Skip to main content

Mik Starlight

4 CVEs product

Monthly

CVE-2021-36234 MEDIUM This Month

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Mik Starlight
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-36233 MEDIUM POC This Month

The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Mik Starlight
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-36232 HIGH POC This Week

Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mik Starlight
NVD
CVSS 3.1
8.8
EPSS
1.1%
CVE-2021-36231 HIGH POC This Week

Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Mik Starlight
NVD
CVSS 3.1
8.8
EPSS
2.6%
EPSS 0% CVSS 5.5
MEDIUM This Month

Use of a hard-coded cryptographic key in MIK.starlight 7.9.5.24363 allows local users to decrypt credentials via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Mik Starlight
NVD
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design) an authenticated attacker to read arbitrary files from the filesystem by specifying the file path. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Mik Starlight
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Improper Authorization in multiple functions in MIK.starlight 7.9.5.24363 allows an authenticated attacker to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Mik Starlight
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

Deserialization of untrusted data in multiple functions in MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Deserialization Mik Starlight
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy