Uncategorized CVEs — 2021 (Page 8/26)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2021-09-18

Critical

CVE-2021-41393

Teleport before 4.4.11, 5.x before 5.2.4, 6.x before 6.2.12, and 7.x before 7.1.1 allows forgery of SSH host certificates in some situations.

CVSS: 9.8CWE: N/A

2021-09-17

Critical

CVE-2021-41326

In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.

CVSS: 9.8CWE: N/A

Critical

CVE-2020-12083

An elevated privileges issue related to Spring MVC calls impacts Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64).

CVSS: 9.9CWE: N/A

Critical

CVE-2021-20791

Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to bypass access restriction and to exchange unauthorized files between the local environment and the…

CVSS: 9.3CWE: N/A

Critical

CVE-2021-20790

Improper control of program execution vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker to execute an arbitrary command or code via unspecified vectors.

CVSS: 9.6CWE: N/A

2021-09-16

Medium

CVE-2020-21605

libde265 v1.0.4 contains a segmentation fault in the apply_sao_internal function, which can be exploited via a crafted a file.

CVSS: 6.5CWE: N/A

Medium

CVE-2020-21530

fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c.

CVSS: 5.5CWE: N/A

High

CVE-2021-29825

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could disclose sensitive information when using ADMIN_CMD with LOAD or BACKUP. IBM X-Force ID: 204470.

CVSS: 7.5CWE: N/A

Medium

CVE-2021-29752

IBM Db2 11.2 and 11.5 contains an information disclosure vulnerability, exposing remote storage credentials to privileged users under specific conditions. IBM X-Fporce ID: 201780.

CVSS: 4.4CWE: N/A

2021-09-15

Critical

CVE-2021-40881

An issue in the BAT file parameters of PublicCMS v4.0 allows attackers to execute arbitrary code.

CVSS: 9.8CWE: N/A

High

CVE-2020-21480

An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file.

CVSS: 7.2CWE: N/A

Medium

CVE-2016-20012

OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occu…

CVSS: 5.3CWE: N/A

Medium

CVE-2021-20433

IBM Security Guardium 11.3 could allow a an authenticated user to obtain sensitive information that could be used in further attacks against the system. IBM X-Force ID: 196345.

CVSS: 6.5CWE: N/A

Critical

CVE-2020-21125

An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.

CVSS: 9.8CWE: N/A

Medium

CVE-2021-40448

Microsoft Accessibility Insights for Android Information Disclosure Vulnerability

CVSS: 6.3CWE: N/A

Medium

CVE-2021-38669

Microsoft Edge (Chromium-based) Tampering Vulnerability

CVSS: 6.4CWE: N/A

High

CVE-2021-38661

HEVC Video Extensions Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-38660

Microsoft Office Graphics Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-38659

Microsoft Office Graphics Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-38657

Microsoft Office Graphics Component Information Disclosure Vulnerability

CVSS: 6.1CWE: N/A

High

CVE-2021-38652

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 7.6CWE: N/A

High

CVE-2021-38651

Microsoft SharePoint Server Spoofing Vulnerability

CVSS: 7.6CWE: N/A

High

CVE-2021-38650

Microsoft Office Spoofing Vulnerability

CVSS: 7.6CWE: N/A

High

CVE-2021-38649

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS: 7.0CWE: N/A

High

CVE-2021-38648

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Critical

CVE-2021-38647

Open Management Infrastructure Remote Code Execution Vulnerability

CVSS: 9.8CWE: N/A

High

CVE-2021-38646

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-38645

Open Management Infrastructure Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

High

CVE-2021-38644

Microsoft MPEG-2 Video Extension Remote Code Execution Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-38637

Windows Storage Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2021-38636

Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2021-38635

Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2021-38632

BitLocker Security Feature Bypass Vulnerability

CVSS: 5.7CWE: N/A

Medium

CVE-2021-38629

Windows Ancillary Function Driver for WinSock Information Disclosure Vulnerability

CVSS: 6.5CWE: N/A

Medium

CVE-2021-36972

Windows SMB Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2021-36969

Windows Redirected Drive Buffering SubSystem Driver Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-36965

Windows WLAN AutoConfig Service Remote Code Execution Vulnerability

CVSS: 8.8CWE: N/A

Medium

CVE-2021-36962

Windows Installer Information Disclosure Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2021-36961

Windows Installer Denial of Service Vulnerability

CVSS: 5.5CWE: N/A

High

CVE-2021-36960

Windows SMB Information Disclosure Vulnerability

CVSS: 7.5CWE: N/A

Medium

CVE-2021-36959

Windows Authenticode Spoofing Vulnerability

CVSS: 5.5CWE: N/A

Medium

CVE-2021-36956

Azure Sphere Information Disclosure Vulnerability

CVSS: 4.4CWE: N/A

High

CVE-2021-36955

Windows Common Log File System Driver Elevation of Privilege Vulnerability

CVSS: 7.8CWE: N/A

Medium

CVE-2021-26437

Visual Studio Code Spoofing Vulnerability

CVSS: 5.5CWE: N/A

2021-09-14

Medium

CVE-2020-21048

An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file.

CVSS: 6.5CWE: N/A

Medium

CVE-2021-38175

SAP Analysis for Microsoft Office - version 2.8, allows an attacker with high privileges to read sensitive data over the network, and gather or change information in the current system without user i…

CVSS: 6.5CWE: N/A

Medium

CVE-2021-38174

When a user opens manipulated files received from untrusted sources in SAP 3D Visual Enterprise Viewer version - 9, the application crashes and becomes temporarily unavailable to the user until resta…

CVSS: 6.5CWE: N/A

Medium

CVE-2021-33686

Under certain conditions, SAP Business One version - 10.0, allows an unauthorized attacker to get access to some encrypted sensitive information, but does not have control over kind or degree.

CVSS: 5.3CWE: N/A

Medium

CVE-2021-39125

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to discover the usernames of users via an enumeration vulnerability in the password reset page. The affecte…

CVSS: 5.3CWE: N/A

High

CVE-2021-39123

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the /rest/gad…

CVSS: 7.5CWE: N/A

Medium

CVE-2021-39118

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to discover the usernames and full names of users via an enumeration vulnerability in the /rest/api/1.0/render endpoi…

CVSS: 5.3CWE: N/A

Medium

CVE-2019-20101

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to view whitelist rules via a Broken Access Control vulnerability in the /rest/whitelist/<version>/check en…

CVSS: 5.3CWE: N/A

2021-09-13

Medium

CVE-2021-24510

The MF Gig Calendar WordPress plugin before 1.2 does not sanitise and escape the id GET parameter before outputting back in the admin dashboard when editing an Event, leading to a reflected Cross-Sit…

CVSS: 6.1CWE: N/A

Critical

CVE-2021-40866

Certain NETGEAR smart switches are affected by a remote admin password change by an unauthenticated attacker via the (disabled by default) /sqfs/bin/sccd daemon, which fails to check authentication w…

CVSS: 9.8CWE: N/A

2021-09-11

Critical

CVE-2021-40146

A Remote Code Execution (RCE) vulnerability was discovered in the Any23 YAMLExtractor.java file and is known to affect Any23 versions < 2.5. RCE vulnerabilities allow a malicious actor to execute any…

CVSS: 9.8CWE: N/A

2021-09-10

Critical

CVE-2021-40864

The Translate plugin 6.1.x through 6.3.x before 6.3.0.72 for ONLYOFFICE Document Server lacks escape calls for the msg.data and text fields.

CVSS: 9.8CWE: N/A

Medium

CVE-2021-40347

An issue was discovered in views/list.py in GNU Mailman Postorius before 1.3.5. An attacker (logged into any account) can send a crafted POST request to unsubscribe any user from a mailing list, also…

CVSS: 5.4CWE: N/A

Critical

CVE-2021-37423

Zoho ManageEngine ADSelfService Plus 6111 and prior is vulnerable to linked applications takeover.

CVSS: 9.8CWE: N/A

2021-09-09

Medium

CVE-2021-37101

There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by p…

CVSS: 6.8CWE: N/A

Medium

CVE-2021-28499

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user account passwords set in clear text could leak to users without any password. This issue affects…

CVSS: 6.3CWE: CWE-255

High

CVE-2021-28498

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, user enable passwords set in clear text could result in unprivileged users getting complete access to…

CVSS: 8.7CWE: CWE-255

Medium

CVE-2021-28497

In Arista's MOS (Metamako Operating System) software which is supported on the 7130 product line, under certain conditions, the bash shell might be accessible to unprivileged users in situations wher…

CVSS: 4.4CWE: CWE-264

Medium

CVE-2021-20118

Nessus Agent 8.3.0 and earlier was found to contain a local privilege escalation vulnerability which could allow an authenticated, local administrator to run specific executables on the Nessus Agent…

CVSS: 6.7CWE: N/A

Medium

CVE-2021-20117

CVSS: 6.7CWE: N/A

Medium

CVE-2021-1957

Improper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Sna…

CVSS: 6.5CWE: N/A

Medium

CVE-2021-1956

Improper handling of ASB-U packet with L2CAP channel ID by slave host can lead to interference with piconet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electr…

CVSS: 6.5CWE: N/A

High

CVE-2021-34713

A vulnerability in the Layer 2 punt code of Cisco IOS XR Software running on Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to cause the affected…

CVSS: 7.4CWE: CWE-399

2021-09-08

Medium

CVE-2021-36215

LINE client for iOS 10.21.3 and before allows address bar spoofing due to inappropriate address handling.

CVSS: 5.3CWE: N/A

Medium

CVE-2021-30718

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A non-privileged user may be able to modify restricted settings.

CVSS: 4.3CWE: N/A

Medium

CVE-2021-30716

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged…

CVSS: 5.9CWE: N/A

High

CVE-2021-30715

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing…

CVSS: 7.5CWE: N/A

High

CVE-2021-30712

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be abl…

CVSS: 7.8CWE: N/A

Medium

CVE-2021-30709

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a ma…

CVSS: 5.5CWE: N/A

Medium

CVE-2021-30705

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watc…

CVSS: 5.5CWE: N/A

High

CVE-2021-30704

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big S…

CVSS: 7.8CWE: N/A

High

CVE-2021-30701

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously…

CVSS: 7.8CWE: N/A

Medium

CVE-2021-30700

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to disclosu…

CVSS: 5.5CWE: N/A

Medium

CVE-2021-30699

A window management issue was addressed with improved state management. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be able to view restricted content from the lockscreen.

CVSS: 4.6CWE: N/A

Medium

CVE-2021-30697

CVSS: 5.5CWE: N/A

Medium

CVE-2021-30696

An attacker in a privileged network position may be able to misrepresent application state. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Moja…

CVSS: 5.9CWE: N/A

Medium

CVE-2021-30694

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 a…

CVSS: 5.5CWE: N/A

Medium

CVE-2021-30692

CVSS: 5.5CWE: N/A

Medium

CVE-2021-30691

CVSS: 5.5CWE: N/A

Critical

CVE-2021-30690

Multiple issues in apache were addressed by updating apache to version 2.4.46. This issue is fixed in Security Update 2021-004 Mojave. Multiple issues in apache.

CVSS: 9.8CWE: N/A

High

CVE-2021-30688

A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved valida…

CVSS: 8.8CWE: N/A

Medium

CVE-2021-30685

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously cr…

CVSS: 5.5CWE: N/A

High

CVE-2021-30684

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A remote attacker may cause an unexpected application termina…

CVSS: 7.8CWE: N/A

Medium

CVE-2021-30682

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able…

CVSS: 5.5CWE: N/A

High

CVE-2021-30680

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4. A local user may be able to load unsigned kernel extensions.

CVSS: 7.8CWE: N/A

High

CVE-2021-30679

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An application may be able to…

CVSS: 7.8CWE: N/A

Critical

CVE-2021-30678

CVSS: 9.8CWE: N/A

High

CVE-2021-30677

This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS…

CVSS: 8.8CWE: N/A

High

CVE-2021-30676

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to…

CVSS: 7.1CWE: N/A

Medium

CVE-2021-30674

This issue was addressed with improved checks. This issue is fixed in iOS 14.6 and iPadOS 14.6. A malicious application may disclose restricted memory.

CVSS: 5.5CWE: N/A

Medium

CVE-2021-30673

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to access a user's c…

CVSS: 5.5CWE: N/A

High

CVE-2021-30662

This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution.

CVSS: 7.3CWE: N/A

Medium

CVE-2021-30659

A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user info…

CVSS: 6.5CWE: N/A

Medium

CVE-2021-30656

An access issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to determine kernel memory layout.

CVSS: 5.5CWE: N/A

Critical

CVE-2021-30655

An application may be able to execute arbitrary code with system privileges. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. The issue was addressed with improved permis…

CVSS: 9.8CWE: N/A

Medium

CVE-2021-30654

This issue was addressed by removing additional entitlements. This issue is fixed in GarageBand 10.4.3. A local attacker may be able to read sensitive information.

CVSS: 5.5CWE: N/A

High

CVE-2021-30653

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrar…

CVSS: 7.8CWE: N/A

High

CVE-2021-21996

An issue was discovered in SaltStack Salt before 3003.3. A user who has control of the source, and source_hash URLs can gain full file system access as root on a salt minion.

CVSS: 7.5CWE: N/A

High

CVE-2021-1880

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution.

CVSS: 7.8CWE: N/A

High

CVE-2021-1874

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to execute arbitrary code with kernel privileges.

CVSS: 8.8CWE: N/A

Medium

CVE-2021-1873

An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Moja…

CVSS: 6.5CWE: N/A

Medium

CVE-2021-1872

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. Muting a CallKit call while ringing may not result in mut…

CVSS: 4.3CWE: N/A

Low

CVE-2021-1862

Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with…

CVSS: 2.4CWE: N/A

Medium

CVE-2021-1861

An issue existed in determining cache occupancy. The issue was addressed through improved logic. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to track users by setting s…

CVSS: 4.3CWE: N/A

High

CVE-2021-1859

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. Locked Notes content may have been unexpectedly unlocked.

CVSS: 7.5CWE: N/A

Medium

CVE-2021-1855

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to force unnecessary network connections to fetch its favicon.

CVSS: 6.5CWE: N/A

Medium

CVE-2021-1848

The issue was addressed with improved UI handling. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to view sensitive information in the app switcher.

CVSS: 5.5CWE: N/A

High

CVE-2021-1843

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big S…

CVSS: 7.8CWE: N/A

High

CVE-2021-1838

This issue was addressed with improved checks. This issue is fixed in iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

CVSS: 7.8CWE: N/A

High

CVE-2021-1833

This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to gain elevated privileges.

CVSS: 7.8CWE: N/A

Medium

CVE-2021-1824

This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application with root privileges may be able to access p…

CVSS: 4.4CWE: N/A

Medium

CVE-2021-1822

A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A local user may be able to modify protected parts of the file system.

CVSS: 5.5CWE: N/A

High

CVE-2021-1814

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, watchOS 7.4. Processing a maliciously crafted image may lead to arbitrary code execution.

CVSS: 7.8CWE: N/A

High

CVE-2021-1812

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to execute arbitrary code with system privileges.

CVSS: 7.8CWE: N/A

Medium

CVE-2021-1811

A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 1…

CVSS: 6.5CWE: N/A

Medium

CVE-2021-1810

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks.

CVSS: 5.5CWE: N/A