CVSSv3 05/21/2021

CVSSv3 Base »

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp »

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB »

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD »

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

Vendor »

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research »

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDVendResVulnerabilityCTICVE
1754716.36.3
 
 
 
Synology DiskStation Manager Netatalk heap-based overflow0.05CVE-2021-31439
1754709.89.8
 
 
 
SolarWinds Network Performance Monitor deserialization2.21CVE-2021-31474
1754696.36.3
 
 
 
Foxit Reader browseForDoc out-of-bounds write0.00CVE-2021-31473
1754686.36.3
 
 
 
SolarWinds Orion Job Scheduler JobRouterService WCF Service permission assignment0.32CVE-2021-31475
1754675.05.0
 
 
 
Zope Module path traversal0.05CVE-2021-32633
1754668.88.8
 
 
 
Linux Kernel eBPF calculation0.28CVE-2021-31440
1754653.83.8
 
 
 
STMicroelectronics STM32L4 access control0.00CVE-2021-29414
1754641.81.8
 
 
 
Nordic Semiconductor nRF52840 Boot injection0.09CVE-2020-27211
1754632.62.6
 
 
 
STMicroelectronics STM32L4 RDP Level injection0.00CVE-2020-27212
1754622.62.6
 
 
 
SoloKeys Solo/Somu RDP Level initialization0.00CVE-2020-27208
1754612.62.6
 
 
 
ARM TrustZone CryptoCell 310 NordicSemiconductor nRF52840 information disclosure0.00CVE-2021-29415
1754602.62.6
 
 
 
Nitrokey FIDO U2F Firmware cleartext transmission0.00CVE-2020-12061
1754596.36.3
 
 
 
QNAP QTS/QuTS Hero path traversal0.28CVE-2021-28798
1754584.34.3
 
 
 
Linaro Trusted Firmware-M Cryptographic Library abort memory leak0.05CVE-2021-32032
1754573.53.5
 
 
 
Plone CMS File Upload cross site scripting0.05CVE-2021-3313
1754562.42.4
 
 
 
Pajbot cross-site request forgery0.05CVE-2021-32632
1754553.53.5
 
 
 
Zoho ManageEngine ADSelfService Plus directory-search cross site scripting0.09CVE-2021-27956
1754543.53.5
 
 
 
OpenNMS Horizon/OpenNMS Meridian validateFormInput cross site scripting0.00CVE-2021-25933
1754533.53.5
 
 
 
OpenNMS Horizon/OpenNMS Meridian updateUser cross-site request forgery0.05CVE-2021-25931
1754523.53.5
 
 
 
OpenNMS Horizon/OpenNMS Meridian cross-site request forgery0.05CVE-2021-25930
1754513.53.5
 
 
 
OpenNMS Horizon/OpenNMS Meridian cross site scripting0.00CVE-2021-25929
1754502.62.6
 
 
 
DoraCMS random values0.05CVE-2020-18220
1754494.34.3
 
 
 
slapi-nis Binding DN null pointer dereference0.00CVE-2021-3480
1754485.55.5
 
 
 
libyang lys_node_free assertion0.05CVE-2021-28905
1754473.53.5
 
 
 
libyang lyxml_parse_mem denial of service0.00CVE-2021-28903
1754464.94.9
 
 
 
Emerson Rosemount X-STREAM Gas Analyzer Web Interface improper restriction of rendered ui layers0.00CVE-2021-27467
1754453.53.5
 
 
 
Emerson Rosemount X-STREAM Gas Analyzer Webpage cross site scripting0.00CVE-2021-27465
1754445.55.5
 
 
 
Emerson Rosemount X-STREAM Gas Analyzer Webserver path traversal0.00CVE-2021-27461
1754435.55.5
 
 
 
Emerson Rosemount X-STREAM Gas Analyzer Webserver unrestricted upload0.05CVE-2021-27459
1754423.13.1
 
 
 
Emerson Rosemount X-STREAM Gas Analyzer inadequate encryption0.00CVE-2021-27457
1754415.55.5
 
 
 
OPC Foundation OPC UA Client/Server SDK Bundle Recursion stack-based overflow0.00CVE-2021-27434
1754405.55.5
 
 
 
OPC Foundation UA .NET Standard/UA .NET Legacy Recursion stack-based overflow0.09CVE-2021-27432
1754396.36.3
 
 
 
dns-packet buffer overflow0.55CVE-2021-23386
1754382.62.6
 
 
 
Huawei ManageOne Module denial of service0.00CVE-2021-22409
1754373.53.5
 
 
 
Huawei ManageOne Verification denial of service0.05CVE-2021-22339
1754363.53.5
 
 
 
Halo Post Publish cross site scripting0.14CVE-2020-21345
1754352.62.6
 
 
 
Bouncy Castle BC Java/BC C#/BC-FJA/BC-FNA EC Math Library timing discrepancy0.34CVE-2020-15522
1754343.53.5
 
 
 
Red Hat WildFly Domain Mode cross site scripting0.05CVE-2021-3536
1754336.66.6
 
 
 
homee Brain Cube USB Firmware Update Local Privilege Escalation0.09CVE-2020-24395
1754323.53.5
 
 
 
libyang read_yin_leaf denial of service0.10CVE-2021-28906
1754313.53.5
 
 
 
libyang ext_get_plugin denial of service0.44CVE-2021-28904
1754303.53.5
 
 
 
libyang read_yin_container denial of service0.00CVE-2021-28902
1754294.34.3
 
 
 
Emerson Rosemount X-STREAM Gas Analyzer Session Cookie information disclosure0.00CVE-2021-27463
1754282.62.6
 
 
 
micro-ecc Library ECDSA information exposure0.00CVE-2020-27209
1754274.34.3
 
 
 
homee Brain Cube Firmware Image cleartext storage0.05CVE-2020-24396
1754265.55.5
 
 
 
HP LaserJet Software Driver buffer overflow0.23CVE-2021-3438
1754256.36.3
 
 
 
rxvt-unicode/rxvt/mrxvt/Eterm Escape injection0.19CVE-2021-33477
1754244.34.3
 
 
 
ownCloud API Endpoint information disclosure0.00CVE-2021-29659
1754236.36.3
 
 
 
Envoy HTTP2 Metadata assertion0.00CVE-2021-29258
1754224.34.3
 
 
 
Envoy TLS null pointer dereference0.05CVE-2021-28683

Might our Artificial Intelligence support you?

Check our Alexa App!