CVSSv3 12/10/2020info

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1659856.36.3
 
 
 
Sympa SOAP API authenticateAndRun access control0.00CVE-2020-29668
1659843.13.1
 
 
 
Lan ATMService M3 ATM Monitoring System Session session expiration0.00CVE-2020-29667
1659834.34.3
 
 
 
Lan ATMService M3 ATM Monitoring System Log File log file0.06CVE-2020-29666
1659824.43.55.4
 
 
GitLab Community Edition/Enterprise Edition Project Import cross site scripting0.05CVE-2020-26407
1659813.53.5
 
 
 
Adobe Experience Manager/AEM Forms add-on Form cross site scripting0.23CVE-2020-24445
1659806.36.3
 
 
 
Adobe Experience Manager/AEM Forms add-on server-side request forgery0.08CVE-2020-24444
1659794.34.3
 
 
 
Symantec Messaging Gateway Web UI information disclosure0.06CVE-2020-12595
1659788.88.8
 
 
 
Symantec Messaging Gateway CLI access control0.05CVE-2020-12594
1659762.32.3
 
 
 
python-apt arfile.cc release of resource0.00CVE-2020-27351
1659755.35.3
 
 
 
APT deb Package extracttar.cc integer overflow0.05CVE-2020-27350
1659744.83.56.1
 
 
Music Music Station cross site scripting0.00CVE-2020-2494
1659734.83.56.1
 
 
QNAP Multimedia Console cross site scripting0.00CVE-2020-2493
1659724.83.56.1
 
 
QNAP QTS Photo Station cross site scripting0.06CVE-2020-2491
1659715.35.3
 
 
 
WAGO PLC 750-88x/PLC 750-352 resource consumption0.08CVE-2020-12516
1659705.05.0
 
 
 
McAfee Database Security Server Sensor SHA1 Certificate certificate validation0.00CVE-2020-7339
1659694.83.56.1
 
 
Online Examination System feedback.php cross site scripting0.09CVE-2020-29259
1659684.83.56.1
 
 
Online Examination System index.php cross site scripting0.00CVE-2020-29258
1659674.83.56.1
 
 
Online Examination System feedback.php cross site scripting0.00CVE-2020-29257
1659666.04.67.5
 
 
pass Git Repository improper authentication0.00CVE-2020-28086
1659654.34.3
 
 
 
synapse Synapse Event send_join denial of service0.00CVE-2020-26257
1659646.36.3
 
 
 
TOTOLINK A3002RU os command injection0.00CVE-2020-25499
1659635.55.5
 
 
 
Artifex MuPDF newband_writer use after free0.00CVE-2020-16600
1659625.03.56.5
 
 
GNU Binutils _bfd_elf_get_symbol_version_string null pointer dereference0.15CVE-2020-16599
1659614.53.55.5
 
 
GNU Binutils debug_get_real_type null pointer dereference0.00CVE-2020-16598
1659604.53.55.5
 
 
GNU Binutils scan_unit_for_symbols denial of service0.07CVE-2020-16593
1659595.55.55.5
 
 
GNU Binutils bfd_hash_lookup use after free0.07CVE-2020-16592
1659584.53.55.5
 
 
GNU Binutils process_symbol_table denial of service0.07CVE-2020-16591
1659575.55.55.5
 
 
GNU Binutils File Descriptor process_symbol_table double free0.00CVE-2020-16590
1659564.53.55.5
 
 
Academy Software Foundation OpenEXR EXR File ImfTiledOutputFile.cpp writeTileData heap-based overflow0.00CVE-2020-16589
1659554.53.55.5
 
 
Academy Software Foundation OpenEXR EXR File makePreview.cpp generatePreview null pointer dereference0.05CVE-2020-16588
1659544.53.55.5
 
 
Academy Software Foundation OpenEXR EXR File ImfMultiPartInputFile.cpp chunkOffsetReconstruction heap-based overflow0.10CVE-2020-16587
1659538.88.8
 
 
 
Macrium Reflect openssl.cnf access control0.00CVE-2020-10143
1659527.37.3
 
 
 
react-adal JWT Token authentication spoofing0.00CVE-2020-7787
1659513.53.5
 
 
 
PHPOffice PhpSpreadsheet Excel File cross site scripting0.00CVE-2020-7776
1659506.65.57.8
 
 
Linux Kernel tty Subsystem tty_jobctrl.c use after free0.00CVE-2020-29661
1659496.65.57.8
 
 
Linux Kernel Locking tty_io.c use after free0.38CVE-2020-29660
1659486.36.3
 
 
 
Flexense DupScout Enterprise Web Server settings buffer overflow0.06CVE-2020-29659
1659478.17.29.1
 
 
SAP Business Warehouse/BW4HANA os command injection0.00CVE-2020-26838
1659467.76.39.1
 
 
SAP Solution Manager User Experience Monitoring path traversal0.05CVE-2020-26837
1659454.73.46.1
 
 
SAP Solution Manager Trace Analysis redirect0.05CVE-2020-26836
1659445.24.36.1
 
 
SAP NetWeaver AS ABAP cross site scripting0.05CVE-2020-26835
1659435.25.05.4
 
 
Valid HANA Database SAML improper authentication0.07CVE-2020-26834
1659426.14.77.6
 
 
SAP AS ABAP/S4 HANA Landscape Transformation authorization0.05CVE-2020-26832
1659418.57.49.6
 
 
SAP BusinessObjects BI Platform Crystal Report server-side request forgery0.09CVE-2020-26831
1659407.26.38.1
 
 
SAP Solution Manager User Experience Monitoring access control0.05CVE-2020-26830
1659398.67.310.0
 
 
SAP NetWeaver AS JAVA improper authentication0.08CVE-2020-26829
1659386.56.56.4
 
 
SAP Disclosure Management Spreadsheet unrestricted upload0.08CVE-2020-26828

Interested in the pricing of exploits?

See the underground prices here!