CVSSv3 02/05/2022

CVSSv3 Base

≤10
≤20
≤34
≤46
≤520
≤629
≤733
≤816
≤91
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤46
≤520
≤634
≤730
≤814
≤91
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤36
≤411
≤537
≤617
≤733
≤85
≤90
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤51
≤63
≤70
≤84
≤93
≤101

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤55
≤610
≤719
≤812
≤916
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1924196.44.3
 
8.6
 
 
ptrofimov beanstalk_console cross site scripting0.06CVE-2022-0501
1924187.37.3
 
 
 
 
Backdoor.Win32.Small.er Service Port 5600 backdoor0.05
1924174.84.3
 
5.4
 
 
karma cross site scripting0.07CVE-2022-0437
1924166.36.3
 
 
 
 
Acronis Cyber Protect Home Office/True Image Unsigned Library signature verification0.04CVE-2022-24115
1924155.05.0
 
 
 
 
Acronis Cyber Protect Home Office/True Image Application Startup race condition0.00CVE-2022-24114
1924146.36.3
 
 
 
 
Acronis Cyber Protect Child Process unnecessary privileges0.04CVE-2022-24113
1924133.32.3
 
4.4
 
 
Wire Webapp information disclosure0.00CVE-2022-23605
1924127.65.59.8
 
 
 
UJCMS Jspxcms ?new unrestricted upload0.00CVE-2022-23329
1924116.86.37.3
 
 
 
Acronis Cyber Protect Home Office/True Image Media Builder Service uncontrolled search path0.04CVE-2021-44206
1924106.86.37.3
 
 
 
Acronis Cyber Protect Home Office/True Image uncontrolled search path0.04CVE-2021-44205
1924097.06.37.8
 
 
 
Acronis Cyber Protect Named Pipe improper authorization0.00CVE-2021-44204
1924088.57.3
 
9.8
 
 
Advantech ADAM-3600 hard-coded key0.04CVE-2022-22987
1924077.15.58.8
 
 
 
CA Harvest Software Change Manager CSV Export csv injection0.04CVE-2022-22689
1924067.56.3
 
8.8
 
 
Mirantis Container Cloud Lens Extension URL Validator input validation0.08CVE-2022-0484
1924056.66.35.48.1
 
 
jsdecena laracom unrestricted upload0.09CVE-2022-0472
1924044.34.34.34.3
 
 
silverstripe-framework control flow0.08CVE-2022-0227
1924034.43.5
 
5.4
 
 
XWiki SVG cross site scripting0.00CVE-2021-43841
1924025.55.35.55.8
 
 
GPAC null pointer dereference0.03CVE-2021-4043
1924016.45.3
 
7.5
 
 
ABB SPIET800/PNI800 denial of service0.00CVE-2021-22288
1924006.45.3
 
7.5
 
 
ABB SPIET800/PNI800 denial of service0.08CVE-2021-22286
1923996.45.3
 
7.5
 
 
ABB SPIET800/PNI800 exceptional condition0.04CVE-2021-22285
1923985.75.55.9
 
 
 
Sealevel SeaConnect 370W MQTT URL_decode out-of-bounds write0.00CVE-2021-21971
1923976.85.58.1
 
 
 
Sealevel SeaConnect 370W Global Variable HandleIncomingSeaCloudMessage out-of-bounds write0.00CVE-2021-21970
1923966.85.58.1
 
 
 
Sealevel SeaConnect 370W MQTT Message json_object_get_string out-of-bounds write0.04CVE-2021-21969
1923956.25.07.4
 
 
 
Sealevel SeaConnect 370W OTA Update Task channel accessible0.00CVE-2021-21968
1923944.34.3
 
 
 
 
Sealevel SeaConnect 370W Modbus Configuration denial of service0.07CVE-2021-21964
1923936.36.3
 
 
 
 
AMD Radeon Environment Variable uncontrolled search path0.04CVE-2020-12891
1923922.92.9
 
 
 
 
Sierra Designs/Silicon Labs Z-Wave risky encryption0.04CVE-2013-20003
1923914.34.3
 
 
 
 
Trend Micro Worry-Free Business Security Server Named Pipe out-of-bounds read0.04CVE-2022-23805
1923906.36.3
 
 
 
 
Foxit PDF Reader Javascript Engine memory corruption0.04CVE-2022-22150
1923894.24.3
 
4.0
 
 
go-attestation input validation0.00CVE-2022-0317
1923886.36.3
 
 
 
 
Foxit PDF Reader JavaScript Engine use after free0.00CVE-2021-40420
1923875.94.3
 
7.5
 
 
XWiki cross-site request forgery0.05CVE-2021-32732
1923863.33.3
 
 
 
 
AMD EPYC SEV-ES/SEV-SNP information disclosure0.04CVE-2020-12966
1923853.53.5
 
 
 
 
Argo CD Helm Chart repository.go helmTemplate pathname traversal0.00CVE-2022-24348
1923844.83.7
 
5.9
 
 
Google Tensorflow MLIR-TFRT Infrastructure simplifyBroadcast unusual condition0.04CVE-2022-23593
1923837.26.3
 
8.1
 
 
Google Tensorflow Type Interface out-of-bounds read0.00CVE-2022-23592
1923826.36.3
 
 
 
 
Emlog getblogidsfromtagid sql injection0.04CVE-2022-23379
1923819.59.8
 
9.1
 
 
Ricon Mobile Industrial Cellular Router os command injection0.00CVE-2022-0365
1923803.53.5
 
 
 
 
Micro Focus Voltage SecureMail Mail Relay information disclosure0.00CVE-2021-38130
1923794.84.3
 
5.4
 
 
MongoDB Features Command allocation of resources0.07CVE-2021-32036
1923785.53.7
 
7.4
 
 
Arista EOS eAPI authentication bypass0.04CVE-2021-28503
1923777.36.3
 
8.4
 
 
ABB OPC Server for AC 800M permission assignment0.00CVE-2021-22284
1923764.34.3
 
 
 
 
Sealevel SeaConnect 370W SeaMax Remote Configuration denial of service0.05CVE-2021-21965
1923752.62.6
 
 
 
 
Sealevel SeaConnect 370W Web Server channel accessible0.00CVE-2021-21963
1923742.62.6
 
 
 
 
Sealevel SeaConnect 370W MQTTS channel accessible0.00CVE-2021-21959
1923733.13.1
 
 
 
 
Z-Wave Specification S2 Security downgrade0.04CVE-2018-25029
1923725.35.3
 
 
 
 
HPE FlexNetwork 5130 EL Switch buffer overflow0.04CVE-2021-29219
1923715.55.5
 
 
 
 
KiCad EDA Gerber Viewer stack-based overflow0.00CVE-2022-23947
1923705.55.5
 
 
 
 
KiCad EDA Gerber Viewer stack-based overflow0.04CVE-2022-23946

60 more entries are not shown

Do you know our Splunk app?

Download it now for free!