CVSSv3 05/25/2022

CVSSv3 Base

≤10
≤20
≤30
≤418
≤58
≤620
≤723
≤83
≤90
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤419
≤57
≤626
≤717
≤83
≤90
≤101

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤422
≤59
≤617
≤720
≤84
≤90
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤52
≤67
≤75
≤88
≤92
≤102

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2006993.73.7
 
3.7
 
 
Philips Interoperability Solution XDS LDAP via TLS cleartext transmission0.020.00885CVE-2021-32966
2006984.54.3
 
4.7
 
 
Vsourz Digital Advanced Contact form 7 DB Plugin cross site scripting0.020.00885CVE-2022-29408
2006974.34.3
 
 
 
 
Linux Kernel TCP Pace tcp_output.c tcp_internal_pacing memory leak0.000.01108CVE-2022-1678
2006965.55.5
 
 
 
 
Pillow TGA Image File TgaRleDecode.c heap-based overflow0.040.00885CVE-2022-30595
2006955.55.5
 
 
 
 
Hashicorp go-getter Download Privilege Escalation0.000.00954CVE-2022-30323
2006945.55.5
 
 
 
 
Hashicorp go-getter Download Privilege Escalation0.030.00954CVE-2022-30322
2006935.55.5
 
 
 
 
Hashicorp go-getter Download Privilege Escalation0.050.00954CVE-2022-30321
2006925.55.5
 
 
 
 
Hashicorp go-getter command injection0.030.02055CVE-2022-26945
2006917.06.3
 
7.8
 
 
vim out-of-bounds0.070.01108CVE-2022-1851
2006903.53.5
 
 
 
 
radare2 Binary Symbol Parser bin_symbols.c null pointer dereference0.020.00954CVE-2021-44974
2006895.55.5
 
 
 
 
Nginx NJS njs_module.c njs_default_module_loader stack-based overflow0.020.00954CVE-2022-29379
2006885.55.5
 
 
 
 
Online Food Ordering System Select Image unrestricted upload0.030.01338CVE-2022-29651
2006876.36.3
 
 
 
 
ARCHIBUS Web Central workflow.runWorkflowRule.dwr sql injection0.070.00885CVE-2022-28862
2006866.36.3
 
 
 
 
Online Food Ordering System food-search.php sql injection0.040.00885CVE-2022-29650
2006857.96.3
 
9.6
 
 
camptocamp terraboard sql injection0.020.00885CVE-2022-1883
2006844.43.5
 
5.3
 
 
jgraph drawio information disclosure0.050.00885CVE-2022-1815
2006835.23.7
 
6.8
 
 
SUSE Rancher cleartext transmission0.030.00885CVE-2022-21951
2006823.53.5
 
 
 
 
Apache Archiva password recovery0.020.00885CVE-2022-29405
2006813.53.5
 
 
 
 
ZKEACMS cross site scripting0.030.00885CVE-2022-29362
2006804.34.3
 
 
 
 
School Club Application System cross site scripting0.050.00885CVE-2022-29359
2006795.55.5
 
 
 
 
Pallets Werkzeug HTTP Request Parser request smuggling0.050.00885CVE-2022-29361
2006783.53.5
 
 
 
 
kkFileView URL Parameter OnlinePreviewController.java cross site scripting0.020.00885CVE-2022-29349
2006775.05.0
 
 
 
 
H authentication replay0.050.00885CVE-2022-29334
2006765.55.5
 
 
 
 
CyberLink Power Director EXE File Privilege Escalation0.030.01018CVE-2022-29333
2006755.55.5
 
 
 
 
Zoho ManageEngine AppManager unrestricted upload0.030.00885CVE-2022-23050
2006745.55.5
 
 
 
 
Halibut Text Document bk_info.c info_width_internal use after free0.030.00885CVE-2021-42614
2006733.53.5
 
 
 
 
Halibut Text Document index.c cleanup_index denial of service0.040.00885CVE-2021-42613
2006725.55.5
 
 
 
 
Halibut Text Document index.c cleanup_index use after free0.030.00885CVE-2021-42612
2006713.53.5
 
 
 
 
Undertow HTTP2 resource consumption0.000.00885CVE-2021-3629
2006706.97.3
 
6.5
 
 
AGG Web Server path traversal0.000.00885CVE-2021-32964
2006695.87.3
 
4.3
 
 
filegator session fixiation0.050.00885CVE-2022-1849
2006689.89.8
 
9.8
 
 
Microsoft Azure RTOS USBX ux_device_class_dfu_control_request buffer overflow0.030.06171CVE-2022-29246
2006677.47.3
 
7.5
 
 
Microsoft Azure RTOS USBX buffer overflow0.030.02844CVE-2022-29223
2006667.06.5
 
7.5
 
 
Lodestar ProposerSlashing integer overflow0.020.00954CVE-2022-29219
2006655.55.6
 
5.4
 
 
Fortinet FortiOS certificate validation0.000.00885CVE-2022-22306
2006645.96.3
 
5.4
 
 
filegator path traversal0.080.00885CVE-2022-1850
2006636.36.3
 
 
 
 
LuxSoft LuxCal Web Calendar Cookie improper authentication0.030.01018CVE-2021-45915
2006626.36.3
 
 
 
 
LuxSoft LuxCal Web Calendar POST Request improper authentication0.090.01018CVE-2021-45914
2006615.55.5
 
 
 
 
radare2 Mach-O Parser anal_objc.c buffer overflow0.030.00954CVE-2021-44975
2006603.53.5
 
 
 
 
GJSON incorrect regex0.000.00885CVE-2021-42248
2006593.53.5
 
 
 
 
Red Hat WildFly Configuration file access0.050.00885CVE-2021-3717
2006586.24.3
 
8.2
 
 
AGG Web Server cross site scripting0.070.01086CVE-2021-32962
2006573.53.5
 
 
 
 
epub2txt2 XML File sxmlc.c _parse_special_tag denial of service0.030.00885CVE-2022-29358
2006565.55.5
 
 
 
 
C-DATA FD702XW-X-R430 HTTP Request formlanipv6 command injection0.040.02055CVE-2022-29337
2006555.95.0
 
6.8
 
 
Circutor COMPACT DC-S BASIC Device Management Web Portal index.cgi stack-based overflow0.030.00885CVE-2022-1669
2006544.34.3
 
 
 
 
Undertow HTTP2SourceChannel race condition0.030.00885CVE-2021-3597
2006537.06.3
 
7.8
 
 
Delta Electronics DIAScreen out-of-bounds write0.030.01036CVE-2021-32969
2006527.06.3
 
7.8
 
 
Delta Electronics DIAScreen type confusion0.060.01036CVE-2021-32965
2006516.45.3
 
7.5
 
 
JavaEZ risky encryption0.030.00885CVE-2022-29249
2006504.63.5
 
5.7
 
 
Vaadin TreeGrid toString information disclosure0.000.00885CVE-2022-29567

23 more entries are not shown

Do you know our Splunk app?

Download it now for free!