Vulnerabilities > Improper Restriction of Operations within the Bounds of a Memory Buffer

DATE CVE VULNERABILITY TITLE RISK
2023-10-25 CVE-2023-41983 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The issue was addressed with improved memory handling.
network
low complexity
apple fedoraproject debian CWE-119
6.5
2023-10-25 CVE-2023-42841 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Ipados, Iphone OS and Macos
The issue was addressed with improved memory handling.
local
low complexity
apple CWE-119
7.8
2023-10-25 CVE-2023-42849 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products
The issue was addressed with improved memory handling.
network
low complexity
apple CWE-119
6.5
2023-10-25 CVE-2023-42856 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Macos
The issue was addressed with improved memory handling.
local
low complexity
apple CWE-119
7.8
2023-10-17 CVE-2023-42506 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jtekt Onsinview2 1.1.0/2.0.1
Improper restriction of operations within the bounds of a memory buffer issue exists in OnSinView2 versions 2.0.1 and earlier.
local
low complexity
jtekt CWE-119
7.8
2023-10-13 CVE-2023-44184 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Juniper Junos and Junos OS Evolved
An Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in the management daemon (mgd) process of Juniper Networks Junos OS and Junos OS Evolved allows a network-based authenticated low-privileged attacker, by executing a specific command via NETCONF, to cause a CPU Denial of Service to the device's control plane. This issue affects: Juniper Networks Junos OS * All versions prior to 20.4R3-S7; * 21.2 versions prior to 21.2R3-S5; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S2; * 22.2 versions prior to 22.2R3; * 22.3 versions prior to 22.3R2-S1, 22.3R3; * 22.4 versions prior to 22.4R1-S2, 22.4R2. Juniper Networks Junos OS Evolved * All versions prior to 21.4R3-S4-EVO; * 22.1 versions prior to 22.1R3-S2-EVO; * 22.2 versions prior to 22.2R3-EVO; * 22.3 versions prior to 22.3R3-EVO; * 22.4 versions prior to 22.4R2-EVO. An indicator of compromise can be seen by first determining if the NETCONF client is logged in and fails to log out after a reasonable period of time and secondly reviewing the WCPU percentage for the mgd process by running the following command: mgd process example: user@device-re#> show system processes extensive | match "mgd|PID" | except last PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 92476 root 100 0 500M 89024K CPU3 3 57.5H 89.60% mgd <<<<<<<<<<< review the high cpu percentage. Example to check for NETCONF activity: While there is no specific command that shows a specific session in use for NETCONF, you can review logs for UI_LOG_EVENT with "client-mode 'netconf'" For example: mgd[38121]: UI_LOGIN_EVENT: User 'root' login, class 'super-user' [38121], ssh-connection '10.1.1.1 201 55480 10.1.1.2 22', client-mode 'netconf'
network
low complexity
juniper CWE-119
6.5
2023-10-04 CVE-2023-4491 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Easy Address Book web Server Project Easy Address Book web Server 1.6
Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version.
network
low complexity
easy-address-book-web-server-project CWE-119
critical
9.8
2023-10-04 CVE-2023-4494 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Easy Chat Server Project Easy Chat Server 3.1
Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version.
network
low complexity
easy-chat-server-project CWE-119
critical
9.8
2023-09-29 CVE-2023-3024 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Silabs Gecko Software Development KIT
Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
low complexity
silabs CWE-119
6.5
2023-09-27 CVE-2023-20251 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Mobility Express Software
A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions.
high complexity
cisco CWE-119
5.3