diff --git a/2021/32xxx/CVE-2021-32926.json b/2021/32xxx/CVE-2021-32926.json index 3f980ba1a18..5895e693c38 100644 --- a/2021/32xxx/CVE-2021-32926.json +++ b/2021/32xxx/CVE-2021-32926.json @@ -4,14 +4,58 @@ "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2021-32926", - "ASSIGNER": "cve@mitre.org", - "STATE": "RESERVED" + "ASSIGNER": "ics-cert@hq.dhs.gov", + "STATE": "PUBLIC" + }, + "affects": { + "vendor": { + "vendor_data": [ + { + "vendor_name": "n/a", + "product": { + "product_data": [ + { + "product_name": "Micro800, MicroLogix 1400", + "version": { + "version_data": [ + { + "version_value": "Micro800: All versions, MicroLogix 1400: Version 21 and later when Enhanced Password Security enabled." + } + ] + } + } + ] + } + } + ] + } + }, + "problemtype": { + "problemtype_data": [ + { + "description": [ + { + "lang": "eng", + "value": "CHANNEL ACCESSIBLE BY NON-ENDPOINT CWE-300" + } + ] + } + ] + }, + "references": { + "reference_data": [ + { + "refsource": "MISC", + "name": "https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02", + "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-145-02" + } + ] }, "description": { "description_data": [ { "lang": "eng", - "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value": "When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition" } ] } diff --git a/2021/33xxx/CVE-2021-33574.json b/2021/33xxx/CVE-2021-33574.json index a5f02c3ac09..13e2cb21db5 100644 --- a/2021/33xxx/CVE-2021-33574.json +++ b/2021/33xxx/CVE-2021-33574.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "The mq_notify function in the GNU C Library (aka glibc) through 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact." + "value": "The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object (passed through its struct sigevent parameter) after it has been freed by the caller, leading to a denial of service (application crash) or possibly unspecified other impact." } ] }, @@ -56,6 +56,11 @@ "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896", "refsource": "MISC", "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896" + }, + { + "refsource": "MISC", + "name": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1", + "url": "https://sourceware.org/bugzilla/show_bug.cgi?id=27896#c1" } ] } diff --git a/2021/33xxx/CVE-2021-33805.json b/2021/33xxx/CVE-2021-33805.json index 9227a3371d8..b0e34776b80 100644 --- a/2021/33xxx/CVE-2021-33805.json +++ b/2021/33xxx/CVE-2021-33805.json @@ -34,7 +34,7 @@ "description_data": [ { "lang": "eng", - "value": "In the reference implementation of FUSE before 2.9.8, local attackers were able to specify the allow_other option even if forbidden in /etc/fuse.conf, leading to exposure of FUSE filesystems to other users. This issue only affects systems with SELinux active." + "value": "In the reference implementation of FUSE before 2.9.8 and 3.x before 3.2.5, local attackers were able to specify the allow_other option even if forbidden in /etc/fuse.conf, leading to exposure of FUSE filesystems to other users. This issue only affects systems with SELinux active." } ] }, @@ -56,6 +56,11 @@ "url": "https://github.com/libfuse/libfuse/releases/tag/fuse-2.9.8", "refsource": "MISC", "name": "https://github.com/libfuse/libfuse/releases/tag/fuse-2.9.8" + }, + { + "refsource": "CONFIRM", + "name": "https://github.com/libfuse/libfuse/releases/tag/fuse-3.2.5", + "url": "https://github.com/libfuse/libfuse/releases/tag/fuse-3.2.5" } ] }