CWE-1284

Improper Validation of Specified Quantity in Input

Parent: CWE-20 - Improper Input Validation

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

321 vulnerabilities with CWE-1284
CVE-2021-21950 CRITICAL
Anker Eufy Homebase 2 Firmware 2.1.6.9h - Remote Code Execution via CMD_DEVICE_GET_SERVER_LIST_REQUEST
CVSS 10.0
CVE-2021-31346 HIGH
Capital Embedded AR Classic - Information Leak and Denial-of-Service via ICMP Payload Length
CVSS 8.2
CVE-2021-31345 HIGH
Capital Embedded AR Classic - Denial of Service via UDP Payload Length Mismatch
CVSS 7.5
CVE-2021-43267 CRITICAL
Linux Kernel < 5.14.16 - Remote Denial of Service via TIPC MSG_CRYPTO Size Validation
CVSS 9.8
CVE-2021-3581 HIGH
Zephyr 2.5.0-2.5.9 - Buffer Access with Incorrect Length Value
CVSS 7.0
CVE-2021-39193 MEDIUM
Frontier < 2021-09-03 - Invalid Transaction Inclusion via Input Data Size Validation Bypass
CVSS 5.3
CVE-2021-37677 MEDIUM
TensorFlow 2.3.0-2.3.3 - Denial of Service via Dequantize Shape Inference
CVSS 5.5
CVE-2021-37674 MEDIUM
TensorFlow 2.3.0-2.3.3 - Denial of Service via Missing Validation in MaxPoolGrad
CVSS 5.5
CVE-2021-31556 CRITICAL
MediaWiki <1.35.2 - Info Disclosure
CVSS 9.8
CVE-2021-1083 HIGH
NVIDIA vGPU <12.2-11.4 - Info Disclosure
CVSS 7.8
CVE-2021-1082 HIGH
NVIDIA vGPU <12.2-11.4-8.7 - Info Disclosure
CVSS 7.8
CVE-2021-1081 HIGH
NVIDIA vGPU <12.2-11.4-8.7 - Info Disclosure
CVSS 7.8
CVE-2021-1062 HIGH
NVIDIA vGPU <8.6-11.3 - Buffer Overflow
CVSS 7.1
CVE-2021-1058 HIGH
NVIDIA vGPU <8.6-11.3 - Buffer Overflow
CVSS 7.1
CVE-2020-27217 HIGH
Eclipse Hono 1.3.0 and 1.4.0 - Denial of Service via Oversized AMQP Message
CVSS 7.5
CVE-2019-25551 MEDIUM
Sandboxie 5.30 Denial of Service via Program Alerts Buffer Overflow
CVSS 6.2
CVE-2013-0270 MEDIUM
OpenStack Keystone < 2012.1.3 and < 8.0.0a0 - Denial of Service via Long Tenant Name
CVSS 6.5
CVE-2010-3904 HIGH KEV
Reliable Datagram Sockets (RDS) rds_page_copy_user Privilege Escalation
CVSS 7.8
CVE-2009-4488 CRITICAL
Varnish 2.0.6 - Terminal Emulator Escape Sequence Injection via Log File
CVSS 9.8
CVE-2008-2374 CRITICAL
bluez-libs < 3.34 - Denial of Service via SDP Packet String Length Field
CVSS 9.8
CVE-2008-1440
Windows XP SP2/SP3 and Server 2003 SP1/SP2 - Denial of Service via PGM Packet Option Length Field
Details
Vulnerabilities 321
Links
MITRE CWE Entry Search this CWE With Exploits