CVSSv3 September 2022

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤24
≤363
≤4370
≤5347
≤6559
≤7575
≤8159
≤9110
≤1025

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤27
≤365
≤4384
≤5334
≤6702
≤7476
≤8162
≤960
≤1022

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤28
≤383
≤4473
≤5328
≤6523
≤7519
≤8166
≤989
≤1023

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤31
≤43
≤52
≤69
≤78
≤831
≤99
≤101

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤25
≤38
≤426
≤586
≤6147
≤7114
≤8144
≤981
≤1042

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤51
≤64
≤74
≤829
≤922
≤103

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

PublishedBaseVDBNVDCNAVendResVulnerabilityCTICVE
09/30/20225.55.5
 
 
 
 
COVESA DLT Daemon DLT File Parser heap-based overflow1.26CVE-2022-39836
09/30/20223.53.5
 
 
 
 
COVESA DLT Daemon DLT File null pointer dereference1.20CVE-2022-39837
09/30/20226.45.3
 
7.5
 
 
Cloudflare GoFlow sflow Decoder resource consumption1.48CVE-2022-2529
09/30/20223.82.7
 
4.9
 
 
DNN path traversal1.60CVE-2022-2922
09/30/20225.35.3
 
5.3
 
 
react-native-reanimated Parser Colors.js incorrect regex1.38CVE-2022-24373
09/30/20225.35.3
 
5.3
 
 
css-what Regular Expression index.js parse incorrect regex1.23CVE-2022-21222
09/30/20223.53.5
 
 
 
 
Axiomatic Bento4 Ap4StdCFileByteStream.cpp Create memory leak1.35CVE-2022-41847
09/30/20223.53.5
 
 
 
 
Axiomatic Bento4 Ap4DataBuffer.cpp ReallocateBuffer memory allocation1.14CVE-2022-41846
09/30/20223.53.5
 
 
 
 
Axiomatic Bento4 Ap4Array.h AP4_Array memory allocation1.05CVE-2022-41845
09/30/20224.34.3
 
 
 
 
Xpdf XRef.cc fetch denial of service1.20CVE-2022-41844
09/30/20224.34.3
 
 
 
 
Xpdf FoFiType1C.cc convertToType0 denial of service1.04CVE-2022-41843
09/30/20224.34.3
 
 
 
 
Xpdf gfile.cc gfseek denial of service1.14CVE-2022-41842
09/30/20226.66.6
 
 
 
 
Linux Kernel PCMCIA Device synclink_cs.c mgslpc_ioctl use after free1.32CVE-2022-41848
09/30/20227.17.1
 
 
 
 
Linux Kernel hid-roccat.c roccat_report_event use after free1.32CVE-2022-41850
09/30/20226.36.3
 
 
 
 
Linux Kernel USB Device smscufx.c ufx_ops_open use after free1.27CVE-2022-41849
09/30/20226.36.3
 
 
 
 
Microsoft Exchange Server PowerShell Privilege Escalation10.00-CVE-2022-41082
09/30/20226.36.3
 
 
 
 
Microsoft Exchange Server server-side request forgery10.00-CVE-2022-41040
09/30/20223.53.5
 
 
 
 
Dutchcoders transfer.sh cross site scripting0.89-CVE-2022-40931
09/30/20223.53.5
 
 
 
 
kkFileView cross site scripting1.29-CVE-2022-40879
09/30/20223.53.5
 
 
 
 
FeehiCMS Single Page Module cross site scripting1.32-CVE-2022-40408
09/30/20225.55.5
 
 
 
 
Amazon AWS Redshift JDBC Driver Object Factory Privilege Escalation1.57-CVE-2022-41828
09/30/20229.28.8
 
9.6
 
 
isolated-vm API protection mechanism1.57-CVE-2022-39266
09/30/20223.53.5
 
 
 
 
DGIOT Lightweight industrial IoT cross site scripting1.66-CVE-2022-35137
09/30/20225.55.5
 
 
 
 
Chamilo ZIP File unrestricted upload1.38-CVE-2022-40407
09/30/20227.97.3
 
8.6
 
 
matrix-rust-sdk Room Key key exchange without entity authentication1.41-CVE-2022-39252
09/30/20224.64.6
 
 
 
 
NetApp SnapCenter Content Security Policy Privilege Escalation1.26-CVE-2022-38732
09/30/20225.55.5
 
 
 
 
Octopus Deploy Login allocation of resources1.45-CVE-2022-2778
09/30/20225.55.5
 
 
 
 
ZKTeco ZKBio Time Add New Message Module csv injection1.38-CVE-2022-40472
09/30/20226.36.3
 
 
 
 
SourceCodester Student Result Management System sql injection1.38-CVE-2022-40887
09/30/20226.85.6
 
8.1
 
 
uClibC/uClibc-ng libpthread memory corruption1.54-CVE-2022-29503
09/30/20224.34.3
 
 
 
 
Discourse Javascript Error denial of service1.20-CVE-2022-39232
09/30/20224.74.7
 
 
 
 
Discourse Theme authorization1.42-CVE-2022-36068
09/30/20225.35.3
 
 
 
 
ikus060 rdiffweb allocation of resources1.23-CVE-2022-3364
09/30/20223.93.5
 
4.3
 
 
Discourse User Profile allocation of resources1.23-CVE-2022-39226
09/30/20226.94.7
 
9.1
 
 
Discourse ZIP unrestricted upload1.20-CVE-2022-36066
09/30/20227.97.3
 
8.6
 
 
matrix-nio Room Key key exchange without entity authentication1.18-CVE-2022-39254
09/30/20226.36.3
 
 
 
 
Projectworlds Hospital Management System hms-staff.php sql injection2.89-CVE-2022-33880
09/30/20224.44.3
 
4.6
 
 
IBM Robotic Process Automation Upgrade Log log file1.32-CVE-2022-39168
09/29/20223.53.5
 
 
 
 
Open5GS AMF amf-context.c denial of service0.68CVE-2022-40890
09/29/20222.12.1
 
 
 
 
Flipper Zero NFC File nfc_device_load_mifare_ul_data buffer overflow0.64CVE-2022-40363
09/29/20227.06.3
 
7.8
 
 
vim use after free0.58CVE-2022-3352
09/29/20225.55.5
 
 
 
 
TOTOLINK A860R downloadFile.cgi command injection0.47CVE-2022-40475
09/29/20225.55.5
 
 
 
 
Clash for Windows Service Mode access control0.89CVE-2022-40126
09/29/20227.97.3
 
8.6
 
 
matrix-js-sdk Verification key exchange without entity authentication0.95CVE-2022-39250
09/29/20226.24.3
 
8.2
 
 
inventree cross site scripting0.16CVE-2022-3355
09/29/20223.53.5
 
 
 
 
glFusion CMS Title Request Parameter cross site scripting0.06CVE-2021-45843
09/29/20223.53.5
 
 
 
 
ovirt-engine Windows Service Accounts Home Page cross site scripting0.06CVE-2022-3193
09/29/20224.53.5
 
5.5
 
 
polonel trudesk Ticket Filter cross site scripting0.06CVE-2022-1719
09/29/20225.55.5
 
 
 
 
Moodle Shibboleth Authentication Plugin Privilege Escalation0.19CVE-2021-40691
09/29/20223.53.5
 
 
 
 
ZyXEL CloudCNM SecuManager handle_campaign_script_link cross site scripting0.12CVE-2020-15339

2162 more entries are not shown

Do you need the next level of professionalism?

Upgrade your account now!