CVSSv3 02/23/2022

CVSSv3 Base

≤10
≤20
≤30
≤41
≤51
≤67
≤714
≤88
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤41
≤52
≤68
≤714
≤88
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤41
≤56
≤68
≤79
≤87
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤52
≤63
≤73
≤810
≤910
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
1936595.84.3
 
7.3
 
 
radare2 resource consumption0.08CVE-2022-0476
1936584.34.3
 
4.3
 
 
Cisco NX-OS Cisco Discovery Protocol Service resource management0.04CVE-2022-20625
1936578.07.5
 
8.6
 
 
Cisco NX-OS CFSoIP resource consumption0.04CVE-2022-20624
1936568.07.5
 
8.6
 
 
Cisco Nexus 9000 BFD Traffic resource management0.04CVE-2022-20623
1936558.17.5
 
8.8
 
 
Cisco NX-OS NX-API os command injection0.07CVE-2022-20650
1936547.06.3
 
7.8
 
 
vim uninitialized pointer0.00CVE-2022-0729
1936535.96.3
 
5.4
 
 
chocobozzz peertube access control0.03CVE-2022-0727
1936525.96.3
 
5.4
 
 
chocobozzz peertube improper authorization0.05CVE-2022-0726
1936515.53.5
 
7.6
 
 
Microweber cross site scripting0.03CVE-2022-0719
1936506.94.7
 
9.1
 
 
Microweber insecure storage of sensitive information0.08CVE-2022-0724
1936496.54.3
 
8.8
 
 
Microweber information disclosure0.08CVE-2022-0721
1936487.77.3
 
8.2
 
 
mlflow temp file0.04CVE-2022-0736
1936476.36.3
 
 
 
 
Backdoor.Win32.Acropolis.10 permission0.00
1936467.37.3
 
 
 
 
Backdoor.Win32.FTP.Ics Service Port 5555 backdoor0.00
1936455.35.3
 
 
 
 
Backdoor.Win32.FTP.Ics Service Port 5554 information disclosure0.03
1936447.37.3
 
 
 
 
Backdoor.Win32.FTP.Ics Service Port 5554 missing authentication0.00
1936436.24.3
 
8.1
 
 
fgribreau node-request-retry information disclosure0.07CVE-2022-0654
1936427.36.3
 
8.4
 
 
vim heap-based overflow0.04CVE-2022-0714
1936415.86.3
 
5.3
 
 
radare2 heap-based overflow0.08CVE-2022-0713
1936406.45.3
 
7.5
 
 
OpenMRS GET Request images path traversal0.03CVE-2022-23612
1936395.95.0
 
6.8
 
 
Envoy TLS certificate validation0.04CVE-2022-21657
1936386.45.3
 
7.5
 
 
Envoy Common Router control flow0.00CVE-2022-21655
1936376.55.6
 
7.4
 
 
Envoy TLS certificate validation0.05CVE-2022-21654
1936366.45.3
 
7.5
 
 
Envoy Connect Request null pointer dereference0.04CVE-2021-43824
1936357.56.3
 
8.8
 
 
capsule-proxy Header improper authentication0.00CVE-2022-23652
1936347.77.3
 
8.1
 
 
Wiki.js Target Page ID improper authentication0.08CVE-2022-23654
1936333.32.2
 
4.4
 
 
Envoy Cluster Discovery Service recursion0.04CVE-2022-23606
1936326.45.3
 
7.5
 
 
Envoy HTTP2 Stream use after free0.03CVE-2021-43826
1936316.45.3
 
7.5
 
 
Istio istiod improper authentication0.00CVE-2022-23635
1936308.18.1
 
8.1
 
 
PJSIP Dialog Set use after free0.04CVE-2022-23608
1936296.26.3
 
6.1
 
 
Envoy Local Response use after free0.08CVE-2021-43825
1936286.56.3
 
6.8
 
 
mruby out-of-bounds read0.00CVE-2022-0717
1936276.55.6
 
7.4
 
 
Envoy default_validator.cc certificate validation0.08CVE-2022-21656

Might our Artificial Intelligence support you?

Check our Alexa App!