VYPR

CWE-1284

Improper Validation of Specified Quantity in Input

BaseIncomplete

Description

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (151)

page 5 of 8
  • CVE-2024-7316MedOct 17, 2024
    risk 0.38cvss 5.9epss 0.01

    Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop.

  • CVE-2023-20515MedFeb 11, 2025
    risk 0.37cvss 5.7epss 0.00

    Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.

  • CVE-2026-6839MedApr 22, 2026
    risk 0.36cvss 6.6epss 0.00

    Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0.

  • CVE-2013-0270MedApr 12, 2013
    risk 0.35cvss 6.5epss 0.03

    A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources…

  • CVE-2026-42657MedJun 15, 2026
    risk 0.34cvss 5.3epss 0.00

    Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 versions.

  • CVE-2026-7254MedMay 27, 2026
    risk 0.34cvss 5.3epss 0.00

    IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.

  • CVE-2025-14688MedApr 30, 2026
    risk 0.34cvss 5.3epss 0.00

    IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations…

  • CVE-2025-52534MedFeb 10, 2026
    risk 0.34cvss epss 0.00

    Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity.

  • CVE-2025-10933MedJan 5, 2026
    risk 0.34cvss epss 0.00

    An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads.

  • CVE-2025-67901MedDec 15, 2025
    risk 0.34cvss 5.3epss 0.00

    openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p->rem and p->len is not checked.

  • CVE-2025-10259MedNov 6, 2025
    risk 0.34cvss 5.3epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a…

  • CVE-2025-11594MedOct 11, 2025
    risk 0.34cvss 5.3epss 0.00

    A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to…

  • CVE-2024-8000MedMar 4, 2025
    risk 0.34cvss 5.3epss 0.00

    On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. Note: supplicants…

  • CVE-2023-20582MedFeb 11, 2025
    risk 0.34cvss 5.3epss 0.00

    Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.

  • CVE-2024-7488MedDec 4, 2024
    risk 0.34cvss 5.3epss 0.00

    Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks. This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not…

  • CVE-2023-20508MedFeb 12, 2025
    risk 0.33cvss 5.0epss 0.00

    Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.

  • CVE-2023-31310MedAug 13, 2024
    risk 0.33cvss 5.0epss 0.00

    Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a loss of integrity and/or availability.

  • CVE-2026-9801MedMay 28, 2026
    risk 0.32cvss 4.9epss 0.00

    A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a…

  • CVE-2026-11596MedJun 10, 2026
    risk 0.31cvss 4.7epss 0.00

    In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated…

  • CVE-2025-15645MedMay 19, 2026
    risk 0.30cvss 4.6epss 0.00

    Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. An attacker can provide a crafted reset_handler address pointing to invalid…