Common Weakness Enumeration

CWE-1284

Allowed

Improper Validation of Specified Quantity in Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

494 vulnerabilities reference this CWE, most recent first.

GHSA-FC77-F4HM-5777

Vulnerability from github – Published: 2024-07-09 18:30 – Updated: 2024-07-09 18:30
VLAI
Details

A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-27362"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-07-09T18:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure.",
  "id": "GHSA-fc77-f4hm-5777",
  "modified": "2024-07-09T18:30:53Z",
  "published": "2024-07-09T18:30:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27362"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates"
    },
    {
      "type": "WEB",
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-27362"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FF2M-7QH4-77HP

Vulnerability from github – Published: 2026-06-10 18:31 – Updated: 2026-06-10 18:31
VLAI
Details

In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-11596"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-06-10T18:16:40Z",
    "severity": "MODERATE"
  },
  "details": "In ScreenConnect\u2122 versions prior to 26.2, input\nvalidation within the Host Pass creation functionality could allow an\nauthenticated user with Host Pass creation privileges the ability to specify a\ntoken expiration duration beyond the intended maximum when generating delegated\naccess tokens.",
  "id": "GHSA-ff2m-7qh4-77hp",
  "modified": "2026-06-10T18:31:46Z",
  "published": "2026-06-10T18:31:46Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-11596"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ConnectWise-Advisories/Disclosures/tree/main/CVE-2026-11596"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FFCH-RW3V-4MVX

Vulnerability from github – Published: 2026-04-09 00:32 – Updated: 2026-04-09 00:32
VLAI
Details

GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-1101"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-08T23:16:57Z",
    "severity": "MODERATE"
  },
  "details": "GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries.",
  "id": "GHSA-ffch-rw3v-4mvx",
  "modified": "2026-04-09T00:32:01Z",
  "published": "2026-04-09T00:32:01Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1101"
    },
    {
      "type": "WEB",
      "url": "https://hackerone.com/reports/3460228"
    },
    {
      "type": "WEB",
      "url": "https://about.gitlab.com/releases/2026/04/08/patch-release-gitlab-18-10-3-released"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gitlab-org/gitlab/-/work_items/586488"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FGWX-697G-22HM

Vulnerability from github – Published: 2022-01-20 00:01 – Updated: 2023-06-27 21:30
VLAI
Details

An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received. This issue affects Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-22166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-01-19T01:15:00Z",
    "severity": "MODERATE"
  },
  "details": "An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received. This issue affects Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.",
  "id": "GHSA-fgwx-697g-22hm",
  "modified": "2023-06-27T21:30:43Z",
  "published": "2022-01-20T00:01:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22166"
    },
    {
      "type": "WEB",
      "url": "https://kb.juniper.net/JSA11274"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-FMRC-PPPF-W7VF

Vulnerability from github – Published: 2026-04-29 18:31 – Updated: 2026-04-29 18:31
VLAI
Details

An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-6915"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-04-29T17:16:41Z",
    "severity": "MODERATE"
  },
  "details": "An authorization flaw in the user management command could allow an authenticated user to make limited changes to authentication-related data associated with another user account. This could affect how authentication is performed for the impacted account.",
  "id": "GHSA-fmrc-pppf-w7vf",
  "modified": "2026-04-29T18:31:35Z",
  "published": "2026-04-29T18:31:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-6915"
    },
    {
      "type": "WEB",
      "url": "https://jira.mongodb.org/browse/SERVER-119679"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-FQC4-2C83-QR8J

Vulnerability from github – Published: 2023-04-01 06:31 – Updated: 2023-04-10 15:30
VLAI
Details

NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-0194"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-01T05:15:00Z",
    "severity": "MODERATE"
  },
  "details": "NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.",
  "id": "GHSA-fqc4-2c83-qr8j",
  "modified": "2023-04-10T15:30:26Z",
  "published": "2023-04-01T06:31:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-0194"
    },
    {
      "type": "WEB",
      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5452"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202310-02"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G2G2-5Q7P-HMF2

Vulnerability from github – Published: 2026-03-05 06:30 – Updated: 2026-03-09 18:31
VLAI
Details

Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through <= 2.9.1.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2026-27384"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-05T06:16:27Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Validation of Specified Quantity in Input vulnerability in BoldGrid W3 Total Cache w3-total-cache allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects W3 Total Cache: from n/a through \u003c= 2.9.1.",
  "id": "GHSA-g2g2-5q7p-hmf2",
  "modified": "2026-03-09T18:31:38Z",
  "published": "2026-03-05T06:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27384"
    },
    {
      "type": "WEB",
      "url": "https://patchstack.com/database/Wordpress/Plugin/w3-total-cache/vulnerability/wordpress-w3-total-cache-plugin-2-9-1-arbitrary-code-execution-vulnerability?_s_id=cve"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G5C9-VC82-389P

Vulnerability from github – Published: 2023-12-01 15:31 – Updated: 2024-09-23 15:30
VLAI
Details

A vulnerability exists in the input validation of the GOOSE messages where out of range values received and processed by the IED caused a reboot of the device. In order for an attacker to exploit the vulnerability, goose receiving blocks need to be configured. 

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-4518"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284",
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-12-01T15:15:07Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability exists in the input validation of the GOOSE \nmessages where out of range values received and processed \nby the IED caused a reboot of the device. In order for an \nattacker to exploit the vulnerability, goose receiving blocks need \nto be configured.\u00a0",
  "id": "GHSA-g5c9-vc82-389p",
  "modified": "2024-09-23T15:30:59Z",
  "published": "2023-12-01T15:31:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-4518"
    },
    {
      "type": "WEB",
      "url": "https://publisher.hitachienergy.com/preview?DocumentId=8DBD000170\u0026languageCode=en\u0026Preview=true"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-G6P8-9J37-76HF

Vulnerability from github – Published: 2025-06-17 15:31 – Updated: 2025-08-06 18:31
VLAI
Details

Arbitrary file read in NetScaler Console and NetScaler SDX (SVM)

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-4365"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-17T13:15:20Z",
    "severity": "MODERATE"
  },
  "details": "Arbitrary file read in\u00a0NetScaler Console and NetScaler SDX (SVM)",
  "id": "GHSA-g6p8-9j37-76hf",
  "modified": "2025-08-06T18:31:10Z",
  "published": "2025-06-17T15:31:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4365"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694729"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-G726-JQM5-9Q9F

Vulnerability from github – Published: 2024-04-08 03:30 – Updated: 2024-11-04 18:31
VLAI
Details

In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-52343"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-08T03:15:08Z",
    "severity": "MODERATE"
  },
  "details": "In SecurityCommand message after as security has been actived., there is a possible improper input validation. This could lead to remote information disclosure no additional execution privileges needed",
  "id": "GHSA-g726-jqm5-9q9f",
  "modified": "2024-11-04T18:31:17Z",
  "published": "2024-04-08T03:30:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-52343"
    },
    {
      "type": "WEB",
      "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.