"-Synchronized-Data."

2025-08-04 08:44:25 +00:00 · 2021-09-09 14:00:52 +00:00 · 2021-09-09 14:00:52 +00:00 · 07d55e472c
commit 07d55e472c
parent 581b38b744
5 changed files with 99 additions and 18 deletions
--- a/2021/35xxx/CVE-2021-35217.json
+++ b/2021/35xxx/CVE-2021-35217.json
@ -1,7 +1,7 @@
 {
    "CVE_data_meta": {
        "ASSIGNER": "psirt@solarwinds.com",
-        "DATE_PUBLIC": "2021-09-02T13:14:00.000Z",
+        "DATE_PUBLIC": "2021-09-09T10:03:00.000Z",
        "ID": "CVE-2021-35217",
        "STATE": "PUBLIC",
        "TITLE": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability. "
@ -13,13 +13,14 @@
                    "product": {
                        "product_data": [
                            {
-                                "product_name": "Orion Platform ",
+                                "product_name": "Patch Manager",
                                "version": {
                                    "version_data": [
                                        {
+                                            "platform": "Windows",
                                            "version_affected": "<",
                                            "version_name": "2020.2.5 and previous versions",
-                                            "version_value": "2020.2.6"
+                                            "version_value": "2020.2.6 HF1"
                                        }
                                    ]
                                }
@ -73,7 +74,7 @@
                "description": [
                    {
                        "lang": "eng",
-                        "value": "Insecure Deserialization of untrusted data causing Remote code execution vulnerability."
+                        "value": "CWE-502 Deserialization of Untrusted Data"
                    }
                ]
            }
@ -82,19 +83,19 @@
    "references": {
        "reference_data": [
            {
-                "refsource": "MISC",
-                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
-                "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
+                "name": "https://support.solarwinds.com/SuccessCenter/s/article/Patch-Manager-2020-2-6-Hotfix-1-Release-Notes?language=en_US",
+                "refsource": "CONFIRM",
+                "url": "https://support.solarwinds.com/SuccessCenter/s/article/Patch-Manager-2020-2-6-Hotfix-1-Release-Notes?language=en_US"
            },
            {
-                "refsource": "MISC",
-                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm",
-                "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/orion_platform_2020-2-6_release_notes.htm"
+                "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217",
+                "refsource": "CONFIRM",
+                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"
            },
            {
-                "refsource": "MISC",
-                "url": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217",
-                "name": "https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35217"
+                "name": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm",
+                "refsource": "CONFIRM",
+                "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm"
            }
        ]
    },
@ -105,6 +106,6 @@
        }
    ],
    "source": {
-        "discovery": "UNKNOWN"
+        "discovery": "EXTERNAL"
    }
 }
--- a/2021/37xxx/CVE-2021-37101.json
+++ b/2021/37xxx/CVE-2021-37101.json
@ -4,14 +4,58 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2021-37101",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "psirt@huawei.com",
+        "STATE": "PUBLIC"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "n/a",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "AIS-BW50-00",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "9.0.6.2(H100SP10C00),9.0.6.2(H100SP15C00)"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "Improper Authorization"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "refsource": "MISC",
+                "name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en",
+                "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210908-01-badauthorization-en"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "There is an improper authorization vulnerability in AIS-BW50-00 9.0.6.2(H100SP10C00) and 9.0.6.2(H100SP15C00). Due to improper authorization mangement, an attakcer can exploit this vulnerability by physical accessing the device and implant malicious code. Successfully exploit could leads to arbitrary code execution in the target device."
            }
        ]
    }
--- a/2021/3xxx/CVE-2021-3783.json
+++ b/2021/3xxx/CVE-2021-3783.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-3783",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2021/3xxx/CVE-2021-3784.json
+++ b/2021/3xxx/CVE-2021-3784.json
@ -0,0 +1,18 @@
+{
+    "data_type": "CVE",
+    "data_format": "MITRE",
+    "data_version": "4.0",
+    "CVE_data_meta": {
+        "ID": "CVE-2021-3784",
+        "ASSIGNER": "cve@mitre.org",
+        "STATE": "RESERVED"
+    },
+    "description": {
+        "description_data": [
+            {
+                "lang": "eng",
+                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            }
+        ]
+    }
+}
--- a/2021/40xxx/CVE-2021-40346.json
+++ b/2021/40xxx/CVE-2021-40346.json
@ -34,7 +34,7 @@
        "description_data": [
            {
                "lang": "eng",
-                "value": "An integer overflow exists in HAProxy 2.0 through 2.5 in the htx_add_header() can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs."
+                "value": "An integer overflow exists in HAProxy 2.0 through 2.5 in htx_add_header that can be exploited to perform an HTTP request smuggling attack, allowing an attacker to bypass all configured http-request HAProxy ACLs and possibly other ACLs."
            }
        ]
    },