CVSSv3 02/17/2022

CVSSv3 Base

≤10
≤20
≤30
≤44
≤55
≤617
≤713
≤88
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤45
≤56
≤622
≤710
≤84
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤44
≤56
≤617
≤713
≤87
≤92
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤63
≤72
≤82
≤92
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1933026.36.3
 
 
 
 
mingSoft MCMS list.do sql injection0.00CVE-2021-44868
1933016.55.6
 
7.4
 
 
Traefik TLS Configuration certificate validation0.08CVE-2022-23632
1933005.24.3
 
6.1
 
 
Cisco Prime Infrastructure Web-based Management Interface cross site scripting0.04CVE-2022-20659
1932995.35.3
 
5.3
 
 
Cisco StarOS Redundancy Configuration Manager denial of service0.00CVE-2022-20750
1932987.57.5
 
7.5
 
 
Cisco Email Security Appliance DANE Email Verification resource management0.07CVE-2022-20653
1932973.53.5
 
 
 
 
pcf2bdf PCF Font File denial of service0.05CVE-2022-23319
1932965.55.5
 
 
 
 
pcf2bdf PCF Font File out-of-bounds read0.07CVE-2022-23318
1932955.35.3
 
 
 
 
Core FTP Server/SFTP Server SSH Service denial of service0.04CVE-2022-22899
1932947.36.3
 
8.4
 
 
vim stack-based overflow0.00CVE-2022-0629
1932936.36.3
 
 
 
 
TRIGONE Remote System Monitor unquoted search path0.04CVE-2021-46368
1932926.97.3
 
6.5
 
 
mruby out-of-bounds read0.00CVE-2022-0623
1932916.36.3
 
 
 
 
Trojan-Spy.Win32.Zbot.aawo.Zeus-Builder permission0.00
1932906.36.3
 
 
 
 
Backdoor.Win32.Prosti.b permission0.04
1932896.36.3
 
 
 
 
Email-Worm.Win32.Lama permission0.04
1932885.35.3
 
 
 
 
Backdoor.Win32.Prorat.lkt Service Port 2121 hard-coded password0.00
1932875.35.3
 
 
 
 
Backdoor.Win32.Zombam.b Service Port 80 information disclosure0.00
1932864.34.3
 
 
 
 
Backdoor.Win32.Zombam.b Service Port 80 cross site scripting0.00
1932857.37.3
 
 
 
 
Backdoor.Win32.Zombam.b Service Port 80 stack-based overflow0.00
1932845.35.3
 
5.3
 
 
snipe-it information exposure0.04CVE-2022-0622
1932835.35.3
 
 
 
 
Drupal Quick Edit Module permission0.07CVE-2022-25270
1932825.55.5
 
 
 
 
PJSIP PJSUA API pjsua_call_dump buffer overflow0.07CVE-2021-43303
1932813.53.5
 
 
 
 
PJSIP PJSUA API pjsua_recorder_create out-of-bounds read0.05CVE-2021-43302
1932805.55.5
 
 
 
 
PJSIP PJSUA API pjsua_playlist_create stack-based overflow0.18CVE-2021-43301
1932795.55.5
 
 
 
 
PJSIP PJSUA API pjsua_recorder_create stack-based overflow0.25CVE-2021-43300
1932785.55.5
 
 
 
 
PJSIP PJSUA API pjsua_player_create stack-based overflow0.61CVE-2021-43299
1932775.55.5
 
 
 
 
Ghostscript sandbox0.04CVE-2021-3781
1932763.53.5
 
 
 
 
Linux Kernel Netfilter information disclosure0.47CVE-2021-3773
1932757.56.3
 
8.8
 
 
BookWyrm server-side request forgery0.00CVE-2022-23644
1932746.36.3
 
 
 
 
polkit D-Bus Request authorization0.04CVE-2021-3560
1932736.36.3
 
 
 
 
DuxCMS index sql injection0.07CVE-2021-3242
1932725.55.5
 
 
 
 
JerryScript js-parser.c parser_parse_function_arguments assertion0.00CVE-2022-22901
1932717.37.3
 
 
 
 
JQueryForm.com improper authentication0.00CVE-2022-24985
1932705.05.0
 
 
 
 
Hutool HttpRequest certificate validation0.06CVE-2022-22885
1932696.36.3
 
 
 
 
Jeecg-boot queryUserComponentData sql injection0.00CVE-2022-22881
1932686.36.3
 
 
 
 
Jeecg-boot queryUserByDepId sql injection0.00CVE-2022-22880
1932676.36.3
 
 
 
 
Qt QProcess Privilege Escalation0.08CVE-2022-25255
1932665.55.9
 
5.1
 
 
Wasmtime/WASI uninitialized pointer0.05CVE-2022-23636
1932657.37.3
 
 
 
 
JQueryForm.com unrestricted upload0.00CVE-2022-24983
1932646.36.3
 
 
 
 
mbsync type conversion0.18CVE-2021-3578
1932635.55.5
 
 
 
 
Drupal Form API injection0.07CVE-2022-25271
1932625.55.5
 
 
 
 
Crypt_GPG GPG Call Privilege Escalation0.05CVE-2022-24953
1932615.05.0
 
 
 
 
Linux Kernel Binary File memory corruption0.11CVE-2022-25265
1932603.53.5
 
 
 
 
JQueryForm.com admin.php cross site scripting0.00CVE-2022-24981
1932597.57.5
 
 
 
 
Linux Kernel NFC Stack use after free0.11CVE-2021-3760
1932584.34.3
 
 
 
 
Linux Kernel vt vt_ioctl.c vt_k_ioctl out-of-bounds read0.11CVE-2021-3753
1932574.34.3
 
 
 
 
JQueryForm.com Base64-Encode missing encryption0.04CVE-2022-24982
1932568.88.8
 
 
 
 
Linux Kernel Bluetooth Subsystem lock_sock_nested use after free0.07CVE-2021-3752
1932558.88.8
 
 
 
 
Linux Kernel USB Gadget Subsystem memory corruption0.09CVE-2022-25258
1932547.37.3
 
 
 
 
JQueryForm.com Executable Files Parser unrestricted upload0.04CVE-2022-24984

Want to stay up to date on a daily basis?

Enable the mail alert feature now!