diff --git a/2016/6xxx/CVE-2016-6810.json b/2016/6xxx/CVE-2016-6810.json
index 1b256c231d1..0b22b9e0b6f 100644
--- a/2016/6xxx/CVE-2016-6810.json
+++ b/2016/6xxx/CVE-2016-6810.json
@@ -35,7 +35,7 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation."
+            "value" : "In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site scripting vulnerability was identified to be present in the web based administration console. The root cause of this issue is improper user data output validation."
          }
       ]
    },
@@ -55,6 +55,9 @@
       "reference_data" : [
          {
             "url" : "https://lists.apache.org/thread.html/924a3a27fad192d711436421e02977ff90d9fc0f298e1efe6757cfbc@%3Cusers.activemq.apache.org%3E"
+         },
+         {
+            "url" : "http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt"
          }
       ]
    }
diff --git a/2017/12xxx/CVE-2017-12169.json b/2017/12xxx/CVE-2017-12169.json
index c3c4851636a..809e6d0fd29 100644
--- a/2017/12xxx/CVE-2017-12169.json
+++ b/2017/12xxx/CVE-2017-12169.json
@@ -35,7 +35,7 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "It was found that IPA could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users."
+            "value" : "It was found that FreeIPA 4.2.0 and later could disclose password hashes to users having the 'System: Read Stage Users' permission. A remote, authenticated attacker could potentially use this flaw to disclose the password hashes belonging to Stage Users. This security issue does not result in disclosure of password hashes belonging to active standard users."
          }
       ]
    },
diff --git a/2017/7xxx/CVE-2017-7536.json b/2017/7xxx/CVE-2017-7536.json
index ff3d3386c02..427e1806d2b 100644
--- a/2017/7xxx/CVE-2017-7536.json
+++ b/2017/7xxx/CVE-2017-7536.json
@@ -41,7 +41,7 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "It was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue()."
+            "value" : "In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it was found that when the security manager's reflective permissions, which allows it to access the private members of the class, are granted to Hibernate Validator, a potential privilege escalation can occur. By allowing the calling code to access those private members without the permission an attacker may be able to validate an invalid instance and access the private member value via ConstraintViolation#getInvalidValue()."
          }
       ]
    },
diff --git a/2017/7xxx/CVE-2017-7559.json b/2017/7xxx/CVE-2017-7559.json
index 0eed4f061d7..e0da523ca07 100644
--- a/2017/7xxx/CVE-2017-7559.json
+++ b/2017/7xxx/CVE-2017-7559.json
@@ -41,7 +41,7 @@
       "description_data" : [
          {
             "lang" : "eng",
-            "value" : "It was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own."
+            "value" : "In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and 1.3.x before 1.3.31.Final, it was found that the fix for CVE-2017-2666 was incomplete and invalid characters are still allowed in the query string and path parameters. This could be exploited, in conjunction with a proxy that also permitted the invalid characters but with a different interpretation, to inject data into the HTTP response. By manipulating the HTTP response the attacker could poison a web-cache, perform an XSS attack, or obtain sensitive information from requests other than their own."
          }
       ]
    },