CVSSv3 01/15/2022

CVSSv3 Base

≤10
≤20
≤33
≤438
≤514
≤628
≤725
≤810
≤91
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤438
≤514
≤629
≤723
≤810
≤91
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤33
≤428
≤527
≤630
≤721
≤89
≤91
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤41
≤50
≤60
≤70
≤86
≤90
≤101

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤31
≤412
≤52
≤65
≤71
≤818
≤90
≤103

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1905823.53.5
 
 
 
 
Checkmk javascript: URL cross site scripting0.00CVE-2020-28919
1905814.34.3
 
 
 
 
Pexip Infinity Call-Setup denial of service0.05CVE-2021-42555
1905804.34.3
 
 
 
 
Pexip Infinity Call-Setup denial of service0.00CVE-2021-35969
1905794.34.3
 
 
 
 
Pexip Infinity H.264 denial of service0.07CVE-2021-33499
1905784.34.3
 
 
 
 
Pexip Infinity H.264 denial of service0.00CVE-2021-33498
1905774.34.3
 
 
 
 
Pexip Infinity RMTP denial of service0.00CVE-2021-32545
1905766.36.3
 
 
 
 
CyberArk Endpoint Privilege Manager Procmon64.exe uncontrolled search path0.06CVE-2021-44049
1905755.55.5
 
 
 
 
Open Design Alliance Drawings SDK JPG File memory corruption0.00CVE-2022-23095
1905744.34.3
 
 
 
 
Crestron HD-MD4X2-4K-E Administrative Web Interface aj.html information disclosure0.00CVE-2022-23178
1905736.36.3
 
 
 
 
China Mobile An Lianbao WF-1 Web Interface mac_addr_clone command injection0.06CVE-2021-33963
1905727.57.5
 
 
 
 
Juniper Junos OS Kernel resource consumption0.04CVE-2022-22161
1905714.34.3
 
 
 
 
Juniper Junos OS CLI information disclosure0.04CVE-2022-22162
1905704.34.3
 
 
 
 
Libreswan IKEv1 Packet ikev1.c null pointer dereference0.05CVE-2022-23094
1905696.36.3
 
 
 
 
Facebook Hermes type confusion0.05CVE-2021-24044
1905684.34.3
 
4.3
 
 
livehelperchat cross-site request forgery0.00CVE-2022-0226
1905673.33.3
 
 
 
 
Google Android Emergency Calling CreateConnectionProcessor.java sortSimPhoneAccountsForEmergency denial of service0.03CVE-2021-39659
1905665.35.3
 
 
 
 
Google Android events.cpp inotify_cb out-of-bounds write0.03CVE-2021-39632
1905655.35.3
 
 
 
 
Google Android adb Shell OverlayManagerService.java executeRequest permission0.04CVE-2021-39630
1905645.35.3
 
 
 
 
Google Android phTmlNfc.cc phTmlNfc_CleanUp use after free0.07CVE-2021-39629
1905635.35.3
 
 
 
 
Google Android LegacyModeSmsHandler.java sendLegacyVoicemailNotification permission0.05CVE-2021-39627
1905625.35.3
 
 
 
 
Google Android Bluetooth Setting ConnectedDeviceDashboardFragment.java onAttach permission0.04CVE-2021-39626
1905616.04.87.3
 
 
 
Google Android EuiccNotificationManager.java showCarrierAppInstallationNotification privileges management0.03CVE-2021-39625
1905607.87.87.8
 
 
 
Google Android GBoard permissions0.08CVE-2021-39622
1905595.35.3
 
 
 
 
Google Android LegacyModeSmsHandler.java sendLegacyVoicemailNotification permission0.03CVE-2021-39621
1905586.34.87.8
 
 
 
Google Android EuiccNotificationManager.java privileges management0.03CVE-2021-39618
1905573.33.3
 
 
 
 
Google Android Bluetooth DevicePickerFragment permission0.03CVE-2021-1037
1905565.35.3
 
 
 
 
Google Android AndroidManifest.xml LocationSettingsActivity improper restriction of rendered ui layers0.07CVE-2021-1036
1905557.87.87.8
 
 
 
Google Android BluetoothDevicePickerPreferenceController.java setLaunchtent external reference0.00CVE-2021-1035
1905546.55.37.8
 
 
 
Google Android jit_memory_region.cc privileges management0.04CVE-2021-0959
1905537.06.3
 
7.8
 
 
Omron CX-One Project File stack-based overflow0.03CVE-2022-21137
1905523.53.5
 
 
 
 
libIEC61850 acse.c AcseConnection_parseMessage null pointer dereference0.03CVE-2021-45769
1905517.06.3
 
7.8
 
 
Adobe Acrobat Reader out-of-bounds read0.03CVE-2021-45060
1905503.84.3
 
3.3
 
 
Adobe Acrobat Reader out-of-bounds read0.07CVE-2021-44742
1905493.84.3
 
3.3
 
 
Adobe Acrobat Reader null pointer dereference0.00CVE-2021-44741
1905483.84.3
 
3.3
 
 
Adobe Acrobat Reader null pointer dereference0.03CVE-2021-44740
1905472.83.1
 
2.5
 
 
Adobe Acrobat Reader Warning Message injection0.06CVE-2021-44714
1905464.94.3
 
5.5
 
 
Adobe Acrobat Reader Format Event Action use after free0.04CVE-2021-44713
1905455.96.3
 
5.5
 
 
Adobe Acrobat Reader buffer overflow0.04CVE-2021-44712
1905444.64.6
 
 
 
 
Ubiquiti UniFi Network injection0.08CVE-2021-44530
1905435.35.3
 
5.3
 
 
Sensormatic Electronics VideoEdge denial of service0.03CVE-2021-36199
1905426.45.3
 
7.5
 
 
colors americanFlag infinite loop0.04CVE-2021-23567
1905413.63.3
 
4.0
 
 
nanoid ID Generator valueOf information disclosure0.03CVE-2021-23566
1905405.55.5
 
 
 
 
Google Android Privilege Escalation0.04CVE-2021-1049
1905392.62.6
 
 
 
 
SAP Enterprise Threat Detection cross site scripting0.05CVE-2022-22529
1905387.87.8
 
 
 
 
Google Android target.c target_init allocation of resources0.06CVE-2021-39684
1905374.24.2
 
 
 
 
Google Android sss_ice_util.c copy_from_mbox out-of-bounds write0.00CVE-2021-39683
1905365.35.3
 
 
 
 
Google Android memory_group_manager.c mgm_alloc_page out-of-bounds write0.00CVE-2021-39682
1905355.35.3
 
 
 
 
Google Android vendor_graphicbuffer_meta.cpp init use after free0.00CVE-2021-39679
1905347.87.8
 
 
 
 
Google Android Factory Reset Protection Local Privilege Escalation0.04CVE-2021-39678
1905335.35.3
 
 
 
 
Google Android eventpoll.c use after free0.03CVE-2021-39634

70 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!