CVSSv3 01/27/2022

CVSSv3 Base

≤10
≤20
≤30
≤43
≤55
≤67
≤76
≤81
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤43
≤55
≤67
≤76
≤83
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤46
≤54
≤64
≤75
≤85
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤42
≤52
≤63
≤71
≤83
≤92
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1917653.53.5
 
 
 
 
Zoho ManageEngine ServiceDesk Plus Secondary Email cross site scripting0.04CVE-2021-46065
1917645.55.5
 
 
 
 
Solana rBPF elf.rs relocate integer overflow0.03CVE-2021-46102
1917634.74.7
 
 
 
 
Zabbix Application Server Privilege Escalation0.07CVE-2021-46088
1917626.36.3
 
 
 
 
cszcms Front-End Member.php#viewUser sql injection0.05CVE-2021-46377
1917616.36.3
 
 
 
 
Dolphinphp common.php#action_log Privilege Escalation0.03CVE-2021-46097
1917603.93.5
 
4.3
 
 
pimcore cross site scripting0.00CVE-2022-0348
1917596.37.3
 
5.3
 
 
Kron Single Connect sc-assigned-credential-ui authorization0.05CVE-2021-44795
1917585.35.3
 
5.3
 
 
Kron Single Connect sc-diagnostic-ui authorization0.03CVE-2021-44794
1917576.95.3
 
8.6
 
 
Kron Single Connect sc-reports-ui authorization0.04CVE-2021-44793
1917565.35.3
 
5.3
 
 
Kron Single Connect log-monitor authorization0.08CVE-2021-44792
1917553.53.5
 
 
 
 
Stormshield SNS Proxy denial of service0.00CVE-2021-28096
1917544.54.5
 
 
 
 
Apache Tomcat Fix CVE-2020-9484 toctou0.11CVE-2022-23181
1917534.34.3
 
 
 
 
Synametrics SynaMan resource injection0.03CVE-2022-22828
1917524.93.5
 
6.3
 
 
livehelperchat cross site scripting0.04CVE-2022-0387
1917515.53.5
 
7.6
 
 
crater-invoice cross site scripting0.03CVE-2022-0372
1917505.33.5
 
7.1
 
 
livehelperchat cross site scripting0.00CVE-2022-0370
1917056.86.3
 
7.3
 
 
SharpZipLib path traversal0.03CVE-2021-32840
1917045.77.3
 
4.0
 
 
SharpZipLib File Creation path traversal0.03CVE-2021-32842
1917035.77.3
 
4.0
 
 
SharpZipLib File Creation path traversal0.00CVE-2021-32841
1917027.56.3
 
8.8
 
 
Gerapy os command injection0.04CVE-2021-32849
1917014.34.3
 
4.3
 
 
Nextcloud App default permission0.04CVE-2021-41166
1917008.27.3
 
9.1
 
 
PJSIP SIP Message out-of-bounds read0.05CVE-2022-21723
1916998.27.3
 
9.1
 
 
PJSIP RTP/RTCP out-of-bounds read0.06CVE-2022-21722
1916986.36.3
 
 
 
 
TightVNC vncviewer rfbproto.c InitialiseRFBConnection heap-based overflow0.07CVE-2022-23967

Might our Artificial Intelligence support you?

Check our Alexa App!