"-Synchronized-Data."

2025-05-07 03:02:46 +00:00 · 2021-06-03 13:00:49 +00:00 · 2021-06-03 13:00:49 +00:00 · c9ad4bded5
commit c9ad4bded5
parent 09290cf1ea
3 changed files with 59 additions and 5 deletions
--- a/2021/32xxx/CVE-2021-32926.json
+++ b/2021/32xxx/CVE-2021-32926.json
@ -4,14 +4,58 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2021-32926",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "ics-cert@hq.dhs.gov",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "Micro800, MicroLogix 1400",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "Micro800: All versions, MicroLogix 1400: Version 21 and later when Enhanced Password Security enabled."
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CHANNEL ACCESSIBLE BY NON-ENDPOINT CWE-300"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02",
+                "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition"
            }
        ]
    }
--- a/2021/33xxx/CVE-2021-33574.json
+++ b/2021/33xxx/CVE-2021-33574.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "The mq_notify function in the GNU C Library (aka glibc) through 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact."
+                "value": "The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact."
            }
        ]
    },
@ -56,6 +56,11 @@
                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896",
                "refsource": "MISC",
                "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896"
+            },
+            {
+                "refsource": "MISC",
+                "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1",
+                "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1"
            }
        ]
    }
--- a/2021/33xxx/CVE-2021-33805.json
+++ b/2021/33xxx/CVE-2021-33805.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "In the reference implementation of FUSE before 2.9.8, local attackers were able to specify the allow_other option even if forbidden in /etc/fuse.conf, leading to exposure of FUSE filesystems to other users. This issue only affects systems with SELinux active."
+                "value": "In the reference implementation of FUSE before 2.9.8 and 3.x before 3.2.5, local attackers were able to specify the allow_other option even if forbidden in /etc/fuse.conf, leading to exposure of FUSE filesystems to other users. This issue only affects systems with SELinux active."
            }
        ]
    },
@ -56,6 +56,11 @@
                "url": "https://github.com/libfuse/libfuse/releases/tag/fuse-2.9.8",
                "refsource": "MISC",
                "name": "https://github.com/libfuse/libfuse/releases/tag/fuse-2.9.8"
+            },
+            {
+                "refsource": "CONFIRM",
+                "name": "https://github.com/libfuse/libfuse/releases/tag/fuse-3.2.5",
+                "url": "https://github.com/libfuse/libfuse/releases/tag/fuse-3.2.5"
            }
        ]
    }