Description
Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2008-1818 Vulnerability (CVE-2008-1818)
Envoy Proxy Incorrect Authorization Vulnerability (CVE-2021-32777)
Apache Tomcat version older than 6.0.10
WordPress Plugin Nextend Facebook Connect Cross-Site Scripting (1.5.0)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2020-10968)