CVSSv3 March 2020info

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

PublishedBaseVDBNVDVendResVulnerabilityCTICVE
03/31/20207.56.38.8
 
 
Google Chrome Media out-of-bounds write0.04CVE-2020-6452
03/31/20207.56.38.8
 
 
Google Chrome WebAudio use after free0.01CVE-2020-6451
03/31/20207.56.38.8
 
 
Google Chrome WebAudio use after free0.00CVE-2020-6450
03/31/20208.57.39.8
 
 
Elasticsearch API Key Generation privileges assignment0.05CVE-2020-7009
03/31/20208.16.59.8
 
 
LifterLMS Plugin unrestricted upload0.04CVE-2020-6008
03/31/20207.27.37.0
 
 
Dell EMC iDRAC7/iDRAC8/iDRAC9 stack-based overflow0.04CVE-2020-5344
03/31/20207.66.58.7
 
 
Leantime sql injection0.05CVE-2020-5292
03/31/20207.47.57.2
 
 
Bubblewrap Permission Local Privilege Escalation0.03CVE-2020-5291
03/31/20208.88.88.8
 
 
IBM Spectrum Protect Plus os command injection0.04CVE-2020-4242
03/31/20208.88.88.8
 
 
IBM Spectrum Protect Plus os command injection0.04CVE-2020-4241
03/31/20206.97.36.5
 
 
IBM Spectrum Protect Plus path traversal0.04CVE-2020-4240
03/31/20205.35.35.3
 
 
IBM Tivoli Netcool Impact Error Message information disclosure0.06CVE-2020-4239
03/31/20207.56.38.8
 
 
IBM Tivoli Netcool Impact cross-site request forgery0.04CVE-2020-4238
03/31/20207.56.38.8
 
 
IBM Tivoli Netcool Impact cross-site request forgery0.06CVE-2020-4237
03/31/20205.44.36.5
 
 
IBM Tivoli Netcool Impact input validation0.04CVE-2020-4236
03/31/20204.74.15.4
 
 
IBM Tivoli Netcool Impact Web UI cross site scripting0.04CVE-2020-4235
03/31/20207.06.57.5
 
 
IBM Spectrum Protect Plus input validation0.01CVE-2020-4214
03/31/20208.57.39.8
 
 
IBM Spectrum Protect Plus hard-coded credentials0.01CVE-2020-4208
03/31/20208.88.88.8
 
 
IBM Spectrum Protect Plus input validation0.05CVE-2020-4206
03/31/20206.65.57.8
 
 
systemd Polkit Query use after free1.19CVE-2020-1712
03/31/20205.24.36.1
 
 
phpMyAdmin Error Page Reflected injection0.00CVE-2020-11441
03/31/20207.47.37.5
 
 
Progress Telerik UI for Silverlight RadUpload RadUploadHandler path traversal0.05CVE-2020-11414
03/31/20207.56.38.8
 
 
FasterXML jackson-databind Serialized deserialization0.04CVE-2020-11113
03/31/20207.56.38.8
 
 
FasterXML jackson-databind Serialized deserialization0.15CVE-2020-11112
03/31/20207.56.38.8
 
 
FasterXML jackson-databind Serialized deserialization0.00CVE-2020-11111
03/31/20207.56.38.8
 
 
Buildah Container Image path traversal0.01CVE-2020-10696
03/31/20208.57.39.8
 
 
pam-krb5 Kerberos buffer overflow0.01CVE-2020-10595
03/31/20204.65.04.2
 
 
js-bson BSON Serialized deserialization0.04CVE-2019-2391
03/31/20206.55.77.3
 
 
Ansible Engine nxos_file_copy Module input validation0.00CVE-2019-14905
03/31/20205.25.64.8
 
 
Moodle OAuth2 improper authentication0.13CVE-2019-14880
03/31/20204.84.35.4
 
 
ZyXEL XGS2210-52HP rpSys.html Stored cross site scripting0.04CVE-2019-13495
03/31/20203.03.52.4
 
 
pki-core Token Processing Service Stored cross site scripting0.04CVE-2019-10180
03/30/20203.63.33.9
 
 
Versiant LYNX Customer Service Portal Stored cross site scripting0.00CVE-2020-9055
03/30/20206.45.37.5
 
 
Zoho ManageEngine Desktop Central PDFGenerationServlet information disclosure0.06CVE-2020-8509
03/30/20209.89.89.8
 
 
http-client request smuggling0.06CVE-2020-7611
03/30/20209.89.89.8
 
 
bson deserialization0.04CVE-2020-7610
03/30/20205.44.36.5
 
 
com.gradle.plugin-publish Log File log file0.04CVE-2020-7599
03/30/20206.45.37.5
 
 
Grandstream UCM6200 CTI Server sql injection0.01CVE-2020-5726
03/30/20205.65.35.9
 
 
Grandstream UCM6200 HTTP Server sql injection0.06CVE-2020-5725
03/30/20206.45.37.5
 
 
Grandstream UCM6200 HTTP Server sql injection0.01CVE-2020-5724

Do you know our Splunk app?

Download it now for free!