CVSSv3 02/19/2022

CVSSv3 Base

≤10
≤20
≤30
≤438
≤57
≤629
≤736
≤86
≤951
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤438
≤58
≤629
≤736
≤85
≤951
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤46
≤550
≤619
≤736
≤85
≤952
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤434
≤50
≤62
≤76
≤893
≤93
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1935425.44.3
 
6.5
 
 
Microweber cross site scripting0.03CVE-2022-0678
1935414.94.3
 
5.5
 
 
mruby null pointer dereference0.03CVE-2022-0632
1935405.74.3
 
7.1
 
 
mruby out-of-bounds read0.06CVE-2022-0630
1935398.38.8
 
7.8
 
 
Bentley MicroStation CONNECT PDF File Parser use after free0.06CVE-2021-46609
1935383.53.5
 
 
 
 
SAS Web Report Studio javascript: URL logonAndRender.do cross site scripting0.03CVE-2022-25256
1935373.53.5
 
 
 
 
LiveConfig Administration Form cross site scripting0.00CVE-2021-40840
1935367.37.5
 
7.0
 
 
MariaDB SQL Query heap-based overflow0.06CVE-2022-24052
1935357.37.5
 
7.0
 
 
MariaDB SQL Query format string0.03CVE-2022-24051
1935346.55.3
 
7.8
 
 
Docker Desktop access control0.13CVE-2022-25365
1935335.94.7
 
7.2
 
 
ShowDoc unrestricted upload0.05CVE-2022-0409
1935323.53.5
 
 
 
 
sha256crypt/sha512crypt algorithmic complexity0.06CVE-2016-20013
1935314.34.3
 
 
 
 
Varnishcache Element Renderer resource injection0.05CVE-2022-24979
1935306.36.3
 
 
 
 
Kitodo.Presentation server-side request forgery0.04CVE-2022-24980
1935295.55.5
 
 
 
 
Cryptomator Environment Variable injection0.03CVE-2022-25366
1935287.37.5
 
7.0
 
 
MariaDB stack-based overflow0.03CVE-2022-24048
1935275.55.5
 
 
 
 
mingSoft MCMS uploadTemplate.do unrestricted upload0.08CVE-2021-46036
1935265.55.5
 
 
 
 
awful-salmonella-tar safe-path path traversal0.10CVE-2022-25358
1935255.55.5
 
 
 
 
TOTOLINK T6/T10 MQTT Packet command injection0.03CVE-2022-25137
1935245.55.5
 
 
 
 
TOTOLINK T6/T10 MQTT Packet command injection0.03CVE-2022-25136
1935235.55.5
 
 
 
 
TOTOLINK T6 MQTT Packet recv_mesh_info_sync command injection0.08CVE-2022-25135
1935225.55.5
 
 
 
 
TOTOLINK T6 MQTT Packet setUpgradeFW command injection0.04CVE-2022-25134
1935215.55.5
 
 
 
 
TOTOLINK T6 MQTT Packet command injection0.09CVE-2022-25133
1935205.55.5
 
 
 
 
TOTOLINK T6 MQTT Packet command injection0.03CVE-2022-25132
1935195.55.5
 
 
 
 
TOTOLINK T6/T10 MQTT Packet command injection0.03CVE-2022-25131
1935185.55.5
 
 
 
 
TOTOLINK T6/T10 MQTT Packet command injection0.00CVE-2022-25130
1935174.35.3
 
3.3
 
 
Cosign certificate validation0.04CVE-2022-23649
1935163.53.5
 
 
 
 
LiveConfig Log File path traversal0.06CVE-2021-40841
1935155.65.6
 
 
 
 
Pexip Infinity Connect certificate validation0.00CVE-2021-29656
1935146.96.3
 
7.6
 
 
object-extend code injection0.04CVE-2021-23702
1935137.37.5
 
7.0
 
 
MariaDB SQL Query use after free0.05CVE-2022-24050
1935125.55.5
 
 
 
 
mingSoft MCMS Template Management Module injection0.00CVE-2021-46063
1935114.64.6
 
 
 
 
mingSoft MCMS oldFileName denial of service0.00CVE-2021-46062
1935104.64.6
 
 
 
 
MCMS unzip.do denial of service0.05CVE-2021-46037
1935095.14.0
 
6.2
 
 
swtpm out-of-bounds read0.04CVE-2022-23645
1935085.05.0
 
 
 
 
Online Shopping Portal sql injection0.00CVE-2021-46110
1935075.55.5
 
 
 
 
Pexip Infinity Connect code injection0.03CVE-2021-29655
1935067.06.3
 
7.8
 
 
Foxit PDF Reader JPEG2000 Image Parser out-of-bounds read0.06CVE-2022-24971
1935057.06.3
 
7.8
 
 
Foxit PDF Reader JP2 Image Parser out-of-bounds write0.03CVE-2022-24369
1935047.06.3
 
7.8
 
 
Foxit PDF Reader JPEG2000 Image Parser out-of-bounds write0.03CVE-2022-24361
1935037.06.3
 
7.8
 
 
Foxit PDF Reader Doc Object out-of-bounds read0.00CVE-2022-24358
1935026.04.3
 
7.8
 
 
Foxit PDF Reader OnMouseExit out-of-bounds read0.03CVE-2022-24356
1935018.88.8
 
8.8
 
 
TP-Link TL-WR940N File Name Extension Parser stack-based overflow0.03CVE-2022-24355
1935008.88.8
 
8.8
 
 
TP-Link AC1750 NetUSB.ko integer overflow0.03CVE-2022-24354
1934998.38.8
 
7.8
 
 
Sante DICOM Viewer Pro J2K File Parser out-of-bounds write0.05CVE-2022-24064
1934988.38.8
 
7.8
 
 
Sante DICOM Viewer Pro JP2 File Parser memory corruption0.00CVE-2022-24063
1934978.38.8
 
7.8
 
 
Sante DICOM Viewer Pro DCM File Parser out-of-bounds write0.10CVE-2022-24059
1934968.38.8
 
7.8
 
 
Sante DICOM Viewer Pro J2K File Parser out-of-bounds write0.07CVE-2022-24058
1934958.38.8
 
7.8
 
 
Sante DICOM Viewer Pro J2K File Parser out-of-bounds write0.00CVE-2022-24057
1934948.38.8
 
7.8
 
 
Sante DICOM Viewer Pro J2K File Parser out-of-bounds write0.09CVE-2022-24056
1934935.35.3
 
5.3
 
 
BMC Track-It! HTTP Request authentication bypass0.03CVE-2022-24047

119 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!