Description

Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.

Remediation

References

CVE-2007-1442

Related Vulnerabilities

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31549)

LimeSurvey Improper Restriction of XML External Entity Reference Vulnerability (CVE-2019-16174)

MySQL CVE-2016-3518 Vulnerability (CVE-2016-3518)

WordPress Plugin YITH WooCommerce Gift Cards Premium Unspecified Vulnerability (3.20.0)

WordPress Plugin Stealth Login Page Unspecified Vulnerability (1.1.3)

Severity

High

Classification

CVE-2007-1442

Tags

Missing Update Known Vulnerabilities