CVSSv3 09/02/2020info

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1608366.36.3
 
 
 
FreeBSD IPv4 DHCP Client Heap-based memory corruption0.19CVE-2020-7461
1608355.55.5
 
 
 
FreeBSD SCTP Socket Use-After-Free memory corruption0.09CVE-2020-7463
1608345.55.5
 
 
 
FreeBSD IPv6 Hop-by-Hop Option Use-After-Free memory corruption0.25CVE-2020-7462
1607646.36.3
 
 
 
D-Link COVR 3902 REVA Telnet Default Credentials weak authentication0.39CVE-2018-20432
1606545.55.55.4
 
 
Clustered Data ONTAP privilege escalation0.15CVE-2020-8576
1606535.53.37.8
 
 
RAONWIZ RAON KUpload KUpload agent File Download information disclosure0.14CVE-2020-7830
1606523.53.57.5
 
 
Trading Technologies Messaging Service Port 10200 ttmd.exe strcpy_s() denial of service0.07CVE-2020-5779
1606515.35.37.5
 
 
Trading Technologies Messaging Service Port 10200 ttmd.exe denial of service0.15CVE-2020-5778
1606505.93.78.1
 
 
Dell EMC ECS DT Object information disclosure0.35CVE-2020-5386
1606496.86.86.8
 
 
Dell Inspiron 7352 BIOS UEFI BIOS Boot Service privilege escalation0.07CVE-2020-5379
1606486.86.86.8
 
 
Dell G7 17 7790 UEFI BIOS Boot Service privilege escalation0.15CVE-2020-5378
1606476.86.86.8
 
 
Dell Inspiron 7347 BIOS UEFI BIOS Boot Services privilege escalation0.15CVE-2020-5376
1606467.56.38.8
 
 
Dell EMC Isilon OneFS/EMC PowerScale OneFS SyncIQ privilege escalation0.14CVE-2020-5369
1606458.27.39.1
 
 
IBM Spectrum Protect Operations Center Export Remote Code Execution0.05CVE-2020-4693
1606444.74.15.4
 
 
IBM Jazz Team Server Web UI cross site scripting0.00CVE-2020-4546
1606434.74.15.4
 
 
IBM Jazz Team Server Web UI cross site scripting0.10CVE-2020-4522
1606424.74.15.4
 
 
IBM Jazz Team Server Web UI cross site scripting0.00CVE-2020-4445
1606415.55.57.8
 
 
Kaspersky Security Center/Security Center Web Console Installer privilege escalation0.28CVE-2020-25045
1606404.64.67.1
 
 
Kaspersky Virus Removal Tool denial of service0.07CVE-2020-25044
1606394.64.67.1
 
 
Kaspersky VPN Secure Connection Installer directory traversal0.14CVE-2020-25043
1606386.95.78.2
 
 
Miller Configuration File Support Code Execution0.15CVE-2020-15167
1606376.75.58.0
 
 
Symfony HttpClient CachingHttpClient Remote Code Execution0.08CVE-2020-15094
1606365.55.58.8
 
 
D-Link DCS-2530L/DCS-2670L ddns_enc.cgi command injection0.08CVE-2020-25079
1606355.35.37.5
 
 
D-Link DCS-2530L/DCS-2670L getuser Password information disclosure0.21CVE-2020-25078
1606343.53.54.3
 
 
sf_event_mgt Extension Access Control information disclosure0.08CVE-2020-25026
1606333.53.54.3
 
 
l10nmgr information disclosure0.15CVE-2020-25025
1606325.55.56.3
 
 
KDE ark Symlink privilege escalation0.10CVE-2020-24654
1606314.34.36.1
 
 
Ignite Realtime Openfire server-properties.jsp Reflected cross site scripting0.37CVE-2020-24604
1606303.53.56.1
 
 
Ignite Realtime Openfire Reflected cross site scripting0.08CVE-2020-24602
1606293.53.56.1
 
 
Ignite Realtime Openfire Stored cross site scripting0.15CVE-2020-24601
1606285.24.36.1
 
 
Google Go CGI cross site scripting0.22CVE-2020-24553
1606277.37.39.8
 
 
ForLogic Qualiex privilege escalation0.33CVE-2020-24030
1606266.36.39.8
 
 
ForLogic Qualiex Password Change privilege escalation0.00CVE-2020-24029
1606255.55.58.8
 
 
ForLogic Qualiex privilege escalation0.00CVE-2020-24028
1606244.34.37.1
 
 
Sourcecodester Stock Management System changeUsername.php cross site request forgery0.11CVE-2020-23830
1606233.53.55.4
 
 
MultiUx SaveMailbox Stored cross site scripting0.00CVE-2020-17458
1606223.13.15.5
 
 
Trusted Firmware mbed TLS ssl_msg.c mbedtls_ssl_decrypt_buf Side-Channel weak encryption0.13CVE-2020-16150
1606216.36.36.5
 
 
Squid Web Proxy Cache Request Smuggling privilege escalation0.11CVE-2020-15811
1606206.36.36.5
 
 
Squid Web Proxy Header Parsing Request Smuggling privilege escalation0.15CVE-2020-15810
1606195.55.58.8
 
 
Dolibarr CRM File Upload Remote Code Execution0.07CVE-2020-14209
1606186.36.39.8
 
 
rebar3 Tool Remote Code Execution0.22CVE-2020-13802
1606174.14.16.1
 
 
Teamwire App Pass-code privilege escalation0.09CVE-2020-12621
1606166.36.39.8
 
 
ZyXEL VMG5313-B30B Privileges privilege escalation0.00CVE-2020-24355
1606156.36.38.1
 
 
Razer Chroma SDK Rest Server Apps privilege escalation0.07CVE-2020-16602
1606144.34.37.5
 
 
Shadankun Server Security Type denial of service0.05CVE-2020-5622
1606134.34.35.3
 
 
FreedomBox mod_status server-status information disclosure0.00CVE-2020-25073

Interested in the pricing of exploits?

See the underground prices here!