Details of VAR-201603-0244

ID

VAR-201603-0244

CVE

CVE-2016-1950

TITLE

Mozilla Firefox Used in Network Security Services Heap-based buffer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-001841

DESCRIPTION

Heap-based buffer overflow in Mozilla Network Security Services (NSS) before 3.19.2.3 and 3.20.x and 3.21.x before 3.21.1, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7, allows remote attackers to execute arbitrary code via crafted ASN.1 data in an X.509 certificate. Both Mozilla Firefox and Firefox ESR are developed by the Mozilla Foundation in the United States. The following products and versions are affected: Mozilla Firefox prior to 45.0, Firefox ESR prior to 38.7 38.x, Mozilla NSS prior to 3.19.2.3, 3.20.x, 3.21.1 prior to 3.21.x. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 APPLE-SA-2016-03-21-3 tvOS 9.2 tvOS 9.2 is now available and addresses the following: FontParser Available for: Apple TV (4th generation) Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1740 : HappilyCoded (ant4g0nist and r3dsm0k3) working with Trend Micro's Zero Day Initiative (ZDI) HTTPProtocol Available for: Apple TV (4th generation) Impact: A remote attacker may be able to execute arbitrary code Description: Multiple vulnerabilities existed in nghttp2 versions prior to 1.6.0, the most serious of which may have led to remote code execution. These were addressed by updating nghttp2 to version 1.6.0. CVE-ID CVE-2015-8659 IOHIDFamily Available for: Apple TV (4th generation) Impact: An application may be able to determine kernel memory layout Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1748 : Brandon Azad Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed through improved memory management. CVE-ID CVE-2016-1750 : CESG Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple integer overflows were addressed through improved input validation. CVE-ID CVE-2016-1753 : Juwei Lin Trend Micro working with Trend Micro's Zero Day Initiative (ZDI) Kernel Available for: Apple TV (4th generation) Impact: An application may be able to bypass code signing Description: A permissions issue existed in which execute permission was incorrectly granted. This issue was addressed through improved permission validation. CVE-ID CVE-2016-1751 : Eric Monti of Square Mobile Security Kernel Available for: Apple TV (4th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2016-1754 : Lufeng Li of Qihoo 360 Vulcan Team CVE-2016-1755 : Ian Beer of Google Project Zero Kernel Available for: Apple TV (4th generation) Impact: An application may be able to cause a denial of service Description: A denial of service issue was addressed through improved validation. CVE-ID CVE-2016-1752 : CESG libxml2 Available for: Apple TV (4th generation) Impact: Processing maliciously crafted XML may lead to unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues were addressed through improved memory handling. CVE-ID CVE-2015-1819 CVE-2015-5312 : David Drysdale of Google CVE-2015-7499 CVE-2015-7500 : Kostya Serebryany of Google CVE-2015-7942 : Kostya Serebryany of Google CVE-2015-8035 : gustavo.grieco CVE-2015-8242 : Hugh Davenport CVE-2016-1762 Security Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue existed in the ASN.1 decoder. This issue was addressed through improved input validation. CVE-ID CVE-2016-1950 : Francis Gabriel of Quarkslab TrueTypeScaler Available for: Apple TV (4th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2016-1775 : 0x1byte working with Trend Micro's Zero Day Initiative (ZDI) WebKit Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed through improved memory handling. CVE-ID CVE-2016-1783 : Mihai Parparita of Google WebKit History Available for: Apple TV (4th generation) Impact: Processing maliciously crafted web content may lead to an unexpected Safari crash Description: A resource exhaustion issue was addressed through improved input validation. CVE-ID CVE-2016-1784 : Moony Li and Jack Tang of TrendMicro and 李普君 of 无声信息技术PKAV Team (PKAV.net) Wi-Fi Available for: Apple TV (4th generation) Impact: An attacker with a privileged network position may be able to execute arbitrary code Description: A frame validation and memory corruption issue existed for a given ethertype. This issue was addressed through additional ethertype validation and improved memory handling. CVE-ID CVE-2016-0801 : an anonymous researcher CVE-2016-0802 : an anonymous researcher Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software.". To check the current version of software, select "Settings -> General -> About". -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3510-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 09, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : iceweasel CVE ID : CVE-2016-1950 CVE-2016-1952 CVE-2016-1954 CVE-2016-1957 CVE-2016-1958 CVE-2016-1960 CVE-2016-1961 CVE-2016-1962 CVE-2016-1964 CVE-2016-1965 CVE-2016-1966 CVE-2016-1974 CVE-2016-1977 CVE-2016-2790 CVE-2016-2791 CVE-2016-2792 CVE-2016-2793 CVE-2016-2794 CVE-2016-2795 CVE-2016-2796 CVE-2016-2797 CVE-2016-2798 CVE-2016-2799 CVE-2016-2800 CVE-2016-2801 CVE-2016-2802 Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, buffer overflows, use-after-frees and other implementation errors may lead to the execution of arbitrary code, denial of service, address bar spoofing and overwriting local files. For the oldstable distribution (wheezy), these problems have been fixed in version 38.7.0esr-1~deb7u1. For the stable distribution (jessie), these problems have been fixed in version 38.7.0esr-1~deb8u1. For the unstable distribution (sid), Debian is in the process of moving back towards using the Firefox name. These problems will soon be fixed in the firefox-esr source package. We recommend that you upgrade your iceweasel packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Critical: nss-util security update Advisory ID: RHSA-2016:0370-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2016-0370.html Issue date: 2016-03-09 CVE Names: CVE-2016-1950 ===================================================================== 1. Summary: Updated nss-util packages that fix one security issue are now available for Red Hat Enterprise 6 and 7. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Desktop (v. 6) - i386, x86_64 Red Hat Enterprise Linux Desktop Optional (v. 6) - i386, x86_64 Red Hat Enterprise Linux HPC Node (v. 6) - x86_64 Red Hat Enterprise Linux HPC Node Optional (v. 6) - x86_64 Red Hat Enterprise Linux Server (v. 6) - i386, ppc64, s390x, x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 3. Description: Network Security Services (NSS) is a set of libraries designed to support the cross-platform development of security-enabled client and server applications. The nss-util package provides a set of utilities for NSS and the Softoken module. A heap-based buffer overflow flaw was found in the way NSS parsed certain ASN.1 structures. An attacker could use this flaw to create a specially crafted certificate which, when parsed by NSS, could cause it to crash, or execute arbitrary code, using the permissions of the user running an application compiled against the NSS library. (CVE-2016-1950) Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Francis Gabriel as the original reporter. All nss-util users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For the update to take effect, all applications linked to the nss and nss-util library must be restarted, or the system rebooted. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1310509 - CVE-2016-1950 nss: Heap buffer overflow vulnerability in ASN1 certificate parsing (MFSA 2016-35) 6. Package List: Red Hat Enterprise Linux Desktop (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Desktop Optional (v. 6): i386: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux HPC Node Optional (v. 6): x86_64: nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Server (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm ppc64: nss-util-3.19.1-5.el6_7.ppc.rpm nss-util-3.19.1-5.el6_7.ppc64.rpm nss-util-debuginfo-3.19.1-5.el6_7.ppc.rpm nss-util-debuginfo-3.19.1-5.el6_7.ppc64.rpm nss-util-devel-3.19.1-5.el6_7.ppc.rpm nss-util-devel-3.19.1-5.el6_7.ppc64.rpm s390x: nss-util-3.19.1-5.el6_7.s390.rpm nss-util-3.19.1-5.el6_7.s390x.rpm nss-util-debuginfo-3.19.1-5.el6_7.s390.rpm nss-util-debuginfo-3.19.1-5.el6_7.s390x.rpm nss-util-devel-3.19.1-5.el6_7.s390.rpm nss-util-devel-3.19.1-5.el6_7.s390x.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 6): Source: nss-util-3.19.1-5.el6_7.src.rpm i386: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm x86_64: nss-util-3.19.1-5.el6_7.i686.rpm nss-util-3.19.1-5.el6_7.x86_64.rpm nss-util-debuginfo-3.19.1-5.el6_7.i686.rpm nss-util-debuginfo-3.19.1-5.el6_7.x86_64.rpm nss-util-devel-3.19.1-5.el6_7.i686.rpm nss-util-devel-3.19.1-5.el6_7.x86_64.rpm Red Hat Enterprise Linux Client (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm ppc64: nss-util-3.19.1-9.el7_2.ppc.rpm nss-util-3.19.1-9.el7_2.ppc64.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc64.rpm nss-util-devel-3.19.1-9.el7_2.ppc.rpm nss-util-devel-3.19.1-9.el7_2.ppc64.rpm ppc64le: nss-util-3.19.1-9.el7_2.ppc64le.rpm nss-util-debuginfo-3.19.1-9.el7_2.ppc64le.rpm nss-util-devel-3.19.1-9.el7_2.ppc64le.rpm s390x: nss-util-3.19.1-9.el7_2.s390.rpm nss-util-3.19.1-9.el7_2.s390x.rpm nss-util-debuginfo-3.19.1-9.el7_2.s390.rpm nss-util-debuginfo-3.19.1-9.el7_2.s390x.rpm nss-util-devel-3.19.1-9.el7_2.s390.rpm nss-util-devel-3.19.1-9.el7_2.s390x.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: nss-util-3.19.1-9.el7_2.src.rpm x86_64: nss-util-3.19.1-9.el7_2.i686.rpm nss-util-3.19.1-9.el7_2.x86_64.rpm nss-util-debuginfo-3.19.1-9.el7_2.i686.rpm nss-util-debuginfo-3.19.1-9.el7_2.x86_64.rpm nss-util-devel-3.19.1-9.el7_2.i686.rpm nss-util-devel-3.19.1-9.el7_2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2016-1950 https://access.redhat.com/security/updates/classification/#critical https://www.mozilla.org/en-US/security/advisories/mfsa2016-36 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2016 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFW3580XlSAg2UNWIIRAovDAJwKx54WxiK95+n4U/9G+nDl0wRlYwCeM1lR iGa2ZA5NBkpEYzNEuWdBT74= =dxl7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.1) - ppc64, ppc64le, s390x, x86_64 3. From: Chris Coulson <chris.coulson@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <ddfb479b-517b-e545-310d-f41a8e0b992a@canonical.com> Subject: [USN-2917-3] Firefox regressions ============================================================================ Ubuntu Security Notice USN-2917-3 April 19, 2016 firefox regressions ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.10 - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS Summary: USN-2917-1 introduced several regressions in Firefox. Software Description: - firefox: Mozilla Open Source web browser Details: USN-2917-1 fixed vulnerabilities in Firefox. This update caused several web compatibility regressions. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Francis Gabriel discovered a buffer overflow during ASN.1 decoding in NSS. (CVE-2016-1950) Bob Clary, Christoph Diehl, Christian Holler, Andrew McCreight, Daniel Holbert, Jesse Ruderman, Randell Jesup, Carsten Book, Gian-Carlo Pascutto, Tyson Smith, Andrea Marchesini, and Jukka Jyl=C3=A4nki discovered multiple memory safety issues in Firefox. (CVE-2016-1952, CVE-2016-1953) Nicolas Golubovic discovered that CSP violation reports can be used to overwrite local files. If a user were tricked in to opening a specially crafted website with addon signing disabled and unpacked addons installed, an attacker could potentially exploit this to gain additional privileges. (CVE-2016-1954) Muneaki Nishimura discovered that CSP violation reports contained full paths for cross-origin iframe navigations. An attacker could potentially exploit this to steal confidential data. (CVE-2016-1955) Ucha Gobejishvili discovered that performing certain WebGL operations resulted in memory resource exhaustion with some Intel GPUs, requiring a reboot. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. (CVE-2016-1956) Jose Martinez and Romina Santillan discovered a memory leak in libstagefright during MPEG4 video file processing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via memory exhaustion. (CVE-2016-1957) Abdulrahman Alqabandi discovered that the addressbar could be blank or filled with page defined content in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1958) Looben Yang discovered an out-of-bounds read in Service Worker Manager. (CVE-2016-1959) A use-after-free was discovered in the HTML5 string parser. (CVE-2016-1960) A use-after-free was discovered in the SetBody function of HTMLDocument. (CVE-2016-1961) Dominique Haza=C3=ABl-Massieux discovered a use-after-free when using multiple WebRTC data channels. (CVE-2016-1962) It was discovered that Firefox crashes when local files are modified whilst being read by the FileReader API. (CVE-2016-1963) Nicolas Gr=C3=A9goire discovered a use-after-free during XML transformations. (CVE-2016-1964) Tsubasa Iinuma discovered a mechanism to cause the addressbar to display an incorrect URL, using history navigations and the Location protocol property. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to conduct URL spoofing attacks. (CVE-2016-1965) A memory corruption issues was discovered in the NPAPI subsystem. (CVE-2016-1966) Jordi Chancel discovered a same-origin-policy bypass when using performance.getEntries and history navigation with session restore. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to steal confidential data. (CVE-2016-1967) Luke Li discovered a buffer overflow during Brotli decompression in some circumstances. (CVE-2016-1968) Ronald Crane discovered a use-after-free in GetStaticInstance in WebRTC. (CVE-2016-1973) Ronald Crane discovered an out-of-bounds read following a failed allocation in the HTML parser in some circumstances. (CVE-2016-1974) Holger Fuhrmannek, Tyson Smith and Holger Fuhrmannek reported multiple memory safety issues in the Graphite 2 library. (CVE-2016-1977, CVE-2016-2790, CVE-2016-2791, CVE-2016-2792, CVE-2016-2793, CVE-2016-2794, CVE-2016-2795, CVE-2016-2796, CVE-2016-2797, CVE-2016-2798, CVE-2016-2799, CVE-2016-2800, CVE-2016-2801, CVE-2016-2802) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.10: firefox 45.0.2+build1-0ubuntu0.15.10.1 Ubuntu 14.04 LTS: firefox 45.0.2+build1-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 45.0.2+build1-0ubuntu0.12.04.1 After a standard system update you need to restart Firefox to make all the necessary changes

Trust: 2.43

sources: NVD: CVE-2016-1950 // JVNDB: JVNDB-2016-001841 // VULHUB: VHN-90769 // PACKETSTORM: 136344 // PACKETSTORM: 136826 // PACKETSTORM: 136152 // PACKETSTORM: 136148 // PACKETSTORM: 136304 // PACKETSTORM: 136131 // PACKETSTORM: 136394 // PACKETSTORM: 136723

AFFECTED PRODUCTS

vendor:	oracle	model:	iplanet web proxy server	scope:	eq	version:	4.0	Trust: 1.8
vendor:	oracle	model:	iplanet web server	scope:	eq	version:	7.0	Trust: 1.8
vendor:	oracle	model:	glassfish server	scope:	eq	version:	2.1.1	Trust: 1.8
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.20.1	Trust: 1.6
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.20	Trust: 1.6
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.21	Trust: 1.6
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.19.2	Trust: 1.6
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.3.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.5.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.0.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.2.0	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	6	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lte	version:	9.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.6.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.4.0	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	7	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.2.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.1.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	lte	version:	44.0.2	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.0.5	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lte	version:	2.1	Trust: 1.0
vendor:	oracle	model:	vm server	scope:	eq	version:	3.2	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.6.1	Trust: 1.0
vendor:	opensuse	model:	opensuse	scope:	eq	version:	13.1	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.5.1	Trust: 1.0
vendor:	oracle	model:	linux	scope:	eq	version:	5.0	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lte	version:	9.2.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.11.3	Trust: 1.0
vendor:	mozilla	model:	firefox	scope:	eq	version:	38.1.1	Trust: 1.0
vendor:	apple	model:	ios	scope:	lt	version:	(ipad 2 or later )	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	(apple watch sport)	Trust: 0.8
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.21.1	Trust: 0.8
vendor:	apple	model:	mac os x	scope:	eq	version:	10.11 to 10.11.3	Trust: 0.8
vendor:	oracle	model:	vm server	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	tvos	scope:	eq	version:	9.2	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	(apple watch edition)	Trust: 0.8
vendor:	apple	model:	watchos	scope:	eq	version:	2.2	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	(apple watch hermes)	Trust: 0.8
vendor:	mozilla	model:	network security services	scope:	lt	version:	3.21.x	Trust: 0.8
vendor:	mozilla	model:	firefox esr	scope:	eq	version:	38.7	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	(iphone 4s or later )	Trust: 0.8
vendor:	apple	model:	ios	scope:	lt	version:	(ipod touch first 5 after generation )	Trust: 0.8
vendor:	oracle	model:	linux	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	watchos	scope:	lt	version:	(apple watch)	Trust: 0.8
vendor:	opensuse	model:	opensuse	scope:	-	version:	-	Trust: 0.8
vendor:	apple	model:	ios	scope:	eq	version:	9.3	Trust: 0.8
vendor:	mozilla	model:	network security services	scope:	eq	version:	3.20.x	Trust: 0.8
vendor:	apple	model:	tvos	scope:	lt	version:	(apple tv first 4 generation )	Trust: 0.8
vendor:	mozilla	model:	firefox esr	scope:	lt	version:	38.x	Trust: 0.8

sources: CNNVD: CNNVD-201603-136 // JVNDB: JVNDB-2016-001841 // NVD: CVE-2016-1950

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1950
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-1950
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201603-136
value:	HIGH
Trust: 0.6
VULHUB:	VHN-90769
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1950
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-90769
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1950
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-90769 // CNNVD: CNNVD-201603-136 // JVNDB: JVNDB-2016-001841 // NVD: CVE-2016-1950

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-90769 // JVNDB: JVNDB-2016-001841 // NVD: CVE-2016-1950

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 136148 // CNNVD: CNNVD-201603-136

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201603-136

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001841

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-90769

PATCH

title:	APPLE-SA-2016-03-21-1 iOS 9.3	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html	Trust: 0.8
title:	APPLE-SA-2016-03-21-2 watchOS 2.2	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html	Trust: 0.8
title:	APPLE-SA-2016-03-21-3 tvOS 9.2	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html	Trust: 0.8
title:	APPLE-SA-2016-03-21-5 OS X El Capitan 10.11.4 and Security Update 2016-002	url:	http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html	Trust: 0.8
title:	HT206168	url:	https://support.apple.com/en-us/HT206168	Trust: 0.8
title:	HT206169	url:	https://support.apple.com/en-us/HT206169	Trust: 0.8
title:	HT206166	url:	https://support.apple.com/en-us/HT206166	Trust: 0.8
title:	HT206167	url:	https://support.apple.com/en-us/HT206167	Trust: 0.8
title:	HT206166	url:	http://support.apple.com/ja-jp/HT206166	Trust: 0.8
title:	HT206167	url:	http://support.apple.com/ja-jp/HT206167	Trust: 0.8
title:	HT206168	url:	http://support.apple.com/ja-jp/HT206168	Trust: 0.8
title:	HT206169	url:	http://support.apple.com/ja-jp/HT206169	Trust: 0.8
title:	NSS 3.19.2.3 release notes	url:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes	Trust: 0.8
title:	NSS 3.21.1 release notes	url:	https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes	Trust: 0.8
title:	MFSA2016-35	url:	http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	Trust: 0.8
title:	MFSA2016-35	url:	http://www.mozilla-japan.org/security/announce/2016/mfsa2016-35.html	Trust: 0.8
title:	openSUSE-SU-2016:1557	url:	https://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	Trust: 0.8
title:	Oracle Critical Patch Update Advisory - October 2016	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 0.8
title:	Text Form of Oracle Critical Patch Update - October 2016 Risk Matrices	url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016verbose-2881725.html	Trust: 0.8
title:	Oracle Linux Bulletin - January 2016	url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Trust: 0.8
title:	Oracle VM Server for x86 Bulletin - July 2016	url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 0.8
title:	October 2016 Critical Patch Update Released	url:	https://blogs.oracle.com/security/entry/october_2016_critical_patch_update	Trust: 0.8
title:	Mozilla Firefox and Firefox ESR Network Security Services Fixes for heap-based buffer overflow vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60496	Trust: 0.6

sources: CNNVD: CNNVD-201603-136 // JVNDB: JVNDB-2016-001841

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1950	Trust: 3.3
db:	BID	id:	84223	Trust: 1.7
db:	SECTRACK	id:	1035215	Trust: 1.7
db:	JVN	id:	JVNVU97668313	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001841	Trust: 0.8
db:	CNNVD	id:	CNNVD-201603-136	Trust: 0.7
db:	PACKETSTORM	id:	136148	Trust: 0.2
db:	PACKETSTORM	id:	136131	Trust: 0.2
db:	PACKETSTORM	id:	136826	Trust: 0.2
db:	PACKETSTORM	id:	136304	Trust: 0.2
db:	PACKETSTORM	id:	136152	Trust: 0.2
db:	PACKETSTORM	id:	136394	Trust: 0.2
db:	PACKETSTORM	id:	136723	Trust: 0.2
db:	PACKETSTORM	id:	136146	Trust: 0.1
db:	PACKETSTORM	id:	136614	Trust: 0.1
db:	PACKETSTORM	id:	136133	Trust: 0.1
db:	VULHUB	id:	VHN-90769	Trust: 0.1
db:	PACKETSTORM	id:	136344	Trust: 0.1

sources: VULHUB: VHN-90769 // PACKETSTORM: 136344 // PACKETSTORM: 136826 // PACKETSTORM: 136152 // PACKETSTORM: 136148 // PACKETSTORM: 136304 // PACKETSTORM: 136131 // PACKETSTORM: 136394 // PACKETSTORM: 136723 // CNNVD: CNNVD-201603-136 // JVNDB: JVNDB-2016-001841 // NVD: CVE-2016-1950

REFERENCES

url:	http://www.securityfocus.com/bid/84223	Trust: 2.3
url:	http://www.debian.org/security/2016/dsa-3510	Trust: 2.3
url:	http://www.debian.org/security/2016/dsa-3520	Trust: 2.3
url:	http://www.debian.org/security/2016/dsa-3688	Trust: 2.3
url:	http://rhn.redhat.com/errata/rhsa-2016-0495.html	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2917-1	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2917-3	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2924-1	Trust: 1.8
url:	http://www.ubuntu.com/usn/usn-2934-1	Trust: 1.8
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00000.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00001.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00002.html	Trust: 1.7
url:	http://lists.apple.com/archives/security-announce/2016/mar/msg00004.html	Trust: 1.7
url:	http://www.mozilla.org/security/announce/2016/mfsa2016-35.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	Trust: 1.7
url:	http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html	Trust: 1.7
url:	https://bto.bluecoat.com/security-advisory/sa119	Trust: 1.7
url:	https://bugzilla.mozilla.org/show_bug.cgi?id=1245528	Trust: 1.7
url:	https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.19.2.3_release_notes	Trust: 1.7
url:	https://developer.mozilla.org/en-us/docs/mozilla/projects/nss/nss_3.21.1_release_notes	Trust: 1.7
url:	https://support.apple.com/ht206166	Trust: 1.7
url:	https://support.apple.com/ht206167	Trust: 1.7
url:	https://support.apple.com/ht206168	Trust: 1.7
url:	https://support.apple.com/ht206169	Trust: 1.7
url:	https://security.gentoo.org/glsa/201605-06	Trust: 1.7
url:	http://www.securitytracker.com/id/1035215	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html	Trust: 1.7
url:	http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html	Trust: 1.7
url:	http://www.ubuntu.com/usn/usn-2917-2	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1950	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1950	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu97668313/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1950	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1957	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2795	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1974	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2794	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2798	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2796	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1961	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2797	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2793	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1954	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1964	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2799	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1960	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2800	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2801	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1966	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2791	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1977	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2792	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2802	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-2790	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1962	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1952	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1965	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1958	Trust: 0.2
url:	https://www.debian.org/security/faq	Trust: 0.2
url:	https://www.debian.org/security/	Trust: 0.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/cve/cve-2016-1950	Trust: 0.2
url:	https://bugzilla.redhat.com/):	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#critical	Trust: 0.2
url:	https://www.mozilla.org/en-us/security/advisories/mfsa2016-36	Trust: 0.2
url:	https://access.redhat.com/articles/11258	Trust: 0.2
url:	https://access.redhat.com/security/team/contact/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1751	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1755	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8659	Trust: 0.1
url:	https://gpgtools.org	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8035	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1753	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1750	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-1819	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7499	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0801	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-8242	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5312	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1784	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7942	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-7500	Trust: 0.1
url:	https://www.apple.com/support/security/pgp/	Trust: 0.1
url:	https://support.apple.com/kb/ht1222	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1740	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1752	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1762	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1775	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1754	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1783	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-0802	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1748	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.12.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.14.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.15.10.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/thunderbird/1:38.7.2+build1-0ubuntu0.16.04.1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.14.04.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.15.10.2	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/nss/2:3.21-0ubuntu0.12.04.3	Trust: 0.1
url:	https://rhn.redhat.com/errata/rhsa-2016-0370.html	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1955	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/firefox/45.0.2+build1-0ubuntu0.12.04.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1953	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/firefox/45.0.2+build1-0ubuntu0.14.04.1	Trust: 0.1
url:	https://launchpad.net/bugs/1572169	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1956	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/firefox/45.0.2+build1-0ubuntu0.15.10.1	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1968	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1967	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1973	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1963	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-1959	Trust: 0.1

CREDITS

Ubuntu

Trust: 0.3

sources: PACKETSTORM: 136826 // PACKETSTORM: 136148 // PACKETSTORM: 136723

SOURCES

db:	VULHUB	id:	VHN-90769
db:	PACKETSTORM	id:	136344
db:	PACKETSTORM	id:	136826
db:	PACKETSTORM	id:	136152
db:	PACKETSTORM	id:	136148
db:	PACKETSTORM	id:	136304
db:	PACKETSTORM	id:	136131
db:	PACKETSTORM	id:	136394
db:	PACKETSTORM	id:	136723
db:	CNNVD	id:	CNNVD-201603-136
db:	JVNDB	id:	JVNDB-2016-001841
db:	NVD	id:	CVE-2016-1950

LAST UPDATE DATE

2026-02-07T19:52:08.944000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-90769	date:	2019-12-27T00:00:00
db:	CNNVD	id:	CNNVD-201603-136	date:	2019-12-30T00:00:00
db:	JVNDB	id:	JVNDB-2016-001841	date:	2016-11-22T00:00:00
db:	NVD	id:	CVE-2016-1950	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-90769	date:	2016-03-13T00:00:00
db:	PACKETSTORM	id:	136344	date:	2016-03-22T15:12:44
db:	PACKETSTORM	id:	136826	date:	2016-04-28T00:01:48
db:	PACKETSTORM	id:	136152	date:	2016-03-10T14:57:09
db:	PACKETSTORM	id:	136148	date:	2016-03-10T14:56:40
db:	PACKETSTORM	id:	136304	date:	2016-03-19T15:55:00
db:	PACKETSTORM	id:	136131	date:	2016-03-09T15:25:30
db:	PACKETSTORM	id:	136394	date:	2016-03-23T23:16:10
db:	PACKETSTORM	id:	136723	date:	2016-04-19T22:52:37
db:	CNNVD	id:	CNNVD-201603-136	date:	2016-03-11T00:00:00
db:	JVNDB	id:	JVNDB-2016-001841	date:	2016-03-24T00:00:00
db:	NVD	id:	CVE-2016-1950	date:	2016-03-13T18:59:00.193