CVSSv3 May 2019info

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

PublishedBaseVDBNVDVendResVulnerabilityCTICVE
05/31/20197.56.38.8
 
 
Sitecore CMS CSRF Module deserialization0.09CVE-2019-9875
05/31/20198.57.39.8
 
 
Sitecore CMS/XP Sitecore.Security.AntiCSRF deserialization0.12CVE-2019-9874
05/31/20199.89.89.8
 
 
Jector Smart TV FM-K75 ADB Port access control0.07CVE-2019-9871
05/31/20198.57.39.8
 
 
NUUO Network Video Recorder handle_load_config.php command injection0.04CVE-2019-9653
05/31/20198.57.39.8
 
 
SAET Impianti Speciali TEBE Small Webapp resource=index.php path traversal0.05CVE-2019-9106
05/31/20197.47.37.5
 
 
SAET Impianti Speciali TEBE Small WebApp information disclosure0.00CVE-2019-9105
05/31/20197.55.39.8
 
 
ZyXEL P-660HN-T1 V2 HTML Source Code rpWLANRedirect.asp Password hard-coded credentials0.05CVE-2019-6725
05/31/20196.55.37.8
 
 
NVIDIA GeForce Experience Web Helper input validation0.04CVE-2019-5678
05/31/20195.44.76.1
 
 
PHPRelativePath RelativePath.Example1.php cross site scripting0.00CVE-2019-12507
05/31/20196.55.37.8
 
 
Schneider Electric Vijeo Citect/CitectSCADA credentials management0.05CVE-2019-10981
05/31/20197.47.37.5
 
 
Gitea Plugin Revision access control0.06CVE-2019-10330
05/31/20196.54.38.8
 
 
InfluxDB Plugin Global Configuration Credentials credentials management0.00CVE-2019-10329
05/31/20198.67.49.9
 
 
Pipeline Remote Loader Plugin Whitelist protection mechanism0.05CVE-2019-10328
05/31/20196.75.48.1
 
 
Pipeline Maven Integration Plugin XML Data xml external entity reference0.00CVE-2019-10327
05/31/20194.34.34.3
 
 
Warnings NG Plugin Warning cross-site request forgery0.05CVE-2019-10326
05/31/20194.74.15.4
 
 
Warnings NG Plugin Overview Page cross site scripting0.07CVE-2019-10325
05/31/20195.44.36.5
 
 
Artifactory Plugin ReleaseAction#doSubmit cross-site request forgery0.06CVE-2019-10324
05/31/20194.34.34.3
 
 
Artifactory Plugin Permission Check fillCredentialsIdItems Credentials permission0.07CVE-2019-10323
05/31/20195.36.34.3
 
 
Artifactory Plugin Permission Check permission0.06CVE-2019-10322
05/31/20194.34.34.3
 
 
Artifactory Plugin cross-site request forgery0.07CVE-2019-10321
05/31/20198.57.39.8
 
 
AIS ESEL-Server 67 Backend sql injection0.06CVE-2019-10123
05/31/20198.57.39.8
 
 
Godot Deserialization deserialization0.07CVE-2019-10069
05/31/20195.84.37.3
 
 
Pydio Web Application access control0.06CVE-2019-10049
05/31/20196.25.37.2
 
 
Pydio Imagemagick os command injection0.06CVE-2019-10048
05/31/20194.43.55.4
 
 
Pydio Web Application Stored cross site scripting0.00CVE-2019-10047
05/31/20195.35.35.3
 
 
Pydio Configuration information disclosure0.06CVE-2019-10046
05/31/20196.97.36.5
 
 
Pydio Web Application get_sess_id session fixiation0.04CVE-2019-10045
05/31/20196.55.37.8
 
 
Evernote Reference Calculator path traversal0.05CVE-2019-10038
05/31/20198.57.39.8
 
 
QEMU device_tree.c load_image memory corruption0.04CVE-2018-20815
05/31/20197.56.38.8
 
 
Mobotix S14 access cross-site request forgery0.08CVE-2019-12502
05/31/20196.25.96.5
 
 
Xiaomi M365 Scooter Accelerate Command Bluetooth LE improper authorization0.05CVE-2019-12500
05/31/20197.36.58.1
 
 
Firejail Sandbox input validation0.00CVE-2019-12499
05/31/20197.47.37.5
 
 
Hybrid Group Gobot mqtt Subsystem certificate validation0.07CVE-2019-12496
05/31/20195.45.35.5
 
 
Tiny C Compiler Compiling x86_64-gen.c gsym_addr out-of-bounds write0.09CVE-2019-12495
05/31/20196.76.37.1
 
 
Foo Labs Xpdf Function.cc transform out-of-bounds read0.00CVE-2019-12493
05/31/20195.24.36.1
 
 
Synacor Zimbra Collaboration Admin Console Reflected cross site scripting0.05CVE-2015-2230
05/30/20193.33.3
 
 
 
Apple AirPort Base Station AirPort Base Station Firmware null pointer dereference0.08CVE-2019-8572
05/30/20195.35.3
 
 
 
Apple AirPort Base Station AirPort Base Station Firmware privileges management0.08CVE-2019-8580
05/30/20193.53.5
 
 
 
Apple AirPort Base Station AirPort Base Station Firmware denial of service0.00CVE-2019-7291
05/30/20193.33.3
 
 
 
Apple AirPort Base Station AirPort Base Station Firmware User information disclosure0.06CVE-2019-8575

Interested in the pricing of exploits?

See the underground prices here!