You are here
MariaDB Security Risk Matrix
MariaDB Vulnerabilities
| CVE# | Product | Component | Protocol | Remote Exploit without Auth.? |
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) | Versions Affected | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Base Score |
Attack Vector |
Attack Complex |
Privs Req'd |
User Interact |
Scope | Confid- entiality |
Inte- grity |
Avail- ability |
||||||
| CVE-2022-27458 | MariaDB Server |
No | 7.5 | CE 10.7.3 an prior, CE 10.6.7 and prior, CE 10.5.15 an prior, CE 10.4.24 and prior, CE 10.3.34 and prior, EE 10.6.7 and prior, EE 10.5.15 and prior, EE 10.4.24 and prior, EE 10.3.34 and prior |
||||||||||
| CVE-2022-24052 | MariaDB Server |
No | ERR | 10.2.41 and prior, 10.3.32 and prior, 10.4.22 and prior, 10.5.13 and prior, 10.6.5 and prior, 10.7.1 and prior |
||||||||||
| CVE-2022-24051 | MariaDB Server |
No | ERR | 10.2.41 and prior, 10.3.32 and prior, 10.4.22 and prior, 10.5.13 and prior, 10.6.5 and prior, 10.7.1 and prior |
||||||||||
| CVE-2022-24050 | MariaDB Server |
No | ERR | 10.2.41 and prior, 10.3.32 and prior, 10.4.22 and prior, 10.5.13 and prior, 10.6.5 and prior, 10.7.1 and prior |
||||||||||
| CVE-2022-24048 | MariaDB Server |
No | ERR | 10.2.41 and prior, 10.3.32 and prior, 10.4.22 and prior, 10.5.13 and prior, 10.6.5 and prior, 10.7.1 and prior |
||||||||||
| CVE-2022-21451 | MariaDB Server |
InnoDB | multiple | Yes | 4.4 | Network | High | High | None | Un- changed |
None | None | High | CE 10.6.7 and prior, CE 10.5.15 and prior, CE 10.4.24 and prior, EE 10.6.7 and prior, EE 10.5.15 and prior, EE 10.4.24 and prior |
| CVE-2022-21427 | MariaDB Server |
FTS | multiple | Yes | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | CE 10.5.6 and prio, CE 10.4.24 and prior, CE 10.3.34 and prior, CE 10.2.43 and prior, EE 10.5.7 and prior, EE 10.4.24 and prior, EE 10.3.34 an prior |
| CVE-2021-46668 | MariaDB Server |
Parser | multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 10.2.42 and prior, 10.3.33 and prior, 10.4.23 and prior, 10.5.14 and prior, 10.6.6 and prior, 10.7.2 and prior |
| CVE-2021-46667 | MariaDB Server |
Parser | multiple | No | 5.7 | Network | Low | None | None | Un- changed |
None | None | High | 10.2.40 and prior, 10.3.31 and prior, 10.4.21 and prior, 10.5.12 and prior, 10.6.4 and prior |
| CVE-2021-46665 | MariaDB Server |
Parser | multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 10.2.42 and prior, 10.3.33 and prior, 10.4.23 and prior, 10.5.14 and prior, 10.6.6 and prior, 10.7.2 and prior |
| CVE-2021-46664 | MariaDB Server |
Parser | multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 10.2.42 and prior, 10.3.33 and prior, 10.4.23 and prior, 10.5.14 and prior, 10.6.6 and prior, 10.7.2 and prior |
| CVE-2021-46663 | MariaDB Server |
Handler Interface |
multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 10.2.42 and prior, 10.3.33 and prior, 10.4.23 and prior, 10.5.14 and prior, 10.6.6 and prior, 10.7.2 and prior |
| CVE-2021-46662 | MariaDB Server |
Configuration | multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 10.3.31 and prior, 10.4.21 and prior, 10.5.12 and prior, 10.6.4 and prior |
| CVE-2021-46661 | MariaDB Server |
Common Table Expression (CTE) |
multiple | Yes | 7.5 | Network | Low | None | None | Un- changed |
None | None | High | 10.2.42 and prior, 10.3.33 and prior, 10.4.23 and prior, 10.5.14 and prior, 10.6.6 and prior, 10.7.2 and prior |
| CVE-2021-46659 | MariaDB Server |
Parser | multiple | Yes | 5.5 | Local | Low | Low | None | Un- changed |
None | None | High | 10.2.41 and prior, 10.3.32 and prior, 10.4.22 and prior, 10.5.13 and prior, 10.6.5 and prior, 10.7.1 and prior |
| CVE-2021-46658 | MariaDB Server |
Window Functions |
multiple | Yes | 5.5 | Local | Low | Low | None | Un- changed |
None | None | High | 10.2.39 and prior, 10.3.30 and prior, 10.4.20 and prior, 10.5.11 and prior, 10.6.2 and prior |
| CVE-2021-35604 | MariaDB Server |
InnoDB | multiple | Yes | 5.5 | Network | Low | High | None | Un- changed |
None | Low | High | 10.2.40 and prior, 10.3.31 and prior, 10.4.21 and prior, 10.5.12 and prior, 10.6.2 and prior |
| CVE-2021-27928 | MariaDB Server |
Galera plug-in |
No | ERR | Un- changed |
None | Low | High | 10.2.36 and prior, 10.3.27 and prior, 10.4.17 and prior, 10.5.6 and prior |
|||||
| CVE-2021-2389 | MariaDB Server |
InnoDB | multiple | Yes | 5.9 | Network | High | None | None | Un- changed |
None | None | High | 10.2.39 and prior, 10.3.30 and prior, 10.4.20 and prior, 10.5.11 and prior, 10.6.3 and prior |
| CVE-2021-2372 | MariaDB Server |
InnoDB | multiple | Yes | 4.4 | Network | High | High | None | Un- changed |
None | None | High | 10.2.39 and prior, 10.3.30 and prior, 10.4.20 and prior, 10.5.11 and prior, 10.6.3 and prior |
| CVE-2021-2194 | MariaDB Server |
InnoDB | No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.2.34 and prior, 10.3.25 and prior, 10.4.15 and prior, 10.5.6 and prior |
|
| CVE-2021-2180 | MariaDB Server |
InnoDB | No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.2.37 and prior | |
| CVE-2021-2174 | MariaDB Server |
InnoDB | No | 4.4 | Network | High | High | None | Un- changed |
None | None | High | 10.2.17 and prior | |
| CVE-2021-2166 | MariaDB Server |
Server: DML |
No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.2.37 and prior, 10.3.28 and prior, 10.4.18 and prior, 10.5.9 and prior |
|
| CVE-2021-2154 | MariaDB Server |
Server: DML |
No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.2.37 and prior, 10.3.28 and prior, 10.4.18 and prior, 10.5.9 and prior |
|
| CVE-2021-2144 | MariaDB Server |
Server: Parser |
No | 7.2 | Network | Low | High | None | Un- changed |
High | High | High | 10.2.27 and prior, 10.3.18 and prior, 10.4.8 and prior |
|
| CVE-2021-2022 | MariaDB Server |
InnoDB | No | 4.4 | Network | High | High | None | Un- changed |
None | None | High | 10.1.45 and prior, 10.2.32 and prior, 10.3.23 and prior, 10.4.13 and prior, 10.5.4 and prior |
|
| CVE-2020-28912 | MariaDB Server |
Named Pipe |
No | ERR | Un- changed |
None | None | High | 10.1.47 and prior, 10.2.32 and prior, 10.3.25 and prior, 10.4.15 and prior, 10.5.6 and prior |
|||||
| CVE-2020-2814 | MariaDB Server |
InnoDB | Yes | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.1.44 and prior, 10.2.30 and prior, 10.3.22 and prior, 10.4.12 and prior |
|
| CVE-2020-2812 | MariaDB Server |
Server: Stored Procedure |
Yes | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 5.5.67 and prior, 10.1.44 and prior, 10.2.30 and prior, 10.3.22 and prior, 10.4.12 and prior |
|
| CVE-2020-2760 | MariaDB Server |
InnoDB | Yes | 5.5 | Network | Low | High | None | Un- changed |
None | Low | High | 10.2.30 and prior, 10.3.22 and prior, 10.4.12 and prior |
|
| CVE-2020-2752 | MariaDB Client |
C API |
Yes | 5.3 | Network | High | Low | None | Un- changed |
None | None | High | 5.5.67 and prior, 10.1.44 and prior, 10.2.30 and prior, 10.3.22 and prior, 10.4.12 and prior |
|
| CVE-2020-2574 | MariaDB Client |
C API |
MariaDB Protocol |
Yes | 5.9 | Network | High | None | None | Un- changed |
None | None | High | 5.5.66 and prior, 10.1.43 and prior, 10.3.21 and prior, 10.4.11 and prior |
| CVE-2020-15180 | MariaDB Server |
No | ERR | Un- changed |
None | None | High | 10.1.46 and prior, 10.2.33 and prior, 10.3.24 and prior, 10.4.14 and prior, 10.5.5 and prior |
||||||
| CVE-2020-14812 | MariaDB Server |
Server: Locking |
No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.1.47 and prior, 10.2.34 and prior, 10.3.25 and prior, 10.4.15 and prior, 10.5.6 and prior |
|
| CVE-2020-14789 | MariaDB Server |
Server: FTS |
No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.2.34 and prior, 10.3.25 and prior, 10.4.15 and prior, 10.5.6 and prior |
|
| CVE-2020-14776 | MariaDB Server |
InnoDB | No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.2.34 and prior, 10.3.25 and prior, 10.4.15 and prior, 10.5.6 and prior |
|
| CVE-2020-14765 | MariaDB Server |
Server: FTS |
No | 6.5 | Network | Low | Low | None | Un- changed |
None | None | High | 10.1.47 and prior, 10.2.34 and prior, 10.3.25 and prior, 10.4.15 and prior, 10.5.6 and prior |
|
| CVE-2020-13249 | MariaDB Client |
C API |
MariaDB Protocol |
Yes | ERR | Un- changed |
None | None | High | 10.2.30 and prior, 10.3.22 and prior, 10.4.12 and prior |
||||
| CVE-2019-2974 | MariaDB Server |
Server: Optimizer |
MariaDB Protocol |
Yes | 6.5 | Network | Low | Low | None | Un- changed |
None | None | High | 5.5.65 and prior, 10.1.41 and prior, 10.2.27 and prior, 10.3.18 and prior, 10.4.8 and prior |
| CVE-2019-2938 | MariaDB Server |
InnoDB | MariaDB Protocol |
Yes | 4.4 | Network | High | High | None | Un- changed |
None | None | High | 5.5.65 and prior, 10.1.41 and prior, 10.2.27 and prior, 10.3.18 and prior, 10.4.8 and prior |
| CVE-2019-2805 | MariaDB Server |
Server: Parser |
No | 6.5 | Network | Low | Low | None | Un- changed |
None | None | High | 10.4.8 and prior, 10.3.16 and prior |
|
| CVE-2019-2758 | MariaDB Server |
Server: InnoDB |
No | 5.5 | Network | Low | High | None | Un- changed |
None | Low | High | 10.4.6 and prior, 10.3.16 and prior |
|
| CVE-2019-2740 | MariaDB Server |
Server: XML |
No | 6.5 | Network | Low | Low | None | Un- changed |
None | None | High | 10.4.6 and prior, 10.3.16 and prior |
|
| CVE-2019-2739 | MariaDB Server |
Server: Security: Privileges |
No | 5.1 | Local | Low | High | None | Un- changed |
None | Low | High | 10.4.6 and prior, 10.3.16 and prior |
|
| CVE-2019-2737 | MariaDB Server |
Server: Pluggable Auth |
No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.4.6 and prior, 10.3.16 and prior |
|
| CVE-2019-2628 | MariaDB Server |
InnoDB | No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.4.4 and prior, 10.3.14 and prior |
|
| CVE-2019-2627 | MariaDB Server |
Server: Security: Privileges |
No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.4.4 and prior, 10.3.14 and prior |
|
| CVE-2019-2614 | MariaDB Server |
Server: Replication |
No | 4.4 | Network | High | High | None | Un- changed |
None | None | High | 10.4.4 and prior, 10.3.14 and prior |
|
| CVE-2019-2537 | MariaDB Server |
Server: DDL |
No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.3.12 and prior | |
| CVE-2019-2510 | MariaDB Server |
InnoDB | No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.3.12 and prior | |
| CVE-2019-2503 | MariaDB Server |
Server: Connection Handling |
No | 6.4 | High | Low | None | Un- changed |
High | None | High | 10.3.9 and prior | ||
| CVE-2018-3284 | MariaDB Server |
InnoDB | No | 4.4 | Network | High | High | None | Un- changed |
None | None | High | 10.3.10 and prior | |
| CVE-2018-3282 | MariaDB Server |
Server: Storage Engines |
No | 4.9 | Un- changed |
None | None | High | 10.3.10 and prior | |||||
| CVE-2018-3277 | MariaDB Server |
InnoDB | No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.3.10 and prior | |
| CVE-2018-3251 | MariaDB Server |
InnoDB | No | 6.5 | Network | Low | Low | None | Un- changed |
None | None | High | 10.3.10 and prior | |
| CVE-2018-3200 | MariaDB Server |
InnoDB | No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.3.10 and prior | |
| CVE-2018-3185 | MariaDB Server |
InnoDB | No | 5.5 | Network | Low | High | None | Un- changed |
None | Low | High | 10.3.10 and prior | |
| CVE-2018-3174 | MariaDB Server |
Client programs |
No | 5.3 | Local | High | High | None | Changed | None | None | High | 10.3.10 and prior | |
| CVE-2018-3173 | MariaDB Server |
InnoDB | No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.3.10 and prior | |
| CVE-2018-3162 | MariaDB Server |
InnoDB | No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.3.10 and prior | |
| CVE-2018-3156 | MariaDB Server |
InnoDB | No | 6.5 | Network | Low | Low | None | Un- changed |
None | None | High | 10.3.10 and prior | |
| CVE-2018-3143 | MariaDB Server |
InnoDB | No | 6.5 | Network | Low | Low | None | Un- changed |
None | None | High | 10.3.10 and prior | |
| CVE-2018-3066 | MariaDB Server |
Server: Options |
No | 3.3 | Network | High | High | None | Un- changed |
Low | Low | None | 10.3.8 and prior | |
| CVE-2018-3064 | MariaDB Server |
InnoDB | No | 7.1 | Network | Low | Low | None | Un- changed |
None | Low | High | 10.3.8 and prior | |
| CVE-2018-3063 | MariaDB Server |
Server: Security: Privileges |
No | 4.9 | Network | Low | High | None | Un- changed |
None | None | High | 10.3.8 and prior | |
| CVE-2018-3060 | MariaDB Server |
InnoDB | No | 6.5 | Network | Low | High | None | Un- changed |
None | High | High | 10.3.8 and prior | |
| CVE-2018-3058 | MariaDB Server |
MyISAM | No | 4.3 | Network | Low | Low | None | Un- changed |
None | Low | None | 10.3.8 and prior | |
| CVE-2016-9843 | MariaDB Server |
zlib 1.2.8: crc32 function |
No | ERR | Un- changed |
None | Low | None | 10.3.10 and prior | |||||
Description of CVEs for MariaDB
| CVE# | Description |
|---|---|
| CVE-2022-27458 | Contains an use-after-free in the component Binary_string::free_buffer() at /sql/sql_string.h. CVSS 3.1 Base Score 7.5 |
| CVE-2022-24052 | |
| CVE-2022-24051 | |
| CVE-2022-24050 | |
| CVE-2022-24048 | |
| CVE-2022-21451 | Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2022-21427 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-46668 | MariaDB allows an application crash via certain long SELECT DISTINCT statements that improperly interact with storage-engine resource limitations for temporary data structures. CVSS 3.1 Base Score 7.5 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-46667 | MariaDB has a sql_lex.cc integer overflow, leading to an application crash. CVSS 3.1 Base Score 5.7 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-46665 | MariaDB allows a sql_parse.cc application crash because of incorrect used_tables expectations. CVSS 3.1 Base Score 7.5 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-46664 | MariaDB allows an application crash in sub_select_postjoin_aggr for a NULL value of aggr. CVSS 3.1 Base Score 7.5 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-46663 | MariaDB allows a ha_maria::extra application crash via certain SELECT statements. CVSS 3.1 Base Score 7.5 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-46662 | MariaDB allows a set_var.cc application crash via certain uses of an UPDATE statement in conjunction with a nested subquery. CVSS 3.1 Base Score 7.5 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-46661 | MariaDB allows an application crash in find_field_in_tables and find_order_in_list via an unused common table expression (CTE). CVSS 3.1 Base Score 7.5 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-46659 | MariaDB allows an application crash because it does not recognize that SELECT_LEX::nest_level is local to each VIEW. CVSS 3.1 Base Score 5.5 CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-46658 | Save_window_function_values in MariaDB allows an application crash because of incorrect handling of with_window_func=true for a subquery. CVSS 3.1 Base Score 5.5 CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-35604 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
| CVE-2021-27928 | A remote code execution issue was discovered in MariaDB Galera Cluster. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. |
| CVE-2021-2389 | Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-2372 | Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-2194 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. See also: MDEV-18366 CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-2180 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-2174 | Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-2166 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-2154 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2021-2144 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in takeover of MariaDB Server. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availabi CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). |
| CVE-2021-2022 | Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2020-28912 | With MariaDB running on Windows, when local clients connect to the server over named pipes, it's possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503. See also: MDEV-24040. |
| CVE-2020-2814 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2020-2812 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2020-2760 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
| CVE-2020-2752 | Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Client. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2020-2574 | Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MariaDB Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Client. CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2020-15180 | |
| CVE-2020-14812 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2020-14789 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2020-14776 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2020-14765 | Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2020-13249 | libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a server. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. |
| CVE-2019-2974 | Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2019-2938 | Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2019-2805 | Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2019-2758 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
| CVE-2019-2740 | Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2019-2739 | Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data. CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
| CVE-2019-2737 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2019-2628 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2019-2627 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2019-2614 | Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2019-2537 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2019-2510 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2019-2503 | Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MariaDB Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impact CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H). |
| CVE-2018-3284 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2018-3282 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H) |
| CVE-2018-3277 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2018-3251 | Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2018-3200 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2018-3185 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). |
| CVE-2018-3174 | Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. While the vulnerability is in MariaDB Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H). |
| CVE-2018-3173 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2018-3162 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2018-3156 | Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2018-3143 | Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2018-3066 | Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB Server accessible data as well as unauthorized read access to a subset of MariaDB Server accessible data. CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N). |
| CVE-2018-3064 | Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data. CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H). |
| CVE-2018-3063 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). |
| CVE-2018-3060 | Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MariaDB Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server. CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). |
| CVE-2018-3058 | Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N). |
| CVE-2016-9843 | The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation. |