Description
Oracle Database 10g uses a NULL pDacl parameter when calling the SetSecurityDescriptorDacl function to create discretionary access control lists (DACLs), which allows local users to gain privileges.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2020-14640 Vulnerability (CVE-2020-14640)
MySQL CVE-2016-3471 Vulnerability (CVE-2016-3471)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20411)
IBM RTC Files or Directories Accessible to External Parties Vulnerability (CVE-2017-1602)
WordPress Plugin Wholesale Market Arbitrary File Download (2.2.0)