VYPR

CWE-1284

Improper Validation of Specified Quantity in Input

BaseIncomplete

Description

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (151)

page 1 of 8
  • CVE-2009-4488CriJan 13, 2010
    risk 0.68cvss 9.8epss 0.13

    Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal…

  • CVE-2010-3904HigKEVDec 6, 2010
    risk 0.67cvss 7.8epss 0.11

    The rds_page_copy_user function in net/rds/page.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel before 2.6.36 does not properly validate addresses obtained from user space, which allows local users to gain privileges via crafted use of the…

  • CVE-2026-49777CriJun 5, 2026
    risk 0.65cvss 10.0epss 0.02

    Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro for WooCommerce: from n/a before 3.5.4.

  • CVE-2026-25345CriMar 25, 2026
    risk 0.64cvss 9.9epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in GalleryCreator SimpLy Gallery simply-gallery-block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects SimpLy Gallery: from n/a through <= 3.3.2.

  • CVE-2025-55398CriAug 22, 2025
    risk 0.64cvss 9.8epss 0.00

    An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER (Unaligned Packed Encoding Rules), asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing…

  • CVE-2024-1610CriDec 18, 2024
    risk 0.64cvss 9.8epss 0.01

    In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.

  • CVE-2008-2374CriJul 7, 2008
    risk 0.64cvss 9.8epss 0.04

    src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before 3.34 and bluez-utils before 3.34 versions, does not validate string length fields in SDP packets, which allows remote SDP servers to cause a denial of service or possibly have unspecified other impact via a…

  • CVE-2026-27384CriMar 5, 2026
    risk 0.59cvss 9.0epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1.

  • CVE-2026-12059HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope.

  • CVE-2025-15080HigFeb 5, 2026
    risk 0.57cvss epss 0.01

    Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric MELSEC iQ-R Series R08PCPU, R16PCPU, R32PCPU, and R120PCPU allows an unauthenticated attacker to read device data or part of a control program from the affected product, write device data in…

  • CVE-2025-12385HigDec 3, 2025
    risk 0.57cvss epss 0.00

    Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text…

  • CVE-2025-8424HigAug 26, 2025
    risk 0.57cvss epss 0.03

    Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access

  • CVE-2025-48507HigNov 23, 2025
    risk 0.56cvss epss 0.00

    The security state of the calling processor into Trusted Firmware (TF-A) is not used and could potentially allow non-secure processors access to secure memories, access to crypto operations, and the ability to turn on and off subsystems within the SOC.

  • CVE-2026-33471CriApr 22, 2026
    risk 0.55cvss 9.6epss 0.00

    nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0,…

  • CVE-2025-9316MedNov 12, 2025
    risk 0.54cvss epss 0.37

    N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4.

  • CVE-2026-5260HigMay 26, 2026
    risk 0.53cvss 8.2epss 0.01

    A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information…

  • CVE-2026-41677CriApr 24, 2026
    risk 0.52cvss 9.1epss 0.00

    rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A password callback that returns a value larger than the buffer it was given can…

  • CVE-2025-25178HigApr 4, 2025
    risk 0.51cvss 7.8epss 0.00

    Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption.

  • CVE-2024-45351HigMar 26, 2025
    risk 0.51cvss 7.8epss 0.00

    A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code.

  • CVE-2024-55407HigJan 6, 2025
    risk 0.51cvss 7.8epss 0.00

    An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests.