CVSSv3 January 2020info

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

PublishedBaseVDBNVDVendResVulnerabilityCTICVE
01/31/20205.44.36.5
 
 
School Management Software cross-site request forgery0.02CVE-2020-8505
01/31/20205.44.36.5
 
 
School Management Software cross-site request forgery0.01CVE-2020-8504
01/31/20206.46.36.5
 
 
Biscom Secure File Transfer File Upload authorization0.06CVE-2020-8503
01/31/20208.57.39.8
 
 
Simplejobscript.com SJS PHP Script page_apply.php unrestricted upload0.06CVE-2020-8440
01/31/20204.34.34.3
 
 
Zoho ManageEngine Remote Access Plus Credential Manager Credentials information disclosure0.08CVE-2020-8422
01/31/20208.57.39.8
 
 
Hashicorp Nomad/Nomad Enterprise TLS Certificate certificate validation0.03CVE-2020-7956
01/31/20205.35.35.3
 
 
Hashicorp Consul/Consul Enterprise API Endpoint information disclosure0.08CVE-2020-7955
01/31/20206.45.37.5
 
 
JetBrains IntelliJ IDEA XSLT Debugger Plugin information disclosure0.06CVE-2020-7914
01/31/20206.45.37.5
 
 
Hashicorp Consul/Consul Enterprise RPC Service resource consumption0.01CVE-2020-7219
01/31/20206.45.37.5
 
 
Hashicorp Nomad/Nomad Enterprise resource consumption0.03CVE-2020-7218
01/31/20205.75.65.9
 
 
AWMS Mobile App X.509 Certificate Validation certificate validation0.12CVE-2020-5526
01/31/20203.72.64.8
 
 
MessagePack for C#/Unity stack-based overflow0.04CVE-2020-5234
01/31/20206.45.37.5
 
 
IBM WebSphere Application Server memory allocation0.01CVE-2019-4720
01/31/20205.14.06.2
 
 
Linux Kernel KVM Hypervisor Memory race condition0.02CVE-2019-3016
01/31/20207.47.37.5
 
 
Senior Rubiweb URL improper authentication0.00CVE-2019-19550
01/31/20206.66.46.8
 
 
HP Business PCs Microsoft Windows 10 Kernel DMA Protection authorization0.12CVE-2019-18913
01/31/20207.47.37.5
 
 
Eclair Access Control privileges management0.17CVE-2019-13000
01/31/20207.47.37.5
 
 
Lightning Network Daemon Access Control privileges management0.02CVE-2019-12999
01/31/20207.47.37.5
 
 
c-lightning Access Control privileges management0.10CVE-2019-12998
01/31/20207.66.58.7
 
 
ENS Trapdoor improper authorization0.04CVE-2020-5232
01/30/20204.43.55.4
 
 
GistPress Plugin class-gistpress.php cross site scripting0.04CVE-2020-8498
01/30/20205.54.16.9
 
 
Kronos Web Time/Attendance ApplicationBanner Stored cross site scriting0.00CVE-2020-8496
01/30/20206.25.07.5
 
 
Kronos Web Time/Attendance com.threeis.webta.H491delegate Servlet privileges management0.14CVE-2020-8495
01/30/20206.25.07.5
 
 
Kronos Web Time/Attendance com.threeis.webta.H402editUser Servlet privileges management0.08CVE-2020-8494
01/30/20205.23.56.9
 
 
Kronos Web Time/Attendance com.threeis.webta.H261configMenu Servlet Stored cross site scriting0.09CVE-2020-8493
01/30/20206.45.37.5
 
 
Python urllib.request.AbstractBasicAuthHandler incorrect regex0.00CVE-2020-8492
01/30/20205.45.94.9
 
 
BitDefender Total Security 2020 Junction Delete link following0.02CVE-2020-8095
01/30/20205.35.35.3
 
 
BitDefender Antivirus AntivirusforMac access control0.02CVE-2020-8093
01/30/20205.24.65.9
 
 
OAuth2 Proxy redirect0.06CVE-2020-5233
01/30/20205.45.94.8
 
 
Opencast user-utils Endpoint improper authorization0.02CVE-2020-5231
01/30/20206.65.57.7
 
 
Opencast Media Id.compact() resource injection0.00CVE-2020-5230
01/30/20205.33.07.7
 
 
Opencast Password Hashing md5.json MD5 risky encryption0.12CVE-2020-5229
01/30/20207.06.57.6
 
 
Opencast OAI-PMH authorization0.02CVE-2020-5228
01/30/20204.93.06.8
 
 
Opencast Cookie hard-coded credentials0.02CVE-2020-5222
01/30/20207.66.58.7
 
 
Opencast Cookie improper authorization0.02CVE-2020-5206
01/30/20208.07.58.6
 
 
Cisco Small Business Switches Web Interface input validation0.02CVE-2020-3147
01/30/20207.57.37.8
 
 
Trend Micro Anti-Threat Toolkit input validation0.02CVE-2019-20358
01/30/20206.37.35.3
 
 
com.puppycrawl.tools Checkstyle Incomplete Fix CVE-2019-9658 xml external entity reference0.06CVE-2019-10782
01/30/20201.81.91.6
 
 
BitDefender Antivirus BDLDaemon access control0.05CVE-2020-8092
01/30/20205.24.36.1
 
 
JetBrains YouTrack Issue Description cross site scripting0.05CVE-2020-7913

Interested in the pricing of exploits?

See the underground prices here!