D-Link DIR-816 A2 缓冲区错误漏洞

The D-Link DIR-816 is a wireless AC750 dual-band router. A stack buffer overflow vulnerability exists in the handler function of /goform/addassignment in the D-Link DIR-816 A2 version 1.10 B05. An attacker can exploit the vulnerability by entering long text in the sip and smac fields to cause the...

CVE-2015-5965

The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the first byte of the TLS MAC in finished messages, which makes it easier for remote attackers to spoof encrypted content via a crafted MAC field...

CVE-2015-4458

The TLS implementation in the Cavium cryptographic-module firmware, as distributed with Cisco Adaptive Security Appliance ASA Software 9.15.21 and other products, does not verify the MAC field, which allows man-in-the-middle attackers to spoof TLS content by modifying packets, aka Bug ID CSCuu529...

CVE-2015-1798

The symmetric-key feature in the receive function in ntpproto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC...

CVE-2015-1798

CVE-2015-1798 affects ntpd (NTP 4.x) where the receive path in ntp_proto.c accepts packets with no MAC or with a missing MAC verification when a symmetric key is configured. This weakness, present in versions prior to 4.2.8p2, enables a man-in-the-middle attacker to spoof authenticated traffic by...