CVSSv3 March 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤28
≤379
≤4412
≤5323
≤6588
≤7533
≤8219
≤966
≤1026

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤29
≤386
≤4438
≤5315
≤6782
≤7408
≤8143
≤947
≤1026

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤216
≤3106
≤4455
≤5340
≤6582
≤7507
≤8180
≤940
≤1028

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤31
≤41
≤50
≤66
≤710
≤821
≤90
≤1015

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤27
≤310
≤436
≤564
≤6102
≤7109
≤8173
≤960
≤1075

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤42
≤53
≤67
≤718
≤835
≤96
≤102

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

PublishedBaseVDBNVDCNAVendResVulnerabilityCTICVE
03/31/20224.83.5
 
6.1
 
 
vanessa219 vditor cross site scripting0.04CVE-2022-0350
03/31/20223.53.5
 
 
 
 
Sourcecodester Simple Client Management System Add New Client/Add New Invoice cross site scripting0.00CVE-2021-43505
03/31/20226.36.3
 
 
 
 
Sourcecodester Simple Client Management System Login.php sql injection0.03CVE-2021-43506
03/31/20226.36.3
 
 
 
 
WPanel unrestricted upload0.03CVE-2021-34257
03/31/20226.45.3
 
7.5
 
 
livehelperchat type confusion0.03CVE-2022-1176
03/31/20225.55.5
 
 
 
 
Hospital Management System treatmentrecord.php unrestricted upload0.07CVE-2022-24136
03/31/20225.55.5
 
 
 
 
Elecom EDWRC-2533GST2 access control0.04CVE-2022-25915
03/31/20226.36.3
 
 
 
 
Hibara AttacheCase untrusted search path0.08CVE-2022-28128
03/31/20226.36.3
 
 
 
 
Hibara AttacheCase untrusted search path0.07CVE-2022-25348
03/31/20225.55.5
 
 
 
 
NTT Netcommunity OG410Xa Config File os command injection0.03CVE-2022-22986
03/31/20223.53.5
 
 
 
 
Zero-channel BBS Plus cross site scripting0.08CVE-2022-27496
03/31/20223.53.5
 
 
 
 
pfSense CE/pfSense Plus URL cross site scripting0.08CVE-2021-20729
03/31/20226.36.3
 
 
 
 
pfSense CE/pfSense Plus NTP GPS Setting access control0.02CVE-2022-26019
03/31/20226.36.3
 
 
 
 
pfSense CE/pfSense Plus Server Setting input validation0.05CVE-2022-24299
03/31/20224.34.3
 
 
 
 
Advanced Custom Fields Plugin authorization0.02CVE-2022-23183
03/31/20227.15.5
 
8.7
 
 
GitHub livehelperchat server-side request forgery0.05CVE-2022-1191
03/31/20228.38.8
 
7.8
 
 
Western Digital G-RAID Software Utility Setup uncontrolled search path0.03CVE-2022-22996
03/31/20228.39.8
 
6.8
 
 
Bosch CPP TCP stack-based overflow0.05CVE-2021-23851
03/31/20228.39.8
 
6.8
 
 
Bosch CCP TCP stack-based overflow0.04CVE-2021-23850
03/31/20223.53.5
 
 
 
 
QingScan Search cross site scripting0.16CVE-2022-24135
03/31/20225.35.3
 
 
 
 
Google Android Settings input validation0.06CVE-2021-39771
03/31/20225.35.3
 
 
 
 
Google Android Settings input validation0.03CVE-2021-39764
03/31/20225.55.5
 
 
 
 
wuta jox readObject xml external entity reference0.09CVE-2021-43142
03/31/20225.55.5
 
 
 
 
Software AG MashZone NextGen Register an Ehcache Configuration File xml external entity reference0.03CVE-2021-33208
03/31/20225.55.5
 
 
 
 
VMware Spring Boot temp file0.05CVE-2022-27772
03/31/20223.53.5
 
 
 
 
ZTE ZXHN F680 Gateway Name cross site scripting0.03CVE-2022-23136
03/31/20224.24.2
 
 
 
 
Google Android incfs permission0.15CVE-2022-20002
03/31/20225.35.3
 
 
 
 
Google Android Dialer permission0.04CVE-2021-39790
03/31/20225.35.3
 
 
 
 
Google Android Telecom permission0.05CVE-2021-39789
03/31/20225.35.3
 
 
 
 
Google Android SystemUI access control0.05CVE-2021-39787
03/31/20224.24.2
 
 
 
 
Google Android NFC out-of-bounds write0.03CVE-2021-39786
03/31/20225.35.3
 
 
 
 
Google Android CellBroadcastReceiver permission0.07CVE-2021-39784
03/31/20225.35.3
 
 
 
 
Google Android rcsservice permission0.10CVE-2021-39783
03/31/20225.35.3
 
 
 
 
Google Android Telephony permission0.03CVE-2021-39782
03/31/20225.35.3
 
 
 
 
Google Android Traceur permission0.05CVE-2021-39780
03/31/20225.35.3
 
 
 
 
Google Android NFC use after free0.04CVE-2021-39776
03/31/20223.33.3
 
 
 
 
Google Android Bluetooth out-of-bounds read0.04CVE-2021-39774
03/31/20225.35.3
 
 
 
 
Google Android Bluetooth permission0.04CVE-2021-39772
03/31/20225.35.3
 
 
 
 
Google Android Settings permission0.04CVE-2021-39768
03/31/20225.35.3
 
 
 
 
Google Android MiniaDB access control0.02CVE-2021-39767
03/31/20225.35.3
 
 
 
 
Google Android Settings access control0.12CVE-2021-39763
03/31/20225.35.3
 
 
 
 
Google Android libstagefright out-of-bounds write0.03CVE-2021-39759
03/31/20225.35.3
 
 
 
 
Google Android WindowManager permission0.07CVE-2021-39758
03/31/20225.35.3
 
 
 
 
Google Android Bubbles permission0.05CVE-2021-39752
03/31/20225.35.3
 
 
 
 
Google Android PackageManager permission0.03CVE-2021-39750
03/31/20225.35.3
 
 
 
 
Google Android WindowManager permission0.05CVE-2021-39749
03/31/20225.35.3
 
 
 
 
Google Android PermissionController permission0.03CVE-2021-39746
03/31/20225.35.3
 
 
 
 
Google Android PackageManager permission0.05CVE-2021-39743
03/31/20224.24.2
 
 
 
 
Google Android Keymaster out-of-bounds write0.12CVE-2021-39741
03/31/20225.35.3
 
 
 
 
Google Android ConnectedDevicesSliceProvider.java.java createGeneralSlice permission0.07CVE-2021-1033

2204 more entries are not shown

Do you know our Splunk app?

Download it now for free!