CWE-1284
Improper Validation of Specified Quantity in Input
BaseIncomplete
Description
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Hierarchy (View 1000)
CVEs mapped to this weakness (87)
page 5 of 5| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-24100 | Low | 0.21 | 3.3 | 0.00 | Jan 27, 2025 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access information about a user's contacts. | |
| CVE-2023-31331 | Low | 0.20 | 3.0 | 0.00 | Feb 11, 2025 | Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability. | |
| CVE-2025-2826 | Low | 0.17 | 2.6 | 0.00 | May 27, 2025 | n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are: * Packets which should be permitted may be dropped and, * Packets which should be dropped may be permitted. | |
| CVE-2023-20581 | Low | 0.16 | 2.5 | 0.00 | Feb 11, 2025 | Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity. | |
| CVE-2023-31304 | Low | 0.15 | 2.3 | 0.00 | Aug 13, 2024 | Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF) to modify the PCIe® lane count and speed, potentially leading to a loss of availability. | |
| CVE-2025-54515 | Low | 0.07 | — | 0.00 | Nov 23, 2025 | The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the PSCI requests to appear they were from processors in the secure state instead of the non-secure state. | |
| CVE-2008-1440 | 0.04 | — | 0.51 | Jun 12, 2008 | Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." |