Description
Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.
Remediation
References
Related Vulnerabilities
MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31549)
LimeSurvey Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-16174)
MySQL CVE-2016-3518 Vulnerability (CVE-2016-3518)
WordPress Plugin YITH WooCommerce Gift Cards Premium Unspecified Vulnerability (3.20.0)
WordPress Plugin Stealth Login Page Unspecified Vulnerability (1.1.3)