CVSSv3 07/06/2022

CVSSv3 Base

≤10
≤20
≤33
≤44
≤54
≤68
≤79
≤83
≤94
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤35
≤42
≤54
≤614
≤76
≤82
≤92
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤34
≤44
≤53
≤68
≤79
≤83
≤94
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤50
≤60
≤71
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTICVE
2032814.34.3
 
 
 
 
MediaTek MT8798 Sound Driver symlink0.03CVE-2022-21770
2032802.52.5
 
 
 
 
MediaTek MT8797 CCCI out-of-bounds0.04CVE-2022-21769
2032793.33.3
 
 
 
 
MediaTek MT8797 Telecom Service information disclosure0.00CVE-2022-21764
2032783.33.3
 
 
 
 
MediaTek MT8797 Telecom Service information disclosure0.00CVE-2022-21763
2032775.55.5
 
 
 
 
Tenda AX1806 WanParameterSetting command injection0.09CVE-2022-34597
2032765.55.5
 
 
 
 
Tenda AX1803 WanParameterSetting command injection0.03CVE-2022-34596
2032755.55.5
 
 
 
 
Tenda AX1803 setipv6status command injection0.03CVE-2022-34595
2032747.17.1
 
 
 
 
grub2 JPEG Reader out-of-bounds write0.06CVE-2021-3697
2032737.17.1
 
 
 
 
grub2 PNG Reader out-of-bounds write0.03CVE-2021-3696
2032725.55.5
 
 
 
 
Tenda AC23 fromAdvSetMacMtuWan buffer overflow0.00CVE-2022-32386
2032716.36.3
 
 
 
 
Tenda AC23 stack-based overflow0.04CVE-2022-32385
2032705.55.5
 
 
 
 
Tenda AC23 AdvSetMacMtuWan stack-based overflow0.00CVE-2022-32383
2032695.55.5
 
 
 
 
TOTOLINK A800R/A810R/A830R/A950RG/A3000RU/A3100R command injection0.03CVE-2022-28935
2032688.88.8
 
 
 
 
IOBit Advanced System Care/Action Download Center Asc.exe permission0.03CVE-2022-24138
2032674.34.3
 
 
 
 
quic-go Request mtu_discoverer.go denial of service0.03CVE-2022-30591
2032667.17.1
 
 
 
 
grub2 16-bit Grayscale PNG Image out-of-bounds write0.07CVE-2021-3695
2032658.18.1
 
 
 
 
MediaTek MT8797 Modem 2G RR out-of-bounds write0.12CVE-2022-21744
2032648.88.8
 
 
 
 
MediaTek MT8797 Modem out-of-bounds write0.03CVE-2022-20083
2032638.18.1
 
 
 
 
IOBit Advanced System Care/Driver Booster Update Procedure data authenticity0.00CVE-2022-24140
2032626.36.3
 
 
 
 
Apache Superset Metadata dropped privileges0.04CVE-2021-37839
2032616.36.3
 
 
 
 
Apache Commons Configuration Variable Interpolation Privilege Escalation4.16CVE-2022-33980
2032604.22.4
 
6.1
 
 
JFrog Artifactory User REST API Endpoint cross site scripting0.06CVE-2021-45721
2032593.13.1
 
3.1
 
 
JFrog Artifactory Endpoint cross-site request forgery0.00CVE-2021-23163
2032582.62.6
 
 
 
 
Zabbix Link cross site scripting0.09CVE-2022-35230
2032572.72.7
 
 
 
 
JFrog Artifactory Project Administrator REST API unknown vulnerability0.00CVE-2021-46687
2032563.13.1
 
 
 
 
Zabbix Discovery Page cross site scripting0.00CVE-2022-35229
2032556.36.3
 
 
 
 
Apache JetSpeed server-side request forgery0.09CVE-2022-32533
2032546.36.3
 
 
 
 
Synology Photo Station session fixiation0.00CVE-2022-22681
2032536.36.3
 
 
 
 
Google Chrome Chrome OS Shell use after free0.70CVE-2022-2296
2032526.36.3
 
 
 
 
Google Chrome V8 type confusion1.19CVE-2022-2295
2032515.55.5
 
 
 
 
Dice File unrestricted upload0.00CVE-2022-32413
2032505.55.5
 
 
 
 
SourceCodester Ingredient Stock Management System POST Request Users.php access control0.09CVE-2022-32310
2032495.05.0
 
 
 
 
So Filter Shop sql injection0.03CVE-2022-34972
2032486.36.3
 
 
 
 
SourceCodester Ingredient Stock Management System view_stock.php sql injection0.03CVE-2022-32311
2032476.36.3
 
 
 
 
Newsletter Module index.php sql injection0.15CVE-2022-31856

Might our Artificial Intelligence support you?

Check our Alexa App!