prior,
10.5.9 and prior
CVE-2021-2144 MariaDB
Server
Server:
Parser
No 7.2 Network Low High None Un-
changed
High High High 10.2.27 and prior,
10.3.18 and prior,
10.4.8 and prior
CVE-2021-2022 MariaDB
Server
InnoDB No 4.4 Network High High None Un-
changed
None None High 10.1.45 and prior,
10.2.32 and prior,
10.3.23 and prior,
10.4.13 and prior,
10.5.4 and prior
CVE-2020-28912 MariaDB
Server
Named
Pipe
No ERR Un-
changed
None None High 10.1.47 and prior,
10.2.32 and prior,
10.3.25 and prior,
10.4.15 and prior,
10.5.6 and prior
CVE-2020-2814 MariaDB
Server
InnoDB Yes 4.9 Network Low High None Un-
changed
None None High 10.1.44 and prior,
10.2.30 and prior,
10.3.22 and prior,
10.4.12 and prior
CVE-2020-2812 MariaDB
Server
Server:
Stored
Procedure
Yes 4.9 Network Low High None Un-
changed
None None High 5.5.67 and prior,
10.1.44 and prior,
10.2.30 and prior,
10.3.22 and prior,
10.4.12 and prior
CVE-2020-2760 MariaDB
Server
InnoDB Yes 5.5 Network Low High None Un-
changed
None Low High 10.2.30 and prior,
10.3.22 and prior,
10.4.12 and prior
CVE-2020-2752 MariaDB
Client
C
API
Yes 5.3 Network High Low None Un-
changed
None None High 5.5.67 and prior,
10.1.44 and prior,
10.2.30 and prior,
10.3.22 and prior,
10.4.12 and prior
CVE-2020-2574 MariaDB
Client
C
API
MariaDB
Protocol
Yes 5.9 Network High None None Un-
changed
None None High 5.5.66 and prior,
10.1.43 and prior,
10.3.21 and prior,
10.4.11 and prior
CVE-2020-15180 MariaDB
Server
No ERR Un-
changed
None None High 10.1.46 and prior,
10.2.33 and prior,
10.3.24 and prior,
10.4.14 and prior,
10.5.5 and prior
CVE-2020-14812 MariaDB
Server
Server:
Locking
No 4.9 Network Low High None Un-
changed
None None High 10.1.47 and prior,
10.2.34 and prior,
10.3.25 and prior,
10.4.15 and prior,
10.5.6 and prior
CVE-2020-14789 MariaDB
Server
Server:
FTS
No 4.9 Network Low High None Un-
changed
None None High 10.2.34 and prior,
10.3.25 and prior,
10.4.15 and prior,
10.5.6 and prior
CVE-2020-14776 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.2.34 and prior,
10.3.25 and prior,
10.4.15 and prior,
10.5.6 and prior
CVE-2020-14765 MariaDB
Server
Server:
FTS
No 6.5 Network Low Low None Un-
changed
None None High 10.1.47 and prior,
10.2.34 and prior,
10.3.25 and prior,
10.4.15 and prior,
10.5.6 and prior
CVE-2020-13249 MariaDB
Client
C
API
MariaDB
Protocol
Yes ERR Un-
changed
None None High 10.2.30 and prior,
10.3.22 and prior,
10.4.12 and prior
CVE-2019-2974 MariaDB
Server
Server:
Optimizer
MariaDB
Protocol
Yes 6.5 Network Low Low None Un-
changed
None None High 5.5.65 and prior,
10.1.41 and prior,
10.2.27 and prior,
10.3.18 and prior,
10.4.8 and prior
CVE-2019-2938 MariaDB
Server
InnoDB MariaDB
Protocol
Yes 4.4 Network High High None Un-
changed
None None High 5.5.65 and prior,
10.1.41 and prior,
10.2.27 and prior,
10.3.18 and prior,
10.4.8 and prior
CVE-2019-2805 MariaDB
Server
Server:
Parser
No 6.5 Network Low Low None Un-
changed
None None High 10.4.8 and prior,
10.3.16 and prior
CVE-2019-2758 MariaDB
Server
Server:
InnoDB
No 5.5 Network Low High None Un-
changed
None Low High 10.4.6 and prior,
10.3.16 and prior
CVE-2019-2740 MariaDB
Server
Server:
XML
No 6.5 Network Low Low None Un-
changed
None None High 10.4.6 and prior,
10.3.16 and prior
CVE-2019-2739 MariaDB
Server
Server:
Security:
Privileges
No 5.1 Local Low High None Un-
changed
None Low High 10.4.6 and prior,
10.3.16 and prior
CVE-2019-2737 MariaDB
Server
Server:
Pluggable
Auth
No 4.9 Network Low High None Un-
changed
None None High 10.4.6 and prior,
10.3.16 and prior
CVE-2019-2628 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.4.4 and prior,
10.3.14 and prior
CVE-2019-2627 MariaDB
Server
Server:
Security:
Privileges
No 4.9 Network Low High None Un-
changed
None None High 10.4.4 and prior,
10.3.14 and prior
CVE-2019-2614 MariaDB
Server
Server:
Replication
No 4.4 Network High High None Un-
changed
None None High 10.4.4 and prior,
10.3.14 and prior
CVE-2019-2537 MariaDB
Server
Server:
DDL
No 4.9 Network Low High None Un-
changed
None None High 10.3.12 and prior
CVE-2019-2510 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.3.12 and prior
CVE-2019-2503 MariaDB
Server
Server:
Connection
Handling
No 6.4 High Low None Un-
changed
High None High 10.3.9 and prior
CVE-2018-3284 MariaDB
Server
InnoDB No 4.4 Network High High None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3282 MariaDB
Server
Server:
Storage
Engines
No 4.9 Un-
changed
None None High 10.3.10 and prior
CVE-2018-3277 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3251 MariaDB
Server
InnoDB No 6.5 Network Low Low None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3200 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3185 MariaDB
Server
InnoDB No 5.5 Network Low High None Un-
changed
None Low High 10.3.10 and prior
CVE-2018-3174 MariaDB
Server
Client
programs
No 5.3 Local High High None Changed None None High 10.3.10 and prior
CVE-2018-3173 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3162 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3156 MariaDB
Server
InnoDB No 6.5 Network Low Low None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3143 MariaDB
Server
InnoDB No 6.5 Network Low Low None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3066 MariaDB
Server
Server:
Options
No 3.3 Network High High None Un-
changed
Low Low None 10.3.8 and prior
CVE-2018-3064 MariaDB
Server
InnoDB No 7.1 Network Low Low None Un-
changed
None Low High 10.3.8 and prior
CVE-2018-3063 MariaDB
Server
Server:
Security:
Privileges
No 4.9 Network Low High None Un-
changed
None None High 10.3.8 and prior
CVE-2018-3060 MariaDB
Server
InnoDB No 6.5 Network Low High None Un-
changed
None High High 10.3.8 and prior
CVE-2018-3058 MariaDB
Server
MyISAM No 4.3 Network Low Low None Un-
changed
None Low None 10.3.8 and prior
CVE-2016-9843 MariaDB
Server
zlib
1.2.8:
crc32
function
No ERR Un-
changed
None Low None 10.3.10 and prior

Description of CVEs for MariaDB

CVE# Description
CVE-2022-27458 Contains an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h.
CVSS 3.1 Base Score 7.5
CVE-2022-24052
CVE-2022-24051
CVE-2022-24050
CVE-2022-24048
CVE-2022-21451 Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2022-21427 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-46668 MariaDB allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures.
CVSS 3.1 Base Score 7.5 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-46667 MariaDB has a sql_lex.cc integer overflow, leading to an application crash.
CVSS 3.1 Base Score 5.7 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-46665 MariaDB allows a sql_parse.cc application crash because of incorrect used_tables expectations.
CVSS 3.1 Base Score 7.5 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-46664 MariaDB allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr.
CVSS 3.1 Base Score 7.5 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-46663 MariaDB allows a ha_maria::extra application crash via certain SELECT statements.
CVSS 3.1 Base Score 7.5 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-46662 MariaDB allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery.
CVSS 3.1 Base Score 7.5 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-46661 MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE).
CVSS 3.1 Base Score 7.5 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-46659 MariaDB allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW.
CVSS 3.1 Base Score 5.5 CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-46658 Save_window_function_values in MariaDB allows an application crash because of incorrect handling of with_window_func=true for a subquery.
CVSS 3.1 Base Score 5.5 CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-35604 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data.
CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2021-27928 A remote code execution issue was discovered in MariaDB Galera Cluster. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd.
CVE-2021-2389 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2372 Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server.
CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2194 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. See also: MDEV-18366
CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2180 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2174 Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2166 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2154 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2021-2144 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in takeover of MariaDB Server.
CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availabi CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVE-2021-2022 Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-28912 With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503. See also: MDEV-24040.
CVE-2020-2814 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2812 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2760 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data.
CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2020-2752 Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Client.
CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2574 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MariaDB Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Client.
CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-15180
CVE-2020-14812 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-14789 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-14776 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-14765 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-13249 libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle.
CVE-2019-2974 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2938 Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2805 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2758 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data.
CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2740 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2739 Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data.
CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2737 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2628 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2627 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2614 Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2537 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2510 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2503 Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MariaDB Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impact CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).
CVE-2018-3284 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3282 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-2018-3277 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3251 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3200 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3185 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data.
CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2018-3174 Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. While the vulnerability is in MariaDB Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).
CVE-2018-3173 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3162 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3156 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3143 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3066 Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB Server accessible data as well as unauthorized read access to a subset of MariaDB Server accessible data.
CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).
CVE-2018-3064 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data.
CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
CVE-2018-3063 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3060 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MariaDB Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).
CVE-2018-3058 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB Server accessible data.
CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.