- Synchronized data.

2008/2xxx/CVE-2008-2370.json

@@ -58,12 +58,6 @@
          {
             "url" : "http://www.securityfocus.com/archive/1/archive/1/507985/100/0/threaded"
          },
-         {
-            "url" : "http://marc.info/?l=apache-announce&m=124972618803216&w=2"
-         },
-         {
-            "url" : "http://mail-archives.apache.org/mod_mbox/ode-user/200908.mbox/%3Cfbdc6a970908072141w20a7a9d9ka1f896ad8073dffb@mail.gmail.com%3E"
-         },
          {
             "url" : "http://tomcat.apache.org/security-4.html"
          },

2018/0xxx/CVE-2018-0490.json

@@ -1,8 +1,31 @@
 {
    "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "security@debian.org",
       "ID" : "CVE-2018-0490",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Tor",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "Tor"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
    },
    "data_format" : "MITRE",
    "data_type" : "CVE",
@@ -11,7 +34,29 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before 0.3.1.10, and 0.3.2.x before 0.3.2.10. The directory-authority protocol-list subprotocol implementation allows remote attackers to cause a denial of service (NULL pointer dereference and directory-authority crash) via a misformatted relay descriptor that is mishandled during voting."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "NULL pointer dereference"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915"
+         },
+         {
+            "url" : "https://trac.torproject.org/projects/tor/ticket/25074"
          }
       ]
    }

2018/0xxx/CVE-2018-0491.json

@@ -1,8 +1,31 @@
 {
    "CVE_data_meta" : {
-      "ASSIGNER" : "cve@mitre.org",
+      "ASSIGNER" : "security@debian.org",
       "ID" : "CVE-2018-0491",
-      "STATE" : "RESERVED"
+      "STATE" : "PUBLIC"
+   },
+   "affects" : {
+      "vendor" : {
+         "vendor_data" : [
+            {
+               "product" : {
+                  "product_data" : [
+                     {
+                        "product_name" : "Tor",
+                        "version" : {
+                           "version_data" : [
+                              {
+                                 "version_value" : "Tor"
+                              }
+                           ]
+                        }
+                     }
+                  ]
+               },
+               "vendor_name" : "n/a"
+            }
+         ]
+      }
    },
    "data_format" : "MITRE",
    "data_type" : "CVE",
@@ -11,7 +34,32 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+            "value" : "A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list."
+         }
+      ]
+   },
+   "problemtype" : {
+      "problemtype_data" : [
+         {
+            "description" : [
+               {
+                  "lang" : "eng",
+                  "value" : "use-after-free"
+               }
+            ]
+         }
+      ]
+   },
+   "references" : {
+      "reference_data" : [
+         {
+            "url" : "https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915"
+         },
+         {
+            "url" : "https://trac.torproject.org/projects/tor/ticket/24700"
+         },
+         {
+            "url" : "https://trac.torproject.org/projects/tor/ticket/25117"
          }
       ]
    }

2018/7xxx/CVE-2018-7644.json

@@ -34,7 +34,7 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue."
+            "value" : "The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue."
          }
       ]
    },