CWE-1284
Improper Validation of Specified Quantity in Input
Description
The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.
Hierarchy (View 1000)
CVEs mapped to this weakness (151)
page 5 of 8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-7316 | Med | 0.38 | 5.9 | 0.01 | Oct 17, 2024 | Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop. | ||
| CVE-2023-20515 | Med | 0.37 | 5.7 | 0.00 | Feb 11, 2025 | Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability. | ||
| CVE-2026-6839 | Med | 0.36 | 6.6 | 0.00 | Apr 22, 2026 | Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0. | ||
| CVE-2013-0270 | Med | 0.35 | 6.5 | 0.03 | Apr 12, 2013 | A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources… | ||
| CVE-2026-42657 | Med | 0.34 | 5.3 | 0.00 | Jun 15, 2026 | Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 versions. | ||
| CVE-2026-7254 | Med | 0.34 | 5.3 | 0.00 | May 27, 2026 | IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users. | ||
| CVE-2025-14688 | Med | 0.34 | 5.3 | 0.00 | Apr 30, 2026 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations… | ||
| CVE-2025-52534 | Med | 0.34 | — | 0.00 | Feb 10, 2026 | Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity. | ||
| CVE-2025-10933 | Med | 0.34 | — | 0.00 | Jan 5, 2026 | An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads. | ||
| CVE-2025-67901 | Med | 0.34 | 5.3 | 0.00 | Dec 15, 2025 | openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p->rem and p->len is not checked. | ||
| CVE-2025-10259 | Med | 0.34 | 5.3 | 0.00 | Nov 6, 2025 | Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a… | ||
| CVE-2025-11594 | Med | 0.34 | 5.3 | 0.00 | Oct 11, 2025 | A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to… | ||
| CVE-2024-8000 | Med | 0.34 | 5.3 | 0.00 | Mar 4, 2025 | On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. Note: supplicants… | ||
| CVE-2023-20582 | Med | 0.34 | 5.3 | 0.00 | Feb 11, 2025 | Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity. | ||
| CVE-2024-7488 | Med | 0.34 | 5.3 | 0.00 | Dec 4, 2024 | Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks. This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not… | ||
| CVE-2023-20508 | Med | 0.33 | 5.0 | 0.00 | Feb 12, 2025 | Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability. | ||
| CVE-2023-31310 | Med | 0.33 | 5.0 | 0.00 | Aug 13, 2024 | Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a loss of integrity and/or availability. | ||
| CVE-2026-9801 | Med | 0.32 | 4.9 | 0.00 | May 28, 2026 | A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a… | ||
| CVE-2026-11596 | Med | 0.31 | 4.7 | 0.00 | Jun 10, 2026 | In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated… | ||
| CVE-2025-15645 | Med | 0.30 | 4.6 | 0.00 | May 19, 2026 | Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. An attacker can provide a crafted reset_handler address pointing to invalid… |
- risk 0.38cvss 5.9epss 0.01
Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop.
- risk 0.37cvss 5.7epss 0.00
Improper access control in the fTPM driver in the trusted OS could allow a privileged attacker to corrupt system memory, potentially leading to loss of integrity, confidentiality, or availability.
- risk 0.36cvss 6.6epss 0.00
Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0.
- risk 0.35cvss 6.5epss 0.03
A flaw was found in OpenStack Keystone. A remote attacker could exploit this vulnerability by sending a large HTTP request, specifically by providing a long tenant name when requesting a token. This could lead to a denial of service, consuming excessive CPU and memory resources…
- risk 0.34cvss 5.3epss 0.00
Unauthenticated Other Vulnerability Type in Contest Gallery <= 28.1.7 versions.
- risk 0.34cvss 5.3epss 0.00
IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.
- risk 0.34cvss 5.3epss 0.00
IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when certain configurations…
- risk 0.34cvss —epss 0.00
Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity.
- risk 0.34cvss —epss 0.00
An integer underflow vulnerability in the Silicon Labs Z-Wave Protocol Controller can lead to out of bounds memory reads.
- risk 0.34cvss 5.3epss 0.00
openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p->rem and p->len is not checked.
- risk 0.34cvss 5.3epss 0.00
Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a…
- risk 0.34cvss 5.3epss 0.00
A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to…
- risk 0.34cvss 5.3epss 0.00
On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. Note: supplicants…
- risk 0.34cvss 5.3epss 0.00
Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity.
- risk 0.34cvss 5.3epss 0.00
Integer Overflow or Wraparound, Improper Validation of Specified Quantity in Input vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks. This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not…
- risk 0.33cvss 5.0epss 0.00
Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability.
- risk 0.33cvss 5.0epss 0.00
Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a loss of integrity and/or availability.
- risk 0.32cvss 4.9epss 0.00
A flaw was found in Keycloak. A remote attacker with high privileges, such as a realm administrator configuring a malicious Lightweight Directory Access Protocol (LDAP) server or an attacker compromising an upstream LDAP server, could exploit this vulnerability. By sending a…
- risk 0.31cvss 4.7epss 0.00
In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated…
- risk 0.30cvss 4.6epss 0.00
Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the reset_handler parameter during firmware flashing. An attacker can provide a crafted reset_handler address pointing to invalid…