CVSSv3 08/31/2022

CVSSv3 Base

≤10
≤20
≤30
≤48
≤56
≤68
≤723
≤83
≤91
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤48
≤56
≤613
≤718
≤83
≤91
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤48
≤56
≤610
≤722
≤81
≤91
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤61
≤71
≤83
≤94
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2076384.34.3
 
 
 
 
Libtiffs TIFF File tiffcp.c main stack-based overflow0.190.00950CVE-2022-1355
2076374.34.3
 
 
 
 
Libtiffs TIFF File tiffinfo.c TIFFReadRawDataStriped out-of-bounds0.000.00950CVE-2022-1354
2076367.35.6
 
9.0
 
 
NodeBB random values0.100.00890CVE-2022-36045
2076354.34.3
 
 
 
 
libtiff tif_close.c TIFFClose release of reference0.000.00885CVE-2022-2521
2076345.65.6
 
 
 
 
PostgreSQL Non-Temporary Object sql injection0.050.00950CVE-2022-1552
2076336.36.3
 
 
 
 
Linux Kernel IP Framework af_key.c pfkey_register out-of-bounds write0.050.00950CVE-2022-3028
2076326.36.3
 
 
 
 
Linux Kernel Memory Subsystem gup.c race condition0.240.00885CVE-2022-2590
2076316.56.5
 
 
 
 
Linux Kernel KVM lapic.c kvm_irq_delivery_to_apic_fast null pointer dereference0.060.00950CVE-2022-2153
2076306.36.3
 
 
 
 
Linux Kernel io-uring io_uring.c use after free0.000.00885CVE-2022-1976
2076296.36.3
 
 
 
 
Linux Kernel NFC core.c use after free0.050.00885CVE-2022-1974
2076284.34.3
 
 
 
 
Linux Kernel io_uring Module io_uring.c io_read out-of-bounds0.050.00950CVE-2022-1508
2076276.56.5
 
 
 
 
Linux Kernel Amateur Radio AX.25 af_ax25.c ax25_release use after free0.100.00950CVE-2022-1205
2076266.56.5
 
 
 
 
Linux Kernel NFC netlink.c nfc_genl_fw_download_done uncaught exception0.050.00885CVE-2022-1975
2076254.64.6
 
 
 
 
Linux Kernel Rose Driver rose_connect race condition0.050.00885CVE-2022-1247
2076246.36.3
 
 
 
 
GNU gzip zgrep xzgrep.in incorrect behavior order: early validation0.000.01232CVE-2022-1271
2076233.53.5
 
 
 
 
Joomla information disclosure0.000.00885CVE-2022-27911
2076225.55.5
 
 
 
 
Freeciv Modpack Installer buffer overflow0.000.00950CVE-2022-39047
2076215.55.5
 
 
 
 
Apache Geode REST API deserialization0.050.00885CVE-2022-37023
2076205.55.5
 
 
 
 
Apache Geode JMX over RMI deserialization0.050.00885CVE-2022-37022
2076195.55.5
 
 
 
 
Apache Geode JMX over RMI deserialization0.240.00885CVE-2022-37021
2076186.45.3
 
7.5
 
 
GNU C Library syslog uninitialized pointer0.050.00885CVE-2022-39046
2076173.53.5
 
 
 
 
Razor uploadchannel cross site scripting0.000.00885CVE-2022-36747
2076166.45.3
 
7.5
 
 
HCL VersionVault Express unusual condition0.000.00885CVE-2022-27563
2076154.32.7
 
6.0
 
 
HCL VersionVault Express insufficiently protected credentials0.050.00885CVE-2022-27560
2076146.36.3
 
 
 
 
gvim Installer Program.exe Privilege Escalation0.000.02559CVE-2022-37173
2076136.36.3
 
 
 
 
Msys2 msys64 access control0.000.02559CVE-2022-37172
2076126.36.3
 
 
 
 
Wamp Wamp64 access control0.000.02559CVE-2022-36565
2076116.36.3
 
 
 
 
StrawberryPerl Strawberry access control0.050.02559CVE-2022-36564
2076103.53.5
 
 
 
 
Dell EMC Data Protection Advisor Trusted Application Data Store cross site scripting0.000.00885CVE-2022-33935
2076097.06.3
 
7.8
 
 
vim use after free0.000.00885CVE-2022-3037
2076086.36.3
 
 
 
 
XPDF AcroForm.cc memory corruption0.050.00885CVE-2022-36561
2076075.44.7
 
6.1
 
 
Dell EMC NetWorker insufficient permissions or privileges0.000.00885CVE-2022-34368
2076067.97.3
 
8.6
 
 
Dell EMC SmartFabric os command injection0.140.01055CVE-2022-31232
2076057.56.3
 
8.8
 
 
Dell Container Storage Modules goiscsi/gobrick path traversal0.000.01055CVE-2022-34375
2076048.88.8
 
8.8
 
 
Dell Container Storage Modules goiscsi/gobrick os command injection0.340.01055CVE-2022-34374
2076035.55.5
 
 
 
 
Rubyinstaller2 access control0.000.02559CVE-2022-36563
2076026.36.3
 
 
 
 
Rubyinstaller2 access control0.050.02559CVE-2022-36562
2076013.53.5
 
 
 
 
PicUploader index.php cross site scripting0.050.00885CVE-2022-36748
2076003.53.5
 
 
 
 
LibreNMS oxidized-cfg-check.inc.php cross site scripting0.000.00885CVE-2022-36746
2075993.53.5
 
 
 
 
LibreNMS print-customoid.php cross site scripting0.000.00885CVE-2022-36745
2075983.53.5
 
 
 
 
SourceCodester Library Management System edit_book_details.php cross site scripting0.000.00885CVE-2022-36657
2075976.36.3
 
 
 
 
SourceCodester Library Management System delete.php sql injection0.050.00885CVE-2022-36735
2075966.36.3
 
 
 
 
SourceCodester Library Management System delstu.php sql injection0.000.00885CVE-2022-36734
2075956.36.3
 
 
 
 
SourceCodester Library Management System del.php sql injection0.000.00885CVE-2022-36733
2075946.36.3
 
 
 
 
SourceCodester Library Management System dele.php sql injection0.000.00885CVE-2022-36732
2075936.36.3
 
 
 
 
SourceCodester Library Management System delstu.php sql injection0.000.00885CVE-2022-36731
2075926.36.3
 
 
 
 
SourceCodester Library Management System delete.php sql injection0.000.00885CVE-2022-36730
2075913.53.5
 
 
 
 
IBM Security Identity Manager URL redirect0.050.01055CVE-2021-29864
2075905.55.5
 
 
 
 
RPi-Jukebox-RFID Filename Files.php command injection0.050.01005CVE-2022-36749

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!