Auto-merge PR#1446

2025-12-30 05:58:39 +00:00 · 2021-05-12 11:00:13 -04:00 · 2021-05-12 11:00:13 -04:00 · 24ebdec748
commit 24ebdec748
parent 815a1b29c0 a3b993908a
2 changed files with 124 additions and 34 deletions
--- a/2021/28xxx/CVE-2021-28649.json
+++ b/2021/28xxx/CVE-2021-28649.json
@ -1,18 +1,63 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-28649",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2021-28649",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro HouseCall for Home Networks",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "5.3.1179 and below"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "An incorrect permission vulnerability in the product installer for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.\r\n\r\nPlease note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "Incorrect Permission Assignment"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
+			},
+			{
+				"url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-474/"
+			}
+		]
+	}
+}
--- a/2021/31xxx/CVE-2021-31519.json
+++ b/2021/31xxx/CVE-2021-31519.json
@ -1,18 +1,63 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2021-31519",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta" : {
+		"ASSIGNER" : "security@trendmicro.com",
+		"ID" : "CVE-2021-31519",
+		"STATE" : "PUBLIC"
+	},
+	"affects" : {
+		"vendor" : {
+			"vendor_data" : [
+				{
+					"product" : {
+						"product_data" : [
+							{
+								"product_name" : "Trend Micro HouseCall for Home Networks",
+								"version" : {
+									"version_data" : [
+										{
+											"version_value" : "5.3.1179 and below"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name" : "Trend Micro"
+				}
+			]
+		}
+	},
+	"data_format" : "MITRE",
+	"data_type" : "CVE",
+	"data_version" : "4.0",
+	"description" : {
+		"description_data" : [
+			{
+				"lang" : "eng",
+				"value" : "An incorrect permission vulnerability in the product installer folders for Trend Micro HouseCall for Home Networks version 5.3.1179 and below could allow an attacker to escalate privileges by placing arbitrary code on a specified folder and have that code be executed by an Administrator who is running a scan.\r\n\r\nPlease note that an attacker must first obtain the ability to execute low-privileged code on the target system to exploit this vulnerability."
+			}
+		]
+	},
+	"problemtype" : {
+		"problemtype_data" : [
+			{
+				"description" : [
+					{
+						"lang" : "eng",
+						"value" : "Incorrect Permission Assignment"
+					}
+				]
+			}
+		]
+	},
+	"references" : {
+		"reference_data" : [
+			{
+				"url" : "https://helpcenter.trendmicro.com/en-us/article/TMKA-10310"
+			},
+			{
+				"url" : "https://www.zerodayinitiative.com/advisories/ZDI-21-475/"
+			}
+		]
+	}
+}