CVSSv3 07/02/2020info

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1599546.36.3
 
 
 
Everywhere CMS sql injection0.07
1576427.56.38.8
 
 
Apache Guacamole RDP memory corruption0.07CVE-2020-9498
1576415.44.36.5
 
 
Apache Guacamole RDP information disclosure0.02CVE-2020-9497
1576407.56.38.8
 
 
UniFi Protect command injection0.06CVE-2020-8188
1576395.44.36.5
 
 
Ruby on Rails resource consumption0.05CVE-2020-8185
1576385.36.54.1
 
 
Nextcloud Deck Access Control access control0.01CVE-2020-8179
1576375.24.36.1
 
 
koa-shopify-auth enable_cookies cross site scripting0.00CVE-2020-8176
1576364.34.34.3
 
 
Ruby on Rails cross-site request forgery0.04CVE-2020-8166
1576358.07.38.8
 
 
Ruby on Rails render code injection0.07CVE-2020-8163
1576347.25.88.6
 
 
Rack Directory information disclosure0.02CVE-2020-8161
1576337.57.37.8
 
 
Nexacro14-17 ExtCommonApiV13 Registry input validation0.03CVE-2020-7821
1576327.57.37.8
 
 
Nexacro14-17 ExtCommonApiV13 Library API input validation0.06CVE-2020-7820
1576315.53.77.3
 
 
Nginx Controller Kubernetes Package Download HTTP missing encryption0.03CVE-2020-5911
1576307.47.37.5
 
 
Nginx Controller NATS Messaging System improper authentication0.07CVE-2020-5910
1576295.96.35.4
 
 
Nginx Controller User Interface certificate validation0.00CVE-2020-5909
1576288.57.39.8
 
 
PrestaShop Authentication improper authentication0.04CVE-2020-4074
1576273.63.53.7
 
 
October Froala Richeditor Reflected cross site scripting0.00CVE-2020-4061
1576265.75.36.1
 
 
Cisco Unified Communications Manager Web-based Management Interface cross site scripting0.04CVE-2020-3282
1576254.43.55.4
 
 
Link Column Plugin Permission Stored cross site scripting0.00CVE-2020-2219
1576243.33.33.3
 
 
HP ALM Quality Center Plugin Global Configuration credentials storage0.03CVE-2020-2218
1576235.24.36.1
 
 
Compatibility Action Storage Plugin MongoDB Test Connection Reflected cross site scripting0.02CVE-2020-2217
1576225.36.34.3
 
 
Zephyr for JIRA Test Management Plugin Permission Check improper authorization0.04CVE-2020-2216
1576214.34.34.3
 
 
Zephyr for JIRA Test Management Plugin cross-site request forgery0.08CVE-2020-2215
1576206.06.55.4
 
 
ZAP Pipeline Plugin CSP cross site scripting0.00CVE-2020-2214
1576194.34.34.3
 
 
White Source Plugin Global Configuration config.xml credentials storage0.00CVE-2020-2213
1576184.34.34.3
 
 
GitHub Coverage Reporter Plugin Global Configuration credentials storage0.00CVE-2020-2212
1576177.56.38.8
 
 
ElasticBox Jenkins Kubernetes CI-CD Plugin YAML Parser deserialization0.02CVE-2020-2211
1576164.03.74.3
 
 
Stash Branch Parameter Plugin Credentials cleartext transmission0.02CVE-2020-2210
1576154.34.34.3
 
 
Jenkins TestComplete Support Plugin config.xml credentials storage0.05CVE-2020-2209
1576144.34.34.3
 
 
Slack Upload Plugin config.xml credentials storage0.04CVE-2020-2208
1576135.24.36.1
 
 
VncViewer Plugin checkVncServ Reflected cross site scripting0.00CVE-2020-2207
1576125.24.36.1
 
 
VncRecorder Plugin checkVncServ Reflected cross site scripting0.02CVE-2020-2206
1576113.62.44.8
 
 
VncRecorder Plugin Validation Endpoint checkVncServ Stored cross site scripting0.00CVE-2020-2205
1576105.96.35.4
 
 
Fortify on Demand Plugin Demand Endpoint improper authorization0.07CVE-2020-2204
1576094.34.34.3
 
 
Fortify on Demand Plugin Demand Endpoint cross-site request forgery0.00CVE-2020-2203
1576084.34.34.3
 
 
Fortify on Demand Plugin Permission Check Credentials improper authorization0.00CVE-2020-2202
1576074.43.55.4
 
 
Sonargraph Integration Plugin Stored cross site scripting0.00CVE-2020-2201
1576067.47.37.5
 
 
LibRaw unpack_thumb.cpp input validation0.05CVE-2020-15503
1576055.94.37.5
 
 
DuckDuckGo App duckduckgo.com information disclosure0.00CVE-2020-15502
1576042.32.32.3
 
 
QEMU MemoryRegionOps null pointer dereference0.09CVE-2020-15469

Do you know our Splunk app?

Download it now for free!