CVSSv3 July 2020info

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index »

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

PublishedBaseVDBNVDVendResVulnerabilityCTICVE
07/31/20204.02.45.7
 
 
VMware Tanzu Application Service for VMs App Autoscaler Credentials information disclosure0.03CVE-2020-5414
07/31/20208.57.39.8
 
 
VMware Spring Kryo Codec deserialization0.05CVE-2020-5413
07/31/20207.56.38.8
 
 
VMware GemFire/Tanzu GemFire for VMs JMX Service access control0.11CVE-2020-5396
07/31/20208.17.88.4
 
 
RSA MFA Agent authentication bypass0.06CVE-2020-5384
07/31/20206.35.07.7
 
 
tgstation-server permission assignment0.05CVE-2020-16136
07/31/20208.07.38.8
 
 
Sonatype Nexus Repository Manager permission assignment0.06CVE-2020-15871
07/31/20205.24.36.1
 
 
Sonatype Nexus Repository Manager cross site scripting0.07CVE-2020-15870
07/31/20204.84.35.4
 
 
Sonatype Nexus Repository Manager cross site scripting0.06CVE-2020-15869
07/31/20205.73.48.0
 
 
Faye Certificate Verification Connection#start_tls certificate validation0.05CVE-2020-15134
07/31/20205.73.48.0
 
 
faye-websocket Certificate Verification Client certificate validation0.09CVE-2020-15133
07/31/20204.73.46.1
 
 
October CMS Cookie cookie validation0.05CVE-2020-15128
07/31/20206.26.75.7
 
 
grub2 ext Filesystem heap-based overflow0.03CVE-2020-14311
07/31/20206.26.75.7
 
 
grub2 read_section_as_string heap-based overflow0.05CVE-2020-14310
07/31/20206.45.37.5
 
 
FlexNet Publisher Web Portal lmadmin.exe information disclosure0.02CVE-2020-12081
07/31/20207.66.39.0
 
 
VMware GemFire/Tanzu GemFire for VMs JMX Service deserialization0.06CVE-2019-11286
07/31/20205.44.36.5
 
 
Huawei P30 input validation0.06CVE-2020-9249
07/31/20205.44.26.7
 
 
Huawei FusionComput Authorization authorization0.04CVE-2020-9248
07/31/20206.85.37.5
 
7.5Inductive Automation Ignition authorization0.00CVE-2020-14520
07/31/20205.55.35.8
 
 
Ansible Tower API User information exposure0.01CVE-2020-14337
07/31/20206.33.88.8
 
 
Red Hat Satellite Cache File access control0.06CVE-2020-14334
07/31/20208.67.49.9
 
 
Red Hat OpenStack Platform Virtual Machine nova_libvirt access control0.00CVE-2020-10731
07/31/20208.57.39.8
 
 
Qualcomm PLC Firmware HPAV2 cryptographic issues0.06CVE-2020-3681
07/31/20206.36.36.3
 
 
Cisco Data Center Network Manager Web-based Management Interface sql injection0.11CVE-2020-3462
07/31/20205.35.35.3
 
 
Cisco Data Center Network Manager Web-based Management Interface missing authentication0.04CVE-2020-3461
07/31/20205.05.34.7
 
 
Cisco Data Center Network Manager Web-based Management Interface cross site scripting0.02CVE-2020-3460
07/31/20207.56.38.8
 
 
Cisco Data Center Network Manager REST API Endpoint improper authorization0.04CVE-2020-3386
07/31/20207.26.38.2
 
 
Cisco Data Center Network Manager REST API Endpoint incomplete blacklist0.01CVE-2020-3384
07/31/20207.56.38.8
 
 
Cisco Data Center Network Manager Archive Utility input validation0.05CVE-2020-3383
07/31/20208.57.39.8
 
 
Cisco Data Center Network Manager REST API hard-coded credentials0.02CVE-2020-3382
07/31/20206.36.36.3
 
 
Cisco Data Center Network Manager Device Manager Application os command injection0.00CVE-2020-3377
07/31/20207.37.37.3
 
 
Cisco Data Center Network Manager Device Manager Application missing authentication0.04CVE-2020-3376
07/31/20208.57.39.8
 
 
Cisco SD-WAN Solution memory corruption0.01CVE-2020-3375
07/31/20208.16.39.9
 
 
Cisco SD-WAN vManage Web-based Management Interface improper authorization0.05CVE-2020-3374
07/30/20204.84.87.8
 
 
Apple iTunes WebKit Web Inspector command injection0.00CVE-2020-9862
07/30/20206.36.35.3
 
 
Apple iTunes WebKit Page Loading authentication spoofing0.15CVE-2020-9916
07/30/20205.35.38.8
 
 
Apple iTunes WebKit privileges management0.08CVE-2020-9910
07/30/20206.36.39.8
 
 
Apple iTunes WebKit use after free0.02CVE-2020-9895
07/30/20206.36.38.8
 
 
Apple iTunes WebKit use after free0.07CVE-2020-9893
07/30/20204.34.36.1
 
 
Apple iTunes WebKit Universal cross site scriting0.15CVE-2020-9925
07/30/20206.36.36.5
 
 
Apple iTunes WebKit CSP privileges management0.08CVE-2020-9915

Might our Artificial Intelligence support you?

Check our Alexa App!