diff --git a/2017/11xxx/CVE-2017-11882.json b/2017/11xxx/CVE-2017-11882.json index 5377bf3e0b2..0d939ceeae9 100644 --- a/2017/11xxx/CVE-2017-11882.json +++ b/2017/11xxx/CVE-2017-11882.json @@ -71,6 +71,9 @@ { "url" : "https://github.com/embedi/CVE-2017-11882" }, + { + "url" : "https://github.com/unamer/CVE-2017-11882" + }, { "url" : "https://0patch.blogspot.com/2017/11/official-patch-for-cve-2017-11882-meets.html" }, diff --git a/2017/14xxx/CVE-2017-14018.json b/2017/14xxx/CVE-2017-14018.json index 17d36123770..645cb018a10 100644 --- a/2017/14xxx/CVE-2017-14018.json +++ b/2017/14xxx/CVE-2017-14018.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "ics-cert@hq.dhs.gov", "ID" : "CVE-2017-14018", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Ethicon Endo-Surgery Generator G11", + "version" : { + "version_data" : [ + { + "version_value" : "Ethicon Endo-Surgery Generator G11" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,26 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "An improper authentication issue was discovered in Johnson & Johnson Ethicon Endo-Surgery Generator Gen11, all versions released before November 29, 2017. The security authentication mechanism used between the Ethicon Endo-Surgery Generator Gen11 and single-patient use products can be bypassed, allowing for unauthorized devices to be connected to the generator, which could result in a loss of integrity or availability." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "CWE-287" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-17-332-01" } ] } diff --git a/2017/15xxx/CVE-2017-15868.json b/2017/15xxx/CVE-2017-15868.json index e050599fe4b..f9551e7303a 100644 --- a/2017/15xxx/CVE-2017-15868.json +++ b/2017/15xxx/CVE-2017-15868.json @@ -2,7 +2,30 @@ "CVE_data_meta" : { "ASSIGNER" : "cve@mitre.org", "ID" : "CVE-2017-15868", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "n/a", + "version" : { + "version_data" : [ + { + "version_value" : "n/a" + } + ] + } + } + ] + }, + "vendor_name" : "n/a" + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,35 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "The bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "n/a" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=71bb99a02b32b4cc4265118e85f6035ca72923f0" + }, + { + "url" : "https://github.com/torvalds/linux/commit/71bb99a02b32b4cc4265118e85f6035ca72923f0" + }, + { + "url" : "https://patchwork.kernel.org/patch/9882449/" + }, + { + "url" : "https://source.android.com/security/bulletin/pixel/2017-12-01" } ] }