CVSSv3 08/24/2022

CVSSv3 Base

≤10
≤20
≤30
≤45
≤518
≤623
≤725
≤811
≤93
≤101

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤45
≤518
≤623
≤728
≤88
≤94
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤34
≤419
≤520
≤68
≤727
≤84
≤94
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤53
≤616
≤713
≤816
≤910
≤103

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤57
≤65
≤75
≤812
≤93
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2071065.44.36.5
 
 
 
GnuTLS Hash Update null pointer dereference0.050.01034CVE-2021-4209
2071058.38.87.8
 
 
 
Linux Kernel NILFS File System inode.c security_inode_alloc use after free0.040.00885CVE-2022-2978
2071046.06.55.5
 
 
 
Linux Kernel SVC RDMA Counter initialization0.040.00890CVE-2021-4218
2071038.08.87.1
 
 
 
Linux Kernel eBPF out-of-bounds write0.040.00950CVE-2021-4204
2071027.06.37.8
 
 
 
Linux Kernel XFS File System inode.c inode_init_owner access control0.050.01365CVE-2021-4037
2071014.34.34.4
 
 
 
Linux Kernel ebpf Verifier verifier.c adjust_scalar_min_max_vals unknown vulnerability0.050.00950CVE-2021-4159
2071005.35.3
 
 
 
 
Hitachi Energy RTU500 HCI Modbus TCP stack-based overflow0.040.00000CVE-2022-2081
2070995.34.35.56.1
 
 
Measuresoft ScadaPro Server/ScadaPro Client link following0.040.00885CVE-2022-2898
2070987.06.3
 
7.8
 
 
Measuresoft ScadaPro Server/ScadaPro Client link following0.080.00885CVE-2022-2897
2070977.06.3
 
7.8
 
 
Measuresoft ScadaPro Server Project File use after free0.050.00885CVE-2022-2896
2070967.06.3
 
7.8
 
 
Measuresoft ScadaPro Server ActiveX Control stack-based overflow0.090.00885CVE-2022-2895
2070957.06.3
 
7.8
 
 
Measuresoft ScadaPro Server ActiveX Control untrusted pointer dereference0.000.00885CVE-2022-2894
2070948.38.8
 
7.8
 
 
Measuresoft ScadaPro Server ActiveX Control out-of-bounds write0.040.00885CVE-2022-2892
2070939.28.88.89.9
 
 
mySCADA myPRO command injection0.040.00885CVE-2022-2234
2070927.37.3
 
 
 
 
Delta Electronics DIALink hard-coded key0.000.00000CVE-2022-2660
2070917.65.59.8
 
 
 
Six Apart Movable Type XMLRPC API os command injection0.000.01440CVE-2022-38078
2070906.45.3
 
7.5
 
 
opcua denial of service0.030.00954CVE-2022-25903
2070896.45.3
 
7.5
 
 
node-opcua CloseSession Request memory allocation0.040.01018CVE-2022-24375
2070886.46.46.4
 
 
 
Nissan/Kia/Hyundai Vehicle Remote Keyless Entry RollBack improper authentication0.000.01213CVE-2022-37418
2070876.46.46.4
 
 
 
Honda Vehicle Remote Keyless Entry RollBack improper authentication0.050.01213CVE-2022-37305
2070866.46.46.4
 
 
 
Mazda Vehicle Remote Keyless Entry RollBack improper authentication0.080.01213CVE-2022-36945
2070854.43.55.4
 
 
 
exceedone Exment/laravel-admin cross site scripting0.060.01061CVE-2022-38089
2070844.43.55.4
 
 
 
exceedone Exment/laravel-admin cross site scripting0.040.01061CVE-2022-38080
2070837.56.38.8
 
 
 
exceedone Exment/laravel-admin sql injection0.050.01061CVE-2022-37333
2070824.43.55.4
 
 
 
Job Configuration History Plugin System Configuration History Page cross site scripting0.000.00885CVE-2022-38664
2070814.94.35.5
 
 
 
coreos-installer Ignition Config default permission0.040.00950CVE-2021-3917
2070804.83.56.1
 
 
 
ServiceNow Logout cross site scripting0.410.00885CVE-2022-38463
2070793.53.5
 
 
 
 
ServiceNow Performance Analytics Dashboard cross site scripting0.080.00885CVE-2022-38172
2070785.03.56.5
 
 
 
CollabNet Plugin Controller File System credentials storage0.000.00885CVE-2022-38665
2070775.03.56.5
 
 
 
Git Plugin Build Log insufficiently protected credentials0.080.00885CVE-2022-38663
2070767.06.37.8
 
 
 
libarchive Access Control List link following0.000.01018CVE-2021-31566
2070757.06.37.8
 
 
 
libarchive Access Control List access control0.080.01018CVE-2021-23177
2070748.17.28.88.2
 
 
Linksys MR8300 DDNS Service os command injection0.050.01005CVE-2022-38132
2070735.24.95.5
 
 
 
systemd tmp recursion0.040.00950CVE-2021-3997
2070725.03.56.5
 
 
 
libvirt virConnectGetAllDomainStats API qemuMonitorUnregister use after free0.040.00950CVE-2021-3975
2070715.44.3
 
6.5
 
 
PowerDNS Recursor protobuf Log denial of service0.000.00890CVE-2022-37428
2070704.93.94.36.4
 
 
NotrinosERP improper restriction of rendered ui layers0.040.00885CVE-2022-2965
2070697.36.37.87.8
 
 
vim use after free0.040.00954CVE-2022-2946
2070685.94.37.5
 
 
 
Open vSwitch IP Fragmentation memory leak0.040.01018CVE-2021-3905
2070675.53.57.5
 
 
 
DPDK vhost Library vhost_user_set_inflight_fd out-of-bounds write0.040.00954CVE-2021-3839
2070667.26.38.1
 
 
 
Keycloak SOAP Request improper authentication0.000.00950CVE-2021-3827
2070655.53.57.5
 
 
 
glib pkexec information disclosure0.030.01018CVE-2021-3800
2070644.02.65.5
 
 
 
openCryptoki Private Key C_DeriveKey information disclosure0.050.00950CVE-2021-3798
2070635.65.06.3
 
 
 
ansible-runner Temporary Directory race condition0.000.00890CVE-2021-3702
2070627.26.38.1
 
 
 
ansible-runner default permission0.070.00950CVE-2021-3701
2070613.53.5
 
 
 
 
Undertow WebSocket PONG Message resource consumption0.000.01018CVE-2021-3690
2070605.44.36.5
 
 
 
Samba AD DC resource consumption0.040.01282CVE-2021-3670
2070595.53.57.5
 
 
 
OpenEXR hufDecode integer overflow0.040.01018CVE-2021-20304
2070586.85.68.1
 
 
 
Keycloak Timestamp certificate validation0.060.00885CVE-2020-35509
2070577.06.37.8
 
 
 
pngcheck PNG File buffer over-read0.040.00885CVE-2020-35511

36 more entries are not shown

Interested in the pricing of exploits?

See the underground prices here!