- Synchronized data.

2017/3xxx/CVE-2017-3730.json

@@ -80,10 +80,10 @@
             "url" : "https://www.exploit-db.com/exploits/41192/"
          },
          {
-            "url" : "https://www.openssl.org/news/secadv/20170126.txt"
+            "url" : "https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa"
          },
          {
-            "url" : "https://github.com/openssl/openssl/commit/efbe126e3ebb9123ac9d058aa2bb044261342aaa"
+            "url" : "https://www.openssl.org/news/secadv/20170126.txt"
          },
          {
             "url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"

2017/3xxx/CVE-2017-3731.json

@@ -110,10 +110,10 @@
    "references" : {
       "reference_data" : [
          {
-            "url" : "https://www.openssl.org/news/secadv/20170126.txt"
+            "url" : "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
          },
          {
-            "url" : "https://github.com/openssl/openssl/commit/00d965474b22b54e4275232bc71ee0c699c5cd21"
+            "url" : "https://www.openssl.org/news/secadv/20170126.txt"
          },
          {
             "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"

2017/3xxx/CVE-2017-3732.json

@@ -110,10 +110,10 @@
    "references" : {
       "reference_data" : [
          {
-            "url" : "https://www.openssl.org/news/secadv/20170126.txt"
+            "url" : "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
          },
          {
-            "url" : "https://github.com/openssl/openssl/commit/a59b90bf491410f1f2bc4540cc21f1980fd14c5b"
+            "url" : "https://www.openssl.org/news/secadv/20170126.txt"
          },
          {
             "url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"

2017/3xxx/CVE-2017-3733.json

@@ -80,10 +80,10 @@
    "references" : {
       "reference_data" : [
          {
-            "url" : "https://www.openssl.org/news/secadv/20170216.txt"
+            "url" : "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2"
          },
          {
-            "url" : "https://github.com/openssl/openssl/commit/4ad93618d26a3ea23d36ad5498ff4f59eff3a4d2"
+            "url" : "https://www.openssl.org/news/secadv/20170216.txt"
          },
          {
             "url" : "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03728en_us"

2017/3xxx/CVE-2017-3736.json

@@ -57,10 +57,10 @@
    "references" : {
       "reference_data" : [
          {
-            "url" : "https://www.openssl.org/news/secadv/20171102.txt"
+            "url" : "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871"
          },
          {
-            "url" : "https://github.com/openssl/openssl/commit/4443cf7aa0099e5ce615c18cee249fff77fb0871"
+            "url" : "https://www.openssl.org/news/secadv/20171102.txt"
          },
          {
             "url" : "https://security.netapp.com/advisory/ntap-20171107-0002/"

2017/3xxx/CVE-2017-3738.json

@@ -57,10 +57,10 @@
    "references" : {
       "reference_data" : [
          {
-            "url" : "https://www.openssl.org/news/secadv/20171207.txt"
+            "url" : "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
          },
          {
-            "url" : "https://github.com/openssl/openssl/commit/e502cc86df9dafded1694fceb3228ee34d11c11a"
+            "url" : "https://www.openssl.org/news/secadv/20171207.txt"
          },
          {
             "url" : "https://security.netapp.com/advisory/ntap-20171208-0001/"

2018/0xxx/CVE-2018-0487.json

@@ -1,8 +1,31 @@
 {
    "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "security@debian.org",
       "ID" : "CVE-2018-0487",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
    },
    "data_format" : "MITRE",
    "data_type" : "CVE",
@@ -11,7 +34,26 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via a crafted certificate chain that is mishandled during RSASSA-PSS signature verification within a TLS or DTLS session."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "buffer overflow"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01"
          }
       ]
    }

2018/0xxx/CVE-2018-0488.json

@@ -1,8 +1,31 @@
 {
    "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "security@debian.org",
       "ID" : "CVE-2018-0488",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
    },
    "data_format" : "MITRE",
    "data_type" : "CVE",
@@ -11,7 +34,26 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the truncated HMAC extension and CBC are used, allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption) via a crafted application packet within a TLS or DTLS session."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "heap corruption"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01"
          }
       ]
    }