CVSSv3 09/01/2022

CVSSv3 Base

≤10
≤20
≤30
≤411
≤59
≤625
≤717
≤87
≤92
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤411
≤59
≤630
≤713
≤87
≤91
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤414
≤513
≤620
≤715
≤86
≤93
≤102

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤51
≤62
≤75
≤810
≤92
≤101

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2077117.57.5
 
 
 
 
Linux Kernel i740 Driver ioctl divide by zero0.000.00885CVE-2022-3061
2077104.34.3
 
 
 
 
Linux Kernel printer_ioctl use after free0.100.00885CVE-2020-27784
2077094.64.6
 
 
 
 
Apache ShenYu Admin Administrator permission0.000.00885CVE-2022-37435
2077083.53.5
 
 
 
 
Weave GitOps Enterprise javascript URL cross site scripting0.050.00950CVE-2022-38790
2077075.44.3
 
6.5
 
 
Helm Data Structure resource consumption0.000.00885CVE-2022-36055
2077068.18.1
 
 
 
 
Contiki-NG IPv6 Packet uipbuf.c uipbuf_get_next_header buffer overflow0.000.00885CVE-2022-36053
2077057.08.1
 
5.9
 
 
Contiki-NG 6LoWPAN Packet out-of-bounds0.000.00885CVE-2022-36052
2077047.27.5
 
6.8
 
 
Contiki-NG Fragmented Packet sicslowpan.c 6LoWPAN out-of-bounds write0.050.00885CVE-2022-36054
2077036.36.3
 
 
 
 
libtiff tiffcrop.c rotateImage buffer size0.000.00885CVE-2022-2520
2077026.36.3
 
 
 
 
libtiff tiffcrop.c rotateImage double free0.000.00885CVE-2022-2519
2077016.36.3
 
 
 
 
SourceCodester Garage Management System manage_website.php unrestricted upload0.000.00885CVE-2022-37184
2077005.73.5
 
8.0
 
 
francoisjacquet rosariosis cross site scripting0.000.00885CVE-2022-3072
2076993.53.5
 
 
 
 
SourceCodester Doctors Appointment System Admin Panel cross site scripting0.000.00890CVE-2022-36203
2076983.53.5
 
 
 
 
Piwigo created-monthly-list cross site scripting0.000.00885CVE-2022-37183
2076977.67.8
 
7.3
 
 
Dell Command Integration Suite Local Privilege Escalation0.000.00885CVE-2022-34373
2076966.36.3
 
 
 
 
AeroCMS sql injection0.000.00885CVE-2022-38812
2076955.55.5
 
 
 
 
D-Link DIR-816 A2 Diagnosis v10 command injection0.000.02055CVE-2022-37130
2076945.55.5
 
 
 
 
D-Link DIR-816 A2 Command Parameter SystemCommand byte_4836B0 command injection0.000.02055CVE-2022-37129
2076935.55.5
 
 
 
 
D-Link DIR-816 A2 NTPSyncWithHost command injection0.000.01005CVE-2022-37125
2076925.55.5
 
 
 
 
D-Link DIR-816 A2 form2userconfig.cgi command injection0.000.02055CVE-2022-37123
2076914.34.3
 
 
 
 
D-Link DIR-816 setMAC improper authentication0.000.00885CVE-2022-36619
2076906.74.7
 
8.7
 
 
Zitadel interpretation conflict0.040.00890CVE-2022-36051
2076895.55.5
 
 
 
 
D-Link DIR-816 A2 addRouting buffer overflow0.050.00885CVE-2022-36620
2076885.95.5
 
6.3
 
 
Dell Unisphere for PowerMax client-side enforcement of server-side security0.000.00885CVE-2022-31233
2076877.37.3
 
7.2
 
 
Zephyr Flag tcp.c tcp_flags out-of-bounds write0.000.00885CVE-2022-1841
2076866.36.3
 
 
 
 
D-Link DIR-816 A2 wizard_end improper authentication0.000.00885CVE-2022-37128
2076854.34.3
 
 
 
 
Honeywell Experion LX denial of service0.000.00885CVE-2022-30317
2076847.37.3
 
 
 
 
Quarkus HTTP Request request smuggling0.000.00885CVE-2022-2466
2076835.55.5
 
 
 
 
Red Hat OpenShift Subdomain improper authorization0.060.00885CVE-2022-2220
2076828.38.8
 
7.8
 
 
AutomationDirect DirectLOGIC Installation uncontrolled search path0.200.11898CVE-2022-2006
2076815.63.7
 
7.5
 
 
AutomationDirect C-more EA9 HMI cleartext transmission0.060.00885CVE-2022-2005
2076807.57.5
 
7.5
 
 
AutomationDirect DirectLOGIC Packet resource consumption0.000.00885CVE-2022-2004
2076797.26.8
 
7.7
 
 
AutomationDirect DirectLOGIC CPU Serial Port cleartext transmission0.100.00885CVE-2022-2003
2076787.06.3
 
7.8
 
 
Fuji Electric Alpha7 PC Loader Project File stack-based overflow0.050.02559CVE-2022-1888
2076777.06.3
 
7.8
 
 
Delta Electronics CNCSoft Project File stack-based overflow0.000.00885CVE-2022-1405
2076763.84.3
 
3.3
 
 
Delta Electronics CNCSoft Project File out-of-bounds0.050.00885CVE-2022-1404
2076753.53.5
 
 
 
 
GreycLab Clmg BMP File resource consumption0.050.01034CVE-2022-1325
2076745.55.5
 
 
 
 
Undertow AJP 400 Response return value0.000.00950CVE-2022-1319
2076734.34.3
 
 
 
 
Undertow HTTP2 resource consumption0.110.00885CVE-2022-1259
2076724.34.3
 
 
 
 
libjpeg-turbo Input jcopy_sample_rows null pointer dereference0.000.00885CVE-2020-35538
2076713.13.1
 
 
 
 
GNU gcc lra-constraints.c match_reload denial of service0.050.00885CVE-2020-35536
2076705.55.5
 
 
 
 
Linux Kernel KVM kvm_main.c kvm_vcpu_init null pointer dereference0.090.00950CVE-2022-1263
2076695.55.5
 
 
 
 
Novel-Plus JWT Key hard-coded key0.130.00885CVE-2022-36672
2076683.53.5
 
 
 
 
Novel-Plus Download API information disclosure0.000.00885CVE-2022-36671
2076676.36.3
 
 
 
 
Hashicorp Boundary Scope access control0.000.00885CVE-2022-36130
2076665.55.5
 
 
 
 
Tenda AC9 WanParameterSetting stack-based overflow0.050.00885CVE-2022-36571
2076655.55.5
 
 
 
 
Tenda AC9 SetLEDCfg stack-based overflow0.440.00885CVE-2022-36570
2076645.55.5
 
 
 
 
Tenda AC9 setMacFilterCfg stack-based overflow0.100.00885CVE-2022-36569
2076635.55.5
 
 
 
 
Tenda AC9 Parameter setPptpUserList stack-based overflow0.100.00885CVE-2022-36568
2076623.73.7
 
 
 
 
wolfSSL TLS denial of service0.250.00950CVE-2022-38153

23 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!