Common Weakness Enumeration

CWE-1284

Allowed

Improper Validation of Specified Quantity in Input

Abstraction: Base · Status: Incomplete

The product receives input that is expected to specify a quantity (such as size or length), but it does not validate or incorrectly validates that the quantity has the required properties.

500 vulnerabilities reference this CWE, most recent first.

CVE-2022-4989 (GCVE-0-2022-4989)

Vulnerability from cvelistv5 – Published: 2026-07-03 02:01 – Updated: 2026-07-17 06:00
VLAI
Summary
** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ' section on the ASUS Security Advisory for more information.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Vendor Product Version
ASUS AI Suite 3 Affected: 0 , < v3.03.00 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-4989",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-07-06T17:33:22.399008Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-07-06T17:33:31.225Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "AI Suite 3",
          "vendor": "ASUS",
          "versions": [
            {
              "lessThan": "v3.03.00",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:asus:ai_suite_3:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "v3.03.00",
                  "versionStartIncluding": "0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ],
          "operator": "OR"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003e\u0026nbsp;** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS\u0026nbsp;AI Suite 3 driver\u0026nbsp;allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation.\u003cbr\u003eRefer to the \u0027End-of-Life Notice and Driver Update for Legacy ASUS Drivers\u0026nbsp;\u0027 section on the ASUS Security Advisory for more information.\u003c/p\u003e"
            }
          ],
          "value": "** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS\u00a0AI Suite 3 driver\u00a0allows a local user to access unintended memory regions via crafted IOCTL requests, leading to privilege escalation.\nRefer to the \u0027End-of-Life Notice and Driver Update for Legacy ASUS Drivers\u00a0\u0027 section on the ASUS Security Advisory for more information."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 8.5,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284: Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-07-17T06:00:27.417Z",
        "orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
        "shortName": "ASUS"
      },
      "references": [
        {
          "url": "https://www.asus.com/security-advisory"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
    "assignerShortName": "ASUS",
    "cveId": "CVE-2022-4989",
    "datePublished": "2026-07-03T02:01:02.599Z",
    "dateReserved": "2026-05-19T05:59:50.869Z",
    "dateUpdated": "2026-07-17T06:00:27.417Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-4171 (GCVE-0-2022-4171)

Vulnerability from cvelistv5 – Published: 2022-12-13 20:16 – Updated: 2026-04-08 17:14
VLAI
Title
demon image annotation <= 5.0 - Improper Input Restriction Validation
Summary
The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
demonisblack demon image annotation Affected: 0 , ≤ 5.0 (semver)
Create a notification for this product.
Credits
Ori Gabriel
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:34:49.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2830349%40demon-image-annotation\u0026new=2830349%40demon-image-annotation\u0026sfp_email=\u0026sfph_mail="
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-4171",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-23T20:32:42.943788Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-23T20:32:54.812Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "demon image annotation",
          "vendor": "demonisblack",
          "versions": [
            {
              "lessThanOrEqual": "5.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Ori Gabriel"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-08T17:14:51.553Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac5549ec-f931-4b13-b5f9-0d6f3e53aae4?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=2830349%40demon-image-annotation\u0026new=2830349%40demon-image-annotation\u0026sfp_email=\u0026sfph_mail="
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2022-12-11T00:00:00.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "demon image annotation \u003c= 5.0 - Improper Input Restriction Validation"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2022-4171",
    "datePublished": "2022-12-13T20:16:52.649Z",
    "dateReserved": "2022-11-28T18:08:09.657Z",
    "dateUpdated": "2026-04-08T17:14:51.553Z",
    "requesterUserId": "8d345d3f-a59e-4410-a440-fac6e918fcfc",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2022-4111 (GCVE-0-2022-4111)

Vulnerability from cvelistv5 – Published: 2022-11-22 00:00 – Updated: 2025-04-24 20:07
VLAI
Title
Improper Validation of Specified Quantity in Input in tooljet/tooljet
Summary
Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
tooljet tooljet/tooljet Affected: unspecified , < v1.27.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:27:54.434Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-4111",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-24T20:07:11.606695Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-24T20:07:23.860Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "tooljet/tooljet",
          "vendor": "tooljet",
          "versions": [
            {
              "lessThan": "v1.27.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eUnrestricted file size limit can lead to DoS in tooljet/tooljet \u0026lt;1.27 by allowing a logged in attacker to upload profile pictures over 2MB.\u003c/p\u003e"
            }
          ],
          "value": "Unrestricted file size limit can lead to DoS in tooljet/tooljet \u003c1.27 by allowing a logged in attacker to upload profile pictures over 2MB.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-11T07:05:11.102Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/5596d072-66d2-4361-8cac-101c9c781c3d"
        },
        {
          "url": "https://github.com/tooljet/tooljet/commit/01cd3f0464747973ec329e9fb1ea12743d3235cc"
        }
      ],
      "source": {
        "advisory": "5596d072-66d2-4361-8cac-101c9c781c3d",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Validation of Specified Quantity in Input in tooljet/tooljet",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-4111",
    "datePublished": "2022-11-22T00:00:00.000Z",
    "dateReserved": "2022-11-22T00:00:00.000Z",
    "dateUpdated": "2025-04-24T20:07:23.860Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2845 (GCVE-0-2022-2845)

Vulnerability from cvelistv5 – Published: 2022-08-17 00:00 – Updated: 2024-08-03 00:52
VLAI
Title
Improper Validation of Specified Quantity in Input in vim/vim
Summary
Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
vim vim/vim Affected: unspecified , < 9.0.0218 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:52:58.914Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c"
          },
          {
            "name": "FEDORA-2022-3b33d04743",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/"
          },
          {
            "name": "FEDORA-2022-b9edf60581",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
          },
          {
            "name": "GLSA-202305-16",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "vim/vim",
          "vendor": "vim",
          "versions": [
            {
              "lessThan": "9.0.0218",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218.\u003c/p\u003e"
            }
          ],
          "value": "Improper Validation of Specified Quantity in Input in GitHub repository vim/vim prior to 9.0.0218."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-10T07:47:29.572Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/3e1d31ac-1cfd-4a9f-bc5c-213376b69445"
        },
        {
          "url": "https://github.com/vim/vim/commit/e98c88c44c308edaea5994b8ad4363e65030968c"
        },
        {
          "name": "FEDORA-2022-3b33d04743",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C72HDIMR3KTTAO7QGTXWUMPBNFUFIBRD/"
        },
        {
          "name": "FEDORA-2022-b9edf60581",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWOJOA7PZZAMBI5GFTL6PWHXMWSDLUXL/"
        },
        {
          "name": "GLSA-202305-16",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-16"
        }
      ],
      "source": {
        "advisory": "3e1d31ac-1cfd-4a9f-bc5c-213376b69445",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Validation of Specified Quantity in Input in vim/vim",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-2845",
    "datePublished": "2022-08-17T00:00:00.000Z",
    "dateReserved": "2022-08-16T00:00:00.000Z",
    "dateUpdated": "2024-08-03T00:52:58.914Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-2277 (GCVE-0-2022-2277)

Vulnerability from cvelistv5 – Published: 2022-09-14 17:02 – Updated: 2025-06-04 15:06
VLAI
Title
A vulnerability exists in the ICCP stack of the affected SYS600 versions due to validation flaw in the process that establishes the ICCP communication. The validation flaw will cause a denial-of-service when ICCP of SYS600 is request to forward any da ...
Summary
Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600's ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Vendor Product Version
Hitachi Energy MicroSCADA X SYS600 Affected: 10.2
Affected: 10.2.1
Affected: 10.3
Affected: 10.3.1
Create a notification for this product.
Date Public
2022-09-05 22:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T00:32:09.384Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-2277",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-06-04T15:06:46.857674Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-06-04T15:06:49.732Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "MicroSCADA X SYS600",
          "vendor": "Hitachi Energy",
          "versions": [
            {
              "status": "affected",
              "version": "10.2"
            },
            {
              "status": "affected",
              "version": "10.2.1"
            },
            {
              "status": "affected",
              "version": "10.3"
            },
            {
              "status": "affected",
              "version": "10.3.1"
            }
          ]
        }
      ],
      "datePublic": "2022-09-05T22:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600\u0027s ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*\u003c/p\u003e"
            }
          ],
          "value": "Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600\u0027s ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-25T11:06:59.557Z",
        "orgId": "e383dce4-0c27-4495-91c4-0db157728d17",
        "shortName": "Hitachi Energy"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://publisher.hitachienergy.com/preview?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eRemediated in SYS600 10.4 \u003c/p\u003e\u003cp\u003eUpdate to at least SYS600 version 10.4.\u003c/p\u003e"
            }
          ],
          "value": "Remediated in SYS600 10.4 \n\nUpdate to at least SYS600 version 10.4."
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "A vulnerability exists in the ICCP stack of the affected SYS600 versions due to validation flaw in the process that establishes the ICCP communication. The validation flaw will cause a denial-of-service when ICCP of SYS600 is request to forward any da ...",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eDo not enable ICCP if it is not used. \u003c/p\u003e\u003cp\u003eApply general mitigation factors as specify in the advisory.\u003c/p\u003e"
            }
          ],
          "value": "Do not enable ICCP if it is not used. \n\nApply general mitigation factors as specify in the advisory."
        }
      ],
      "x_ConverterErrors": {
        "TITLE": {
          "error": "TITLE too long. Truncating in v5 record.",
          "message": "Truncated!"
        }
      },
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cybersecurity@hitachienergy.com",
          "DATE_PUBLIC": "2022-09-06T14:30:00.000Z",
          "ID": "CVE-2022-2277",
          "STATE": "PUBLIC",
          "TITLE": "A vulnerability exists in the ICCP stack of the affected SYS600 versions due to validation flaw in the process that establishes the ICCP communication. The validation flaw will cause a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled."
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MicroSCADA X SYS600",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "10.2"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10.2.1"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10.3"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "10.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hitachi Energy"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Input Validation vulnerability exists in the Hitachi Energy MicroSCADA X SYS600\u0027s ICCP stack during the ICCP communication establishment causes a denial-of-service when ICCP of SYS600 is request to forward any data item updates with timestamps too distant in the future to any remote ICCP system. By default, ICCP is not configured and not enabled. This issue affects: Hitachi Energy MicroSCADA X SYS600 version 10.2 to version 10.3.1. cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.2.1:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3:*:*:*:*:*:*:* cpe:2.3:a:hitachienergy:microscada_x_sys600:10.3.1:*:*:*:*:*:*:*"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch",
              "refsource": "CONFIRM",
              "url": "https://search.abb.com/library/Download.aspx?DocumentID=8DBD000106\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Remediated in SYS600 10.4 Update to at least SYS600 version 10.4."
          }
        ],
        "source": {
          "discovery": "INTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Do not enable ICCP if it is not used. Apply general mitigation factors as specify in the advisory."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e383dce4-0c27-4495-91c4-0db157728d17",
    "assignerShortName": "Hitachi Energy",
    "cveId": "CVE-2022-2277",
    "datePublished": "2022-09-14T17:02:01.251Z",
    "dateReserved": "2022-07-01T00:00:00.000Z",
    "dateUpdated": "2025-06-04T15:06:49.732Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0596 (GCVE-0-2022-0596)

Vulnerability from cvelistv5 – Published: 2022-02-15 00:00 – Updated: 2024-08-02 23:32
VLAI
Title
Improper Validation of Specified Quantity in Input in microweber/microweber
Summary
Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11.
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
microweber microweber/microweber Affected: unspecified , < 1.2.11 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:32:46.308Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/f68b994e-2b8b-49f5-af2a-8cd99e8048a5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/microweber/microweber/commit/91a9d899741557c75050614ff7adb8c0e3feb005"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "microweber/microweber",
          "vendor": "microweber",
          "versions": [
            {
              "lessThan": "1.2.11",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Validation of Specified Quantity in Input in Packagist microweber/microweber prior to 1.2.11."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-29T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/f68b994e-2b8b-49f5-af2a-8cd99e8048a5"
        },
        {
          "url": "https://github.com/microweber/microweber/commit/91a9d899741557c75050614ff7adb8c0e3feb005"
        }
      ],
      "source": {
        "advisory": "f68b994e-2b8b-49f5-af2a-8cd99e8048a5",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Validation of Specified Quantity in Input in microweber/microweber"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-0596",
    "datePublished": "2022-02-15T00:00:00.000Z",
    "dateReserved": "2022-02-14T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:32:46.308Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0414 (GCVE-0-2022-0414)

Vulnerability from cvelistv5 – Published: 2022-01-31 00:00 – Updated: 2024-08-02 23:25
VLAI
Title
Improper Validation of Specified Quantity in Input in dolibarr/dolibarr
Summary
Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0.
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
dolibarr dolibarr/dolibarr Affected: unspecified , < 16.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:25:40.379Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/dolibarr/dolibarr/commit/37fb02ee760cfff18c795ba468da1ba1c53f4684"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dolibarr/dolibarr",
          "vendor": "dolibarr",
          "versions": [
            {
              "lessThan": "16.0",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Validation of Specified Quantity in Input in Packagist dolibarr/dolibarr prior to 16.0."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-29T00:00:00.000Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "url": "https://huntr.dev/bounties/76f3b405-9f5d-44b1-8434-b52b56ee395f"
        },
        {
          "url": "https://github.com/dolibarr/dolibarr/commit/37fb02ee760cfff18c795ba468da1ba1c53f4684"
        }
      ],
      "source": {
        "advisory": "76f3b405-9f5d-44b1-8434-b52b56ee395f",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Validation of Specified Quantity in Input in dolibarr/dolibarr"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-0414",
    "datePublished": "2022-01-31T00:00:00.000Z",
    "dateReserved": "2022-01-29T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:25:40.379Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-0174 (GCVE-0-2022-0174)

Vulnerability from cvelistv5 – Published: 2022-01-10 17:30 – Updated: 2024-08-02 23:18
VLAI
Title
Improper Validation of Specified Quantity in Input in dolibarr/dolibarr
Summary
Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
References
Impacted products
Vendor Product Version
dolibarr dolibarr/dolibarr Affected: unspecified , < develop (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T23:18:42.030Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "dolibarr/dolibarr",
          "vendor": "dolibarr",
          "versions": [
            {
              "lessThan": "develop",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr."
            }
          ],
          "value": "Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "CWE-1284 Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-02T08:52:05.503Z",
        "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
        "shortName": "@huntrdev"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32"
        }
      ],
      "source": {
        "advisory": "ed3ed4ce-3968-433c-a350-351c8f8b60db",
        "discovery": "EXTERNAL"
      },
      "title": "Improper Validation of Specified Quantity in Input in dolibarr/dolibarr",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@huntr.dev",
          "ID": "CVE-2022-0174",
          "STATE": "PUBLIC",
          "TITLE": "Business Logic Errors in dolibarr/dolibarr"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dolibarr/dolibarr",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "develop"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "dolibarr"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dolibarr is vulnerable to Business Logic Errors"
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-840 Business Logic Errors"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db",
              "refsource": "CONFIRM",
              "url": "https://huntr.dev/bounties/ed3ed4ce-3968-433c-a350-351c8f8b60db"
            },
            {
              "name": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32",
              "refsource": "MISC",
              "url": "https://github.com/dolibarr/dolibarr/commit/d892160f4f130385a3ce520f66cb8cf2eb8c5c32"
            }
          ]
        },
        "source": {
          "advisory": "ed3ed4ce-3968-433c-a350-351c8f8b60db",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
    "assignerShortName": "@huntrdev",
    "cveId": "CVE-2022-0174",
    "datePublished": "2022-01-10T17:30:21.000Z",
    "dateReserved": "2022-01-10T00:00:00.000Z",
    "dateUpdated": "2024-08-02T23:18:42.030Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-47831 (GCVE-0-2021-47831)

Vulnerability from cvelistv5 – Published: 2026-01-16 19:09 – Updated: 2026-03-05 01:28
VLAI
Title
Sandboxie 5.49.7 - Denial of Service
Summary
Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Date Public
2021-06-05 00:00
Credits
Erick Galindo
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47831",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T21:01:30.337811Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T21:10:33.549Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://www.exploit-db.com/exploits/49844"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Sandboxie",
          "vendor": "Sandboxie-Plus",
          "versions": [
            {
              "status": "affected",
              "version": "5.49.7"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:sandboxie-plus:sandboxie:5.49.7:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Erick Galindo"
        }
      ],
      "datePublic": "2021-06-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sandboxie 5.49.7 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the container folder input field. Attackers can paste a large buffer of repeated characters into the Sandbox container folder setting to trigger an application crash."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-05T01:28:48.131Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-49844",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/49844"
        },
        {
          "name": "Sandboxie Official Homepage",
          "tags": [
            "product"
          ],
          "url": "https://sandboxie-plus.com/"
        },
        {
          "name": "VulnCheck Advisory: Sandboxie 5.49.7 - Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/sandboxie-denial-of-service"
        }
      ],
      "title": "Sandboxie 5.49.7 - Denial of Service",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2021-47831",
    "datePublished": "2026-01-16T19:09:33.511Z",
    "dateReserved": "2026-01-14T17:11:19.900Z",
    "dateUpdated": "2026-03-05T01:28:48.131Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2021-47827 (GCVE-0-2021-47827)

Vulnerability from cvelistv5 – Published: 2026-01-16 19:09 – Updated: 2026-01-16 21:32
VLAI
Title
WebSSH for iOS 14.16.10 - 'mashREPL' Denial of Service
Summary
WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated 'A' characters into the mashREPL input field, causing the application to crash.
SSVC
Exploitation: poc Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-1284 - Improper Validation of Specified Quantity in Input
Assigner
Impacted products
Vendor Product Version
WebSSH WebSSH for iOS Affected: 14.16.10
Create a notification for this product.
Date Public
2021-05-18 00:00
Credits
Luis Martinez
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-47827",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-16T21:32:13.585269Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-16T21:32:47.489Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WebSSH for iOS",
          "vendor": "WebSSH",
          "versions": [
            {
              "status": "affected",
              "version": "14.16.10"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Luis Martinez"
        }
      ],
      "datePublic": "2021-05-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "WebSSH for iOS 14.16.10 contains a denial of service vulnerability in the mashREPL tool that allows attackers to crash the application by pasting malformed input. Attackers can trigger the vulnerability by copying a 300-character buffer of repeated \u0027A\u0027 characters into the mashREPL input field, causing the application to crash."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "ACTIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS"
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1284",
              "description": "Improper Validation of Specified Quantity in Input",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-16T19:09:31.864Z",
        "orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
        "shortName": "VulnCheck"
      },
      "references": [
        {
          "name": "ExploitDB-49883",
          "tags": [
            "exploit"
          ],
          "url": "https://www.exploit-db.com/exploits/49883"
        },
        {
          "name": "WebSSH iOS App Store Page",
          "tags": [
            "product"
          ],
          "url": "https://apps.apple.com/mx/app/webssh-ssh-client/id497714887"
        },
        {
          "name": "VulnCheck Advisory: WebSSH for iOS 14.16.10 - \u0027mashREPL\u0027 Denial of Service",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://www.vulncheck.com/advisories/webssh-for-ios-mashrepl-denial-of-service"
        }
      ],
      "title": "WebSSH for iOS 14.16.10 - \u0027mashREPL\u0027 Denial of Service",
      "x_generator": {
        "engine": "vulncheck"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
    "assignerShortName": "VulnCheck",
    "cveId": "CVE-2021-47827",
    "datePublished": "2026-01-16T19:09:31.864Z",
    "dateReserved": "2026-01-14T17:11:19.900Z",
    "dateUpdated": "2026-01-16T21:32:47.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-5
Implementation

Strategy: Input Validation

  • Assume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.
  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, "boat" may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as "red" or "blue."
  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code's environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

No CAPEC attack patterns related to this CWE.