CVE-2023-39593

MEDIUM Year: 2023
CVSS v3 Score
5.6
Medium
Weakness Type
CWE-94
View all →

Vulnerability Description

Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

Related Vulnerabilities

CVE-2017-1721

MEDIUM
CVSS:5.6(Medium)

IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated user to execute code remotely with lower level privileges under unusual circumstances. IBM X-Force ID: 134810.

CWE-942017

CVE-2021-29772

MEDIUM
CVSS:5.6(Medium)

IBM API Connect 5.0.0.0 through 5.0.8.11 could allow a user to potentially inject code due to unsanitized user input. IBM X-Force ID: 202774.

CWE-942021

CVE-2024-35315

MEDIUM
CVSS:5.6(Medium)

A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an authenticated attacker to conduct a privil...

CWE-942024

CVE-2024-5834

MEDIUM
CVSS:5.6(Medium)

Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

CWE-942024

CVE-2021-25393

MEDIUM
CVSS:5.5(Medium)

Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.

CWE-942021

CVE-2021-25415

MEDIUM
CVSS:5.5(Medium)

Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.

CWE-942021