VYPR

CWE-1284

Improper Validation of Specified Quantity in Input

BaseIncomplete

Description

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (151)

page 6 of 8
  • CVE-2025-11568MedOct 15, 2025
    risk 0.29cvss 4.4epss 0.00

    A data corruption vulnerability has been identified in the luksmeta utility when used with the LUKS1 disk encryption format. An attacker with the necessary permissions can exploit this flaw by writing a large amount of metadata to an encrypted device. The utility fails to…

  • CVE-2026-2403MedApr 14, 2026
    risk 0.28cvss 4.3epss 0.00

    CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload.

  • CVE-2026-3816MedMar 9, 2026
    risk 0.28cvss 4.3epss 0.01

    A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function input_zip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated…

  • CVE-2025-43881MedJul 23, 2025
    risk 0.28cvss 4.3epss 0.00

    Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affected product.

  • CVE-2025-49292MedJun 6, 2025
    risk 0.28cvss 4.3epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in Cozmoslabs Profile Builder profile-builder allows Phishing.This issue affects Profile Builder: from n/a through <= 3.13.8.

  • CVE-2024-48290MedNov 7, 2024
    risk 0.28cvss 4.3epss 0.00

    An issue in the Bluetooth Low Energy implementation of Realtek RTL8762E BLE SDK v1.4.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted ll_terminate_ind packet.

  • CVE-2025-58835MedSep 5, 2025
    risk 0.27cvss 5.3epss 0.00

    Improper Validation of Specified Quantity in Input vulnerability in calliko Bonus for Woo bonus-for-woo allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bonus for Woo: from n/a through <= 7.6.6.

  • CVE-2026-47329LowMay 28, 2026
    risk 0.21cvss 3.3epss 0.00

    Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches which fail to validate invalid sizes of the name field in AppAmor notification responses. The bug can be triggered by an unprivileged local user and could result in handling of crafted responses.

  • CVE-2026-41285MedApr 21, 2026
    risk 0.21cvss 4.3epss 0.00

    In OpenBSD through 7.8, the slaacd and rad daemons have an infinite loop when they receive a crafted ICMPv6 Neighbor Discovery (ND) option (over a local network) with length zero, because of an "nd_opt_len * 8 - 2" expression with no preceding check for whether nd_opt_len is…

  • CVE-2025-24100LowJan 27, 2025
    risk 0.21cvss 3.3epss 0.00

    A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access information about a user's contacts.

  • CVE-2023-31331LowFeb 11, 2025
    risk 0.20cvss 3.0epss 0.00

    Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability.

  • CVE-2026-44459LowMay 13, 2026
    risk 0.18cvss 3.8epss 0.00

    Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.18, improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks.…

  • CVE-2025-2826LowMay 27, 2025
    risk 0.17cvss 2.6epss 0.00

    n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming…

  • CVE-2023-20581LowFeb 11, 2025
    risk 0.16cvss 2.5epss 0.00

    Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity.

  • CVE-2023-31304LowAug 13, 2024
    risk 0.15cvss 2.3epss 0.00

    Improper input validation in SMU may allow an attacker with privileges and a compromised physical function (PF)     to modify the PCIe® lane count and speed, potentially leading to a loss of availability.

  • CVE-2026-0428LowMay 15, 2026
    risk 0.12cvss epss 0.00

    Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_COPY_VF_CHIPLET_REGS to write invalid data to a remote Die, potentially resulting in unexpected behavior.

  • CVE-2025-66660LowMay 15, 2026
    risk 0.12cvss epss 0.00

    Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior.

  • CVE-2025-54515LowNov 23, 2025
    risk 0.07cvss epss 0.00

    The Secure Flag passed to Versal™ Adaptive SoC’s Trusted Firmware for Cortex®-A processors (TF-A) for Arm’s Power State Coordination Interface (PSCI) commands were incorrectly set to secure instead of using the processor’s actual security state. This would allow the…

  • CVE-2008-1440Jun 12, 2008
    risk 0.02cvss epss 0.23

    Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet,…

  • CVE-2026-53540lowJun 15, 2026
    risk 0.00cvss epss 0.00

    ### Summary `parse_form()` did not validate the `Content-Length` header before using it to bound its chunked read of the request body. A negative `Content-Length` turned the bounded read into a read-until-EOF, so the entire body was loaded into memory in a single read instead…