CVSSv3 10/16/2020

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1628329.99.9
 
 
 
Linux Kernel KDGKBSENT/KDSKBSENT vt_do_kdgkb_ioctl race condition0.11CVE-2020-25656
1627837.66.58.8
 
 
Anuko Time Tracker CSV Export injection0.00CVE-2020-15255
1627827.75.69.8
 
 
crossbeam-channel from_iter memory corruption0.08CVE-2020-15254
1627817.46.08.8
 
 
XWiki Application Server Servlet code injection0.05CVE-2020-15252
1627803.43.4
 
 
 
containerd insufficiently protected credentials0.00CVE-2020-15157
1627796.35.57.1
 
 
VMware Horizon Client Installation access control0.05CVE-2020-3991
1627788.06.39.8
 
 
Aptean Product Configurator Main Login Page sql injection0.04CVE-2020-26944
1627776.65.57.8
 
 
ClamXAV Helper Tool injection0.05CVE-2020-26893
1627767.15.58.8
 
 
libass ass_outline_construct integer overflow0.00CVE-2020-26682
1627754.43.55.4
 
 
Testimonial Rotator Plugin post.php cross site scripting0.00CVE-2020-26672
1627744.34.3
 
 
 
Magento File Upload cross site scripting0.00CVE-2020-24408
1627734.83.56.1
 
 
OLIMPOKS Error Message cross site scripting0.00CVE-2020-16270
1627726.76.37.2
 
 
Gogs git Hook os command injection0.05CVE-2020-15867
1627716.05.56.5
 
 
Red Hat JBoss EAP Legacy SecurityRealm improper authentication0.06CVE-2020-14299
1627706.76.37.2
 
 
Gitea git Hook os command injection0.07CVE-2020-14144
1627696.84.69.1
 
 
Bender COMTRAXX CP915 improper authorization0.00CVE-2019-19885
1627687.65.59.8
 
 
BASSMIDI Plugin out-of-bounds write0.07CVE-2019-19513
1627675.03.56.5
 
 
BASS Audio Library MP3 File BASS_StreamCreateFile infinite loop0.00CVE-2019-18796
1627666.05.56.5
 
 
BASS Audio Library WAV File BASS_StreamCreateFile out-of-bounds read0.06CVE-2019-18795
1627656.05.56.5
 
 
BASS Audio Library OGG File BASS_StreamCreateFile use after free0.01CVE-2019-18794
1627646.53.59.6
 
 
Mark Text cross site scripting0.00CVE-2020-27176
1627635.53.57.5
 
 
Amazon AWS Firecracker Serial Console memory leak0.00CVE-2020-27174
1627627.75.59.9
 
 
OpenStack blazar-dashboard access control0.00CVE-2020-26943
1627614.83.56.1
 
 
Sage DPW Kurskatalog cross site scripting0.00CVE-2020-26584
1627604.83.56.1
 
 
Sage DPW Expenses Claiming cross site scripting0.00CVE-2020-26583
1627595.94.37.5
 
 
PowerDNS Recursor Cached Record denial of service0.00CVE-2020-25829
1627584.53.55.5
 
 
QEMU ATI VGA Device ati_2d.c ati_2d_blt denial of service0.08CVE-2020-24352
1627575.94.37.5
 
 
vm-superio Serial Console FIFO memory allocation0.00CVE-2020-27173
1627564.83.56.1
 
 
phpRedisAdmin login.php cross site scripting0.00CVE-2020-27163
1627557.15.58.8
 
 
Siemens SIPORT MP Single Sign-On authentication spoofing0.00CVE-2020-7591
1627544.84.35.3
 
 
OTRS Chat Conversation information disclosure0.05CVE-2020-1777
1627534.34.34.3
 
 
Siemens Desigo Insight Web Application information exposure0.00CVE-2020-15794
1627524.84.35.4
 
 
Siemens Desigo Insight X-Frame-Options clickjacking0.00CVE-2020-15793
1627514.34.34.3
 
 
Siemens Desigo Insight Web Service sql injection0.00CVE-2020-15792
1627505.35.35.3
 
 
Atlassian JIRA Server Issue Key ActionsAndOperations permission0.09CVE-2020-14185
1627497.65.59.8
 
 
Eclipse Vert.x Backslash path traversal0.07CVE-2019-17640

Want to stay up to date on a daily basis?

Enable the mail alert feature now!