You are here

MariaDB Security Risk Matrix

MariaDB Vulnerabilities

CVE# Product Component Protocol Remote
Exploit
without
Auth.?
CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2020-2814 MariaDB
Server
InnoDB Yes 4.9 Network Low High None Un-
changed
None None High 10.1.44 and prior,
10.2.31 and prior,
10.3.22 and prior,
10.4.12 and prior
CVE-2020-2812 MariaDB
Server
Server:
Stored
Procedure
Yes 4.9 Network Low High None Un-
changed
None None High 5.5.67 and prior,
10.1.44 and prior,
10.2.31 and prior,
10.3.22 and prior,
10.4.12 and prior
CVE-2020-2760 MariaDB
Server
InnoDB Yes 5.5 Network Low High None Un-
changed
None Low High 10.2.31 and prior,
10.3.22 and prior,
10.4.12 and prior
CVE-2020-2752 MariaDB
Client
C
API
Yes 5.3 Network High Low None Un-
changed
None None High 5.5.67 and prior,
10.1.44 and prior,
10.2.31 and prior,
10.3.22 and prior,
10.4.12 and prior
CVE-2020-2574 MariaDB
Client
C
API
MariaDB
Protocol
Yes 5.9 Network High None None Un-
changed
None None High 5.5.66 and prior,
10.1.43 and prior,
10.3.21 and prior,
10.4.11 and prior
CVE-2019-2974 MariaDB
Server
Server:
Optimizer
MariaDB
Protocol
Yes 6.5 Network Low Low None Un-
changed
None None High 5.5.65 and prior,
10.1.41 and prior,
10.2.27 and prior,
10.3.18 and prior,
10.4.8 and prior
CVE-2019-2938 MariaDB
Server
InnoDB MariaDB
Protocol
Yes 4.4 Network High High None Un-
changed
None None High 5.5.65 and prior,
10.1.41 and prior,
10.2.27 and prior,
10.3.18 and prior,
10.4.8 and prior
CVE-2019-2805 MariaDB
Server
Server:
Parser
No 6.5 Network Low Low None Un-
changed
None None High 10.4.8 and prior,
10.3.16 and prior
CVE-2019-2758 MariaDB
Server
Server:
InnoDB
No 5.5 Network Low High None Un-
changed
None Low High 10.4.6 and prior,
10.3.16 and prior
CVE-2019-2740 MariaDB
Server
Server:
XML
No 6.5 Network Low Low None Un-
changed
None None High 10.4.6 and prior,
10.3.16 and prior
CVE-2019-2739 MariaDB
Server
Server:
Security:
Privileges
No 5.1 Local Low High None Un-
changed
None Low High 10.4.6 and prior,
10.3.16 and prior
CVE-2019-2737 MariaDB
Server
Server:
Pluggable
Auth
No 4.9 Network Low High None Un-
changed
None None High 10.4.6 and prior,
10.3.16 and prior
CVE-2019-2628 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.4.4 and prior,
10.3.14 and prior
CVE-2019-2627 MariaDB
Server
Server:
Security:
Privileges
No 4.9 Network Low High None Un-
changed
None None High 10.4.4 and prior,
10.3.14 and prior
CVE-2019-2614 MariaDB
Server
Server:
Replication
No 4.4 Network High High None Un-
changed
None None High 10.4.4 and prior,
10.3.14 and prior
CVE-2019-2537 MariaDB
Server
Server:
DDL
No 4.9 Network Low High None Un-
changed
None None High 10.3.12 and prior
CVE-2019-2510 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.3.12 and prior
CVE-2019-2503 MariaDB
Server
Server:
Connection
Handling
No 6.4 High Low None Un-
changed
High None High 10.3.9 and prior
CVE-2018-3284 MariaDB
Server
InnoDB No 4.4 Network High High None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3282 MariaDB
Server
Server:
Storage
Engines
No 4.9 Un-
changed
None None High 10.3.10 and prior
CVE-2018-3277 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3251 MariaDB
Server
InnoDB No 6.5 Network Low Low None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3200 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3185 MariaDB
Server
InnoDB No 5.5 Network Low High None Un-
changed
None Low High 10.3.10 and prior
CVE-2018-3174 MariaDB
Server
Client
programs
No 5.3 Local High High None Changed None None High 10.3.10 and prior
CVE-2018-3173 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3162 MariaDB
Server
InnoDB No 4.9 Network Low High None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3156 MariaDB
Server
InnoDB No 6.5 Network Low Low None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3143 MariaDB
Server
InnoDB No 6.5 Network Low Low None Un-
changed
None None High 10.3.10 and prior
CVE-2018-3066 MariaDB
Server
Server:
Options
No 3.3 Network High High None Un-
changed
Low Low None 10.3.8 and prior
CVE-2018-3064 MariaDB
Server
InnoDB No 7.1 Network Low Low None Un-
changed
None Low High 10.3.8 and prior
CVE-2018-3063 MariaDB
Server
Server:
Security:
Privileges
No 4.9 Network Low High None Un-
changed
None None High 10.3.8 and prior
CVE-2018-3060 MariaDB
Server
InnoDB No 6.5 Network Low High None Un-
changed
None High High 10.3.8 and prior
CVE-2018-3058 MariaDB
Server
MyISAM No 4.3 Network Low Low None Un-
changed
None Low None 10.3.8 and prior
CVE-2016-9843 MariaDB
Server
zlib
1.2.8:
crc32
function
No ERR Un-
changed
None Low None 10.3.10 and prior

Description of CVEs for MariaDB

CVE# Description
CVE-2020-2814 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2812 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2760 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data.
CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2020-2752 Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Client.
CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2020-2574 Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MariaDB Client. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Client.
CVSS 3.0 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2974 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2938 Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2805 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2758 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data.
CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2740 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2739 Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data.
CVSS 3.0 Base Score 5.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2019-2737 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2628 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2627 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2614 Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2537 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2510 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2019-2503 Difficult to exploit vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the MariaDB Server executes to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MariaDB Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.4 (Confidentiality and Availability impact CVSS Vector: (CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H).
CVE-2018-3284 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3282 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)
CVE-2018-3277 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3251 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3200 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3185 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data.
CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
CVE-2018-3174 Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MariaDB Server executes to compromise MariaDB Server. While the vulnerability is in MariaDB Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H).
CVE-2018-3173 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3162 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3156 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3143 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3066 Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB Server accessible data as well as unauthorized read access to a subset of MariaDB Server accessible data.
CVSS 3.0 Base Score 3.3 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:N).
CVE-2018-3064 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server as well as unauthorized update, insert or delete access to some of MariaDB Server accessible data.
CVSS 3.0 Base Score 7.1 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H).
CVE-2018-3063 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
CVE-2018-3060 Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MariaDB Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MariaDB Server.
CVSS 3.0 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).
CVE-2018-3058 Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MariaDB Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MariaDB Server accessible data.
CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
CVE-2016-9843 The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.