CVSSv3 03/05/2022

CVSSv3 Base

≤10
≤20
≤30
≤49
≤53
≤69
≤76
≤83
≤92
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤49
≤53
≤613
≤72
≤83
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤33
≤47
≤54
≤610
≤75
≤81
≤92
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤52
≤61
≤70
≤83
≤91
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
1942666.35.3
 
7.3
 
 
radare2 r_reg_get_name_idx use after free0.060.00885CVE-2022-0849
1942655.55.5
 
 
 
 
Espruino jsvar.c jsvGetNextSibling stack-based overflow0.040.00885CVE-2022-25465
1942645.55.5
 
 
 
 
Espruino jsvar.c jsvNewFromString stack-based overflow0.030.00885CVE-2022-25044
1942633.53.5
 
 
 
 
Mark Text pasteCtrl.js cross site scripting0.020.01689CVE-2022-25069
1942623.73.7
 
 
 
 
HCL BigFix Compliance TLS-RSA Cipher Suite risky encryption0.030.00885CVE-2021-27756
1942613.73.7
 
 
 
 
Rhinode Trading Paints Updater.exe cleartext transmission0.030.00885CVE-2021-40846
1942607.34.7
 
9.9
 
 
Secomea GateManager path traversal0.030.00885CVE-2021-32008
1942597.37.3
 
 
 
 
mingSoft MCMS Remote Code Execution0.000.01086CVE-2021-46384
1942584.32.7
 
6.0
 
 
Dell EMC Enterprise Storage Analytics for vRealize Operations credentials storage0.030.00885CVE-2021-43590
1942575.35.3
 
 
 
 
D-Link DIR-X1860 Web Interface information disclosure0.030.01055CVE-2021-46353
1942568.88.8
 
 
 
 
TP-Link Archer C20i HTTP Parameter os command injection0.020.11752CVE-2021-44827
1942555.55.5
 
 
 
 
Apache Any23 RDFa XSLTStylesheet Extractor xml external entity reference0.000.00885CVE-2022-25312
1942547.56.3
 
8.8
 
 
Weblate Git command injection0.000.00000CVE-2022-24727
1942536.55.6
 
7.4
 
 
microweber-dev whmcs_plugin resolution of path0.090.00885CVE-2022-0855
1942526.36.3
 
 
 
 
Watchguard Firebox/XTM Remote Code Execution0.090.15362CVE-2022-26318
1942515.55.5
 
 
 
 
Color openjpeg J2K File color.c sycc420_to_rgb heap-based overflow0.030.01559CVE-2021-3575
1942504.64.6
 
 
 
 
coreos-installer gzip signature verification0.030.00954CVE-2021-20319
1942496.36.3
 
 
 
 
Linux Kernel AMD KVM authorization0.020.00950CVE-2021-3656
1942488.88.8
 
 
 
 
Symantec Management Agent Registry access control0.060.00885CVE-2022-25623
1942473.53.5
 
 
 
 
NetApp StorageGRID Webscale Local Distribution Router denial of service0.030.00885CVE-2022-23233
1942465.55.5
 
 
 
 
D-Link DIR-859 Payload genacgi_main stack-based overflow0.030.00954CVE-2022-25106
1942453.53.5
 
 
 
 
HCL BigFix Insights credentials storage0.040.00885CVE-2021-27757
1942446.36.3
 
 
 
 
Ivanti Incapptic Connect deserialization0.070.01086CVE-2022-21828
1942433.53.5
 
 
 
 
OpenEXR TiledInputFile denial of service0.030.00954CVE-2021-20302
1942425.55.5
 
 
 
 
OpenEXR File ImfHuf.cpp hufUncompress integer overflow0.030.00954CVE-2021-20300
1942416.36.3
 
 
 
 
NetApp StorageGRID S3 Data access control0.030.00885CVE-2022-23232
1942405.55.5
 
 
 
 
OpenEXR File ImfTiledMisc.cpp dataWindowForTile integer overflow0.040.00954CVE-2021-20303
1942395.94.7
 
7.2
 
 
weblate argument injection0.030.04571CVE-2022-23915
1942383.73.7
 
 
 
 
Python HTTP Response infinite loop0.000.01319CVE-2021-3737
1942374.94.9
 
 
 
 
Linux Kernel ext4 Filesystem extents.c ext4_es_cache_extent integer overflow0.030.00890CVE-2021-3428
1942363.62.4
 
4.8
 
 
Veritas InfoScale Operations Manager GET Parameter listdir.pl cross site scripting0.020.00885CVE-2022-26483
1942353.82.7
 
4.9
 
 
Veritas InfoScale Operations Manager Configuration File pathname traversal0.020.01055CVE-2022-26484

Do you know our Splunk app?

Download it now for free!