CVSSv3 07/01/2022

CVSSv3 Base

≤10
≤20
≤30
≤435
≤519
≤622
≤710
≤86
≤98
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤435
≤520
≤624
≤710
≤811
≤90
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤440
≤518
≤620
≤78
≤812
≤90
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤52
≤68
≤72
≤86
≤93
≤109

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
2030865.55.5
 
 
 
 
Lua luaG_runerror heap-based overflow0.00CVE-2022-33099
2030858.27.3
 
9.1
 
 
SaltStack Salt improper authorization0.05CVE-2022-2282
2030845.55.5
 
 
 
 
Das U-Boot sqfs_readdir out-of-bounds write0.06CVE-2022-33103
2030834.34.3
 
 
 
 
Failed Job Deactivator Plugin cross-site request forgery0.00CVE-2022-34817
2030824.34.3
 
 
 
 
Request Rename Or Delete Plugin Pending Request cross-site request forgery0.00CVE-2022-34815
2030814.34.3
 
 
 
 
XPath Configuration Viewer Plugin cross-site request forgery0.00CVE-2022-34812
2030804.34.3
 
 
 
 
Deployment Dashboard Plugin HTTP URL cross-site request forgery0.00CVE-2022-34797
2030793.53.5
 
 
 
 
Deployment Dashboard Plugin Environment Name cross site scripting0.03CVE-2022-34795
2030784.34.3
 
 
 
 
Recipe Plugin HTTP Request cross-site request forgery0.00CVE-2022-34792
2030773.53.5
 
 
 
 
Validating Email Parameter Plugin cross site scripting0.03CVE-2022-34791
2030763.53.5
 
 
 
 
eXtreme Feedback Panel Plugin Tooltip cross site scripting0.00CVE-2022-34790
2030754.34.3
 
 
 
 
Matrix Reloaded Plugin cross-site request forgery0.03CVE-2022-34789
2030743.53.5
 
 
 
 
Matrix Reloaded Plugin Tooltip cross site scripting0.03CVE-2022-34788
2030733.53.5
 
 
 
 
Project Inheritance Plugin Tooltip cross site scripting0.03CVE-2022-34787
2030723.53.5
 
 
 
 
Rich Text Publisher Plugin HTML Message cross site scripting0.04CVE-2022-34786
2030713.53.5
 
 
 
 
build-metrics Plugin Build Description cross site scripting0.03CVE-2022-34784
2030704.34.3
 
 
 
 
JetBrains Hub Untrusted Source access control0.03CVE-2022-34894
2030696.36.3
 
 
 
 
vim heap-based overflow0.03CVE-2022-2264
2030683.53.5
 
 
 
 
Plot Plugin cross site scripting0.03CVE-2022-34783
2030674.34.3
 
 
 
 
XebiaLabs XL Release Plugin cross-site request forgery0.00CVE-2022-34780
2030663.53.5
 
 
 
 
TestNG Results Plugin Exception Message cross site scripting0.04CVE-2022-34778
2030653.53.5
 
 
 
 
GitLab Plugin Description cross site scripting0.05CVE-2022-34777
2030644.42.4
 
6.5
 
 
microweber cross site scripting0.03CVE-2022-2280
2030635.55.5
 
 
 
 
Recipe Plugin XML Parser xml external entity reference0.03CVE-2022-34793
2030623.53.5
 
 
 
 
Urtracker Premium Batch Add cross site scripting0.06CVE-2022-33043
2030616.15.0
 
7.2
 
 
Ping Identity PingID Local Java Service authentication bypass0.06CVE-2022-23719
2030604.03.1
 
5.0
 
 
Ping Identity PingID Offline Security Key denial of service0.03CVE-2022-23717
2030594.64.6
 
 
 
 
Failed Job Deactivator Plugin HTTP Endpoint authorization0.00CVE-2022-34818
2030585.55.5
 
 
 
 
Request Rename Or Delete Plugin HTTP Endpoint authorization0.00CVE-2022-34814
2030575.55.5
 
 
 
 
XPath Configuration Viewer Plugin XPath Expression authorization0.00CVE-2022-34813
2030565.55.5
 
 
 
 
XPath Configuration Viewer Plugin authorization0.07CVE-2022-34811
2030553.53.5
 
 
 
 
RQM Plugin ID authorization0.00CVE-2022-34810
2030543.53.5
 
 
 
 
RQM Plugin Configuration File credentials storage0.03CVE-2022-34809
2030533.53.5
 
 
 
 
Elasticsearch Query Plugin Configuration File credentials storage0.03CVE-2022-34807
2030523.53.5
 
 
 
 
Jigomerge Plugin Controller File credentials storage0.00CVE-2022-34806
2030513.53.5
 
 
 
 
Skype Notifier Plugin Configuration File credentials storage0.03CVE-2022-34805
2030503.53.5
 
 
 
 
OpsGenie Plugin Configuration File config.xml credentials storage0.03CVE-2022-34803
2030493.53.5
 
 
 
 
RocketChat Notifier Plugin Configuration File credentials storage0.06CVE-2022-34802
2030483.53.5
 
 
 
 
Build Notifications Plugin Configuration File credentials storage0.03CVE-2022-34800
2030473.53.5
 
 
 
 
Deployment Dashboard Plugin Configuration File credentials storage0.06CVE-2022-34799
2030465.55.5
 
 
 
 
Deployment Dashboard Plugin HTTP Endpoint authorization0.00CVE-2022-34798
2030453.53.5
 
 
 
 
Deployment Dashboard Plugin ID authorization0.00CVE-2022-34796
2030445.55.5
 
 
 
 
Recipe Plugin HTTP Request authorization0.03CVE-2022-34794
2030433.53.5
 
 
 
 
build-metrics Plugin HTTP Request Endpoint authorization0.00CVE-2022-34785
2030423.53.5
 
 
 
 
requests-plugin Permissions authorization0.03CVE-2022-34782
2030413.53.5
 
 
 
 
bfabiszewski Libmobi null pointer dereference0.04CVE-2022-2279
2030409.89.8
 
 
 
 
OpenSSL RSA Private Key rsaz_exp_x2.c ossl_rsaz_mod_exp_avx512_x2 memory corruption1.38CVE-2022-2274
2030395.55.5
 
 
 
 
XebiaLabs XL Release Plugin authorization0.00CVE-2022-34781
2030383.53.5
 
 
 
 
XebiaLabs XL Release Plugin authorization0.03CVE-2022-34779
2030374.34.3
 
 
 
 
Oxen Session PIN improper authentication0.06CVE-2022-1955

52 more entries are not shown

Do you know our Splunk app?

Download it now for free!