Fixed Security Vulnerabilities

Table of Fixed Security Vulnerabilities

Date

CVE ID (with cve.mitre.org link)

CVSS base score

Enterprise Server Releases

2021-03-15

CVE-2021-27928

N/A #f1 (Critical)

10.2.37-11, 10.3.28-11, 10.4.18-11, 10.5.9-6

2020-12-14

CVE-2020-14765

6.5

10.2.36-10, 10.3.27-10, 10.4.17-10, 10.5.8-5

2020-12-14

CVE-2020-14776

4.9

10.2.36-10, 10.3.27-10, 10.4.17-10, 10.5.8-5

2020-12-14

CVE-2020-14789

4.9

10.2.36-10, 10.3.27-10, 10.4.17-10, 10.5.8-5

2020-12-14

CVE-2020-14812

4.9

10.2.36-10, 10.3.27-10, 10.4.17-10, 10.5.8-5

2020-12-14

CVE-2020-28912

N/A #f1 (Critical)

10.2.36-10, 10.3.27-10, 10.4.17-10, 10.5.8-5

2020-10-07

CVE-2020-15180

N/A #f1 (Critical)

10.2.34-9, 10.3.25-9, 10.4.15-9, 10.5.6-4

2020-09-08

CVE-2021-2022

4.4

10.2.33-8, 10.3.24-8, 10.4.14-8, 10.5.5-3

2020-06-08

CVE-2020-2752

5.3

10.2.32-7, 10.3.23-7, 10.4.13-7

2020-06-08

CVE-2020-2760

5.5

10.2.32-7, 10.3.23-7, 10.4.13-7

2020-06-08

CVE-2020-2812

4.9

10.2.32-7, 10.3.23-7, 10.4.13-7

2020-06-08

CVE-2020-2814

4.9

10.2.32-7, 10.3.23-7, 10.4.13-7

2020-06-08

CVE-2020-13249

N/A #f2 (Medium)

10.2.32-7, 10.3.23-7, 10.4.13-7

2020-03-02

CVE-2020-2574

5.9

10.2.31-6, 10.3.22-6, 10.4.12-6

2020-03-02

CVE-2020-7221

7.8

10.4.12-6

2019-11-18

CVE-2019-2938

4.4

10.2.29-4, 10.3.20-4, 10.4.10-4

2019-11-18

CVE-2019-2974

6.5

10.2.29-4, 10.3.20-4, 10.4.10-4

2019-11-18

CVE-2020-2780

6.5

10.2.29-4, 10.3.20-4, 10.4.10-4

2019-08-19

CVE-2019-2737

4.9

10.2.26-2, 10.3.17-2, 10.4.7-2

2019-08-19

CVE-2019-2739

5.1

10.2.26-2, 10.3.17-2, 10.4.7-2

2019-08-19

CVE-2019-2740

6.5

10.2.26-2, 10.3.17-2, 10.4.7-2

2019-08-19

CVE-2019-2758

5.5

10.2.26-2, 10.3.17-2, 10.4.7-2

2019-08-19

CVE-2019-2805

6.5

10.2.26-2, 10.3.17-2, 10.4.7-2

2019-08-19

CVE-2020-2922

3.7

10.2.26-2, 10.3.17-2, 10.4.7-2

2019-08-19

CVE-2021-2007

3.7

10.2.26-2, 10.3.17-2, 10.4.7-2

Footnotes

Footnotes

#f1(1,2,3)

MariaDB CVEs do not have a CVSS base score. This CVE is rated "critical" using the criteria defined in the MariaDB Engineering Policy.

#f2

MariaDB CVEs do not have a CVSS base score. This CVE is rated "medium" using the criteria defined in the MariaDB Engineering Policy.

What is a CVE?

Common Vulnerabilities and Exposures (CVE) relate to flaws "in a software, firmware, hardware, or service component resulting from a weakness that can be exploited, causing a negative impact to the confidentiality, integrity, or availability of an impacted component or components."

For additional information, see CVE Terminology at cve.mitre.org

What is a CVSS Score?

Common Vulnerability Scoring System (CVSS) is "an open framework for communicating the characteristics and severity of software vulnerabilities."

For additional information, see Vulnerability Metrics at nvd.nist.gov

What CVEs are listed on this page?

This page provides a cross-reference for all CVEs addressed through a release of MariaDB Enterprise Server.

Enterprise Server Benefits

MariaDB Enterprise Server is an enhanced, hardened, and secured product with:

  • Enterprise-grade testing to drive a low defect rate

  • Increased code stability through restricted release of new functionality

  • Reduced risk from untested or incompatible features through inclusion of only features with level 3 support (Engineering code-level support) from MariaDB Corporation

  • Optimized configuration defaults

  • Premium features to meet enterprise scaling and operations requirements

  • Documentation maintained by MariaDB Corporation