CVSSv3 11/19/2020info

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1651797.65.59.8
 
 
OpenWrt libuci file.c uci_parse_package use after free0.05CVE-2020-28951
1651786.65.57.8
 
 
Archive_Tar Filename injection0.00CVE-2020-28949
1651776.65.57.8
 
 
Archive_Tar PHAR deserialization0.07CVE-2020-28948
1651764.43.35.5
 
 
Linux Kernel Speakup Driver spk_ttyio.c denial of service0.06CVE-2020-28941
1651755.02.67.5
 
 
Rclone entropy0.07CVE-2020-28924
1651744.55.53.5
 
 
ZTE ZXHN Z500/ZXHN F670L Rule Configuration input validation0.00CVE-2020-6879
1651734.83.56.1
 
 
MISP Template Element cross site scripting0.07CVE-2020-28947
1651724.54.64.3
 
 
PrimeKey EJBCA EJBCA Enrollment improper authorization0.00CVE-2020-28942
1651714.43.55.3
 
 
Moodle Participants Table Download insertion of sensitive information into sent data0.00CVE-2020-25703
1651704.83.56.1
 
 
Moodle cross site scripting0.06CVE-2020-25702
1651695.45.55.3
 
 
Moodle Upload Course Tool access control0.00CVE-2020-25701
1651686.05.56.5
 
 
Moodle Database Module Web Service sql injection0.20CVE-2020-25700
1651676.55.57.5
 
 
Moodle Capability Check access control0.08CVE-2020-25699
1651666.55.57.5
 
 
Moodle User Enrollment access control0.05CVE-2020-25698
1651654.83.56.1
 
 
YzmCMS Editor cross site scripting0.00CVE-2020-22394
1651648.88.8
 
 
 
TwinCAT XAR TcSysUI.exe default permission0.07CVE-2020-12510
1651634.34.3
 
 
 
Endress+Hauser Ecograph T information disclosure0.00CVE-2020-12496
1651627.37.3
 
 
 
Endress+Hauser Ecograph T Web-based User Interface Private privileges management0.05CVE-2020-12495
1651615.86.35.3
 
 
Johnson Controls American Dynamics Victor Web Client HTTP API improper authorization0.05CVE-2020-9049
1651604.43.55.4
 
 
IBM Jazz Reporting Service Web UI cross site scripting0.00CVE-2020-4718
1651597.87.87.8
 
 
IBM DB2/DB2 Connect Server buffer overflow0.00CVE-2020-4701
1651586.96.37.5
 
 
JamoDat TSMManager Collector authorization0.00CVE-2020-28054
1651577.65.59.8
 
 
com.oppo.ovoicemanager permission0.00CVE-2020-11831
1651567.65.59.8
 
 
com.oppo.qualityprotect unknown vulnerability0.00CVE-2020-11830
1651557.65.59.8
 
 
com.coloros.codebook Backup/Restore SDK privileges management0.27CVE-2020-11829
1651547.37.37.4
 
 
Nextcloud Social Server Certificate certificate validation0.00CVE-2020-8279
1651535.45.55.3
 
 
Nextcloud Social App access control0.07CVE-2020-8278
1651525.53.57.5
 
 
Node.js DNS Request resource consumption0.05CVE-2020-8277
1651515.05.64.3
 
 
F5 BIG-IP/BIG-IP Virtual Edition TCP Sequence Number random values0.05CVE-2020-5947
1651505.75.36.1
 
 
PulseAudio Bluez module-bluez5-device.c double free0.13CVE-2020-15710
1651498.06.39.8
 
 
InfluxDB JWT Token handler.go improper authentication0.05CVE-2019-20933
1651488.57.39.8
 
 
Cisco DNA Spaces Connector Web-based Management Interface os command injection0.06CVE-2020-3586
1651478.57.39.8
 
 
Cisco IoT Field Network Director REST API missing authentication0.07CVE-2020-3531
1651466.97.36.5
 
 
Cisco Expressway Software TURN Server access control0.00CVE-2020-3482
1651456.46.36.5
 
 
Cisco Webex Meetings/WebEx Meetings Server Connection input validation0.07CVE-2020-3471
1651449.89.89.8
 
 
Cisco Integrated Management Controller API Subsystem memory corruption0.06CVE-2020-3470
1651434.84.35.3
 
 
Cisco Webex Meetings/WebEx Meetings Server Meeting Room Lobby information disclosure0.06CVE-2020-3441
1651427.35.69.1
 
 
Cisco Webex Meetings/WebEx Meetings Server Authentication Token dynamically-managed code resources0.06CVE-2020-3419
1651416.76.37.2
 
 
Trend Micro InterScan Web Security Virtual Appliance HTTP Message ModifyVLANItem os command injection0.00CVE-2020-28581
1651406.76.37.2
 
 
Trend Micro InterScan Web Security Virtual Appliance HTTP Message AddVLANItem os command injection0.00CVE-2020-28580
1651397.56.38.8
 
 
Trend Micro InterScan Web Security Virtual Appliance HTTP Message out-of-bounds write0.07CVE-2020-28579
1651388.57.39.8
 
 
Trend Micro InterScan Web Security Virtual Appliance HTTP Message out-of-bounds write0.00CVE-2020-28578
1651377.47.37.5
 
 
Trend Micro Worry-Free Business Security Management Console path traversal0.07CVE-2020-28574
1651366.65.57.8
 
 
Trend Micro Apex One Product Installer access control0.18CVE-2020-28572
1651356.55.37.8
 
 
Trend Micro Security 2020 Installation symlink0.07CVE-2020-27697
1651347.87.87.8
 
 
Trend Micro Security 2020 Installation untrusted search path0.11CVE-2020-27696
1651336.55.37.8
 
 
Trend Micro Security 2020 Installation untrusted search path0.10CVE-2020-27695
1651326.36.3
 
 
 
semantic-release URL escape output0.06CVE-2020-26226
1651315.85.56.1
 
 
Jupyter Notebook Link redirect0.14CVE-2020-26215
1651304.43.55.4
 
 
grocy Add Recipe Module cross site scripting0.07CVE-2020-25454

Interested in the pricing of exploits?

See the underground prices here!