4 matches found
CVE-2021-36231
CVE-2021-36231 : Deserialization of untrusted data in multiple functions of MIK.starlight 7.9.5.24363 allows authenticated remote attackers to execute operating system commands by crafting serialized objects. Root cause: deserialization of untrusted data. Impact: high (CVSSv3.1: AV:N/AC:L/PR:L/UI...
CVE-2021-36232
Technical details such as affected component, root cause, and remediation are not publicly available in the provided documents. Monitor for updates.
CVE-2021-36234
CVE-2021-36234 affects the MIK.starlight 7.9.5.24363 release. The root cause is a hard-coded cryptographic key , which could allow local attackers to decrypt credentials via unspecified vectors. The impact described across sources indicates a confidential data exposure risk (credentials decrypted...
CVE-2021-36233
CVE-2021-36233 affects MIK.starlight prior to any explicit patch details in the provided docs, where the function AdminGetFirstFileContentByFilePath (version 7.9.5.24363) allows an authenticated attacker to read arbitrary filesystem files by supplying a file path. The root cause is an input handl...