CWE-172 is a common weakness enumeration in software security. This database tracks 13 CVE vulnerabilities classified under this weakness type.

How many CVEs are classified as CWE-172?

There are 13 CVE vulnerabilities classified as CWE-172 with an average CVSS score of 5.7461538461538.

What is the severity distribution for CWE-172?

CWE-172 contains 2 critical, 2 high, 6 medium, and 3 low severity vulnerabilities.

CWE-172

Total CVEs

Vulnerabilities

Avg CVSS v3

5.7

Medium

Avg CVSS v2

5.1

Medium

Latest CVE

2025

Most Recent

Severity Distribution

Critical 2

15.4%

High 2

15.4%

Medium 6

46.2%

Low 3

23.1%

External References

MITRE CWE

Official CWE definition

NIST NVD

Search CVEs by CWE

All CVEs (13)

Page 1 of 1

CVE-2019-10160

CRITICAL

CVSS:9.8(Critical)

A security regression of CVE-2019-9636 was discovered in python since commit d537ab0ff9767ef024f26246899728f0116b1ec3 affecting versions 2.7, 3.5, 3.6, 3.7 and from v3.8.0a4 through v3.8.0b1, which st...

CWE-1722019

CVE-2016-6691

CRITICAL

CVSS:9.8(Critical)

service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly hav...

CWE-1722016

CVE-2019-12677

HIGH

CVSS:7.7(High)

A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condi...

CWE-1722019

CVE-2025-27110

HIGH

CVSS:7.5(High)

Libmodsecurity is one component of the ModSecurity v3 project. The library codebase serves as an interface to ModSecurity Connectors taking in web traffic and applying traditional ModSecurity processi...

CWE-1722025

CVE-2018-7173

MEDIUM

CVSS:5.5(Medium)

A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.

CWE-1722018

CVE-2016-3829

MEDIUM

CVSS:5.5(Medium)

The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via...

CWE-1722016

CVE-2016-3828

MEDIUM

CVSS:5.5(Medium)

decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a ...

CWE-1722016

CVE-2016-3827

MEDIUM

CVSS:5.5(Medium)

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or re...

CWE-1722016

CVE-2019-10153

MEDIUM

CVSS:5.0(Medium)

A flaw was discovered in fence-agents, prior to version 4.3.4, where using non-ASCII characters in a guest VM's comment or other fields would cause fence_rhevm to exit with an exception. In cluster en...

CWE-1722019

CVE-2018-2415

MEDIUM

CVSS:4.7(Medium)

SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50) do not sufficiently e...

CWE-1722018

CVE-2018-7289

LOW

CVSS:3.3(Low)

An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will f...

CWE-1722018

CVE-2021-33604

LOW

CVSS:2.5(Low)

URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local us...

CWE-1722021

CVE-2024-48909

LOW

CVSS:2.4(Low)

SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources...

CWE-1722024