CVSSv3 July 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤319
≤4257
≤5374
≤6445
≤7535
≤8519
≤9130
≤1093

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤322
≤4279
≤5377
≤6520
≤7492
≤8493
≤9101
≤1088

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤26
≤384
≤4416
≤5361
≤6512
≤7476
≤8335
≤996
≤1086

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤35
≤417
≤598
≤6166
≤7203
≤8343
≤976
≤10281

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤23
≤39
≤461
≤5124
≤6146
≤7160
≤8225
≤983
≤1060

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤517
≤63
≤727
≤827
≤97
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤71
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

PublishedBaseVDBNVDCNAVendResVulnerabilityCTICVE
07/31/20227.87.8
 
 
 
 
HPE iLO 5 Local Privilege Escalation0.00CVE-2022-28636
07/31/20227.87.8
 
 
 
 
HPE iLO 5 Local Privilege Escalation0.00CVE-2022-28635
07/31/20227.87.8
 
 
 
 
HPE iLO 5 Local Privilege Escalation0.00CVE-2022-28634
07/31/20228.88.8
 
 
 
 
HPE iLO 5 Remote Code Execution0.03CVE-2022-28633
07/31/20228.88.8
 
 
 
 
HPE iLO 5 Remote Code Execution0.00CVE-2022-28632
07/31/20228.88.8
 
 
 
 
HPE iLO 5 Remote Code Execution0.05CVE-2022-28631
07/31/20227.87.8
 
 
 
 
HPE iLO 5 Local Privilege Escalation0.03CVE-2022-28630
07/31/20227.87.8
 
 
 
 
HPE iLO 5 Local Privilege Escalation0.03CVE-2022-28629
07/31/20227.87.8
 
 
 
 
HPE iLO 5 Local Privilege Escalation0.05CVE-2022-28628
07/31/20227.87.8
 
 
 
 
HPE iLO 5 Local Privilege Escalation0.02CVE-2022-28627
07/31/20227.87.8
 
 
 
 
HPE iLO 5 Local Privilege Escalation0.10CVE-2022-28626
07/31/20223.53.5
 
 
 
 
Gutenberg Plugin SVG Document cross site scripting0.03CVE-2022-33994
07/31/20225.35.3
 
 
 
 
Backdoor.Win32.Destrukor.20 Service Port 6969 improper authentication0.00
07/31/20227.37.3
 
 
 
 
Backdoor.Win32.Destrukor.20 Service Port 6969 backdoor0.04
07/31/20227.57.5
 
 
 
 
TEM FLEX-1085 reboot denial of service0.20CVE-2022-2591
07/30/20226.36.3
 
 
 
 
Rockwell Automation ISaGRAF Workbench deserialization0.03CVE-2022-2465
07/30/20226.36.3
 
 
 
 
Rockwell Automation ISaGRAF Workbench path traversal0.08CVE-2022-2464
07/30/20226.36.3
 
 
 
 
Rockwell Automation ISaGRAF Workbench 7z File path traversal0.04CVE-2022-2463
07/30/20223.73.7
 
 
 
 
AutomationDirect SIO-MB04RTDS cleartext transmission0.05CVE-2022-2485
07/30/20224.74.7
 
 
 
 
Inductive Automation Ignition xml external entity reference0.06CVE-2022-1704
07/30/20227.57.5
 
 
 
 
Moxa NPort 5110 out-of-bounds write0.17CVE-2022-2044
07/30/20227.57.5
 
 
 
 
Moxa NPort 5110 out-of-bounds write0.05CVE-2022-2043
07/30/20223.53.5
 
 
 
 
Velocidex Velociraptor GUI cross site scripting0.04CVE-2022-35632
07/30/20223.53.5
 
 
 
 
Velocidex Velociraptor Collection Report cross site scripting0.04CVE-2022-35630
07/30/20226.36.3
 
 
 
 
Trend Micro VPN Proxy Pro permission0.03CVE-2022-33158
07/30/20225.55.5
 
 
 
 
SonicWALL Hosted Email Security Capture ATP Security Service security check0.06CVE-2022-2324
07/30/20225.65.6
 
 
 
 
Velocidex Velociraptor improper authentication0.09CVE-2022-35629
07/30/20226.36.3
 
 
 
 
Trend Micro Apex One/Worry-Free Business Security link following0.05CVE-2022-36336
07/30/20226.36.3
 
 
 
 
Dogtag PKI XML Document Parser xml external entity reference0.05CVE-2022-2414
07/30/20223.53.5
 
 
 
 
Trend Micro Security 2021/Security 2022 out-of-bounds0.00CVE-2022-35234
07/30/20226.36.3
 
 
 
 
EllieGrid App code injection0.06CVE-2022-30083
07/30/20224.64.6
 
 
 
 
Chia Network CAT1 Standard unknown vulnerability0.07CVE-2022-36447
07/30/20225.55.5
 
 
 
 
D-Link DSL-3782 getAttrValue stack-based overflow0.00CVE-2022-34528
07/30/20225.55.5
 
 
 
 
D-Link DSL-3782 byte_4C0160 command injection0.05CVE-2022-34527
07/30/20224.34.3
 
 
 
 
Tiffsplit TIFF File _TIFFVGetField stack-based overflow0.00CVE-2022-34526
07/30/20225.55.5
 
 
 
 
HiBy R3 Pro unrestricted upload0.06CVE-2022-34496
07/30/20226.36.3
 
 
 
 
Autodesk Design Review TGA File DesignReview.exe out-of-bounds write0.05CVE-2022-27865
07/30/20226.36.3
 
 
 
 
Autodesk Design Review PDF File DesignReview.exe double free0.00CVE-2022-27864
07/30/20225.35.3
 
5.3
 
 
Western Digital Sweet B Cryptographic Library NIST P-256 Curve unknown vulnerability0.06CVE-2022-23004
07/30/20226.36.3
 
 
 
 
Velocidex Velociraptor temp file0.03CVE-2022-35631
07/30/20223.93.9
 
3.9
 
 
HCL Remote Store Server insufficiently protected credentials0.06CVE-2021-27785
07/30/20226.36.3
 
 
 
 
Autodesk Fusion360 HTTP Request access control0.08CVE-2022-27873
07/30/20226.36.3
 
 
 
 
Autodesk Design Review TIFF File DesignReview.exe out-of-bounds0.04CVE-2022-27866
07/30/20226.36.3
 
 
 
 
SonicWALL Switch command injection0.05CVE-2022-2323
07/30/20225.35.3
 
5.3
 
 
Western Digital Sweet B Cryptographic Library NIST P-256 Curve unknown vulnerability0.04CVE-2022-23003
07/30/20225.35.3
 
5.3
 
 
Western Digital Sweet B Cryptographic Library NIST P-256 Elliptic Curve unknown vulnerability0.00CVE-2022-23002
07/30/20225.35.3
 
5.3
 
 
Western Digital Sweet B Cryptographic Library Elliptic Curve calculation0.09CVE-2022-23001
07/30/20224.34.3
 
 
 
 
Autodesk AutoCAD 2023 PRT File out-of-bounds0.07CVE-2022-33881
07/30/20223.62.4
 
4.8
 
 
PluginlySpeaking Floating Div Plugin cross site scripting0.04CVE-2022-36378
07/30/20226.36.3
 
 
 
 
DedeCMS mytag_main.php mytag_ Privilege Escalation0.02CVE-2022-34531

2322 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!