CVSSv3 09/24/2022

CVSSv3 Base

≤10
≤20
≤31
≤415
≤519
≤622
≤732
≤85
≤93
≤102

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤31
≤415
≤519
≤629
≤725
≤85
≤93
≤102

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤421
≤515
≤619
≤733
≤86
≤93
≤101

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤54
≤610
≤77
≤83
≤91
≤103

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2095374.34.3
 
 
 
 
Host Engineering H0-ECOM100 Communications Module stack-based overflow2.040.00000CVE-2022-3228
2095362.92.9
 
 
 
 
Medtronic MiniMed 620G protection mechanism2.170.00000CVE-2022-32537
2095355.36.3
 
4.3
 
 
Nepxion Discovery URL getForEntity server-side request forgery2.170.00000CVE-2022-23464
2095347.37.3
 
 
 
 
Nepxion Discovery SpEL unknown vulnerability2.350.00000CVE-2022-23463
2095334.34.3
 
 
 
 
Rocket.Chat Mobile App PIN improper authentication2.130.00000CVE-2022-30124
2095324.84.3
 
5.4
 
 
Jodit Editor cross site scripting3.940.00000CVE-2022-23461
2095313.53.5
 
 
 
 
Rocket.Chat Style cross site scripting1.990.00000CVE-2022-35251
2095305.55.5
 
 
 
 
Apple macOS Bluetooth access control1.990.00000CVE-2022-32783
2095295.54.3
 
6.8
 
 
vim null pointer dereference1.720.00000CVE-2022-3278
2095285.55.5
 
 
 
 
Rocket.chat Direct Message access control1.960.00000CVE-2022-35250
2095275.55.5
 
 
 
 
Rocket.Chat Two Factor Authentication improper authentication1.830.00000CVE-2022-35248
2095263.73.7
 
 
 
 
Rocket.Chat cleartext transmission1.990.00000CVE-2022-32227
2095253.53.5
 
 
 
 
Rocket.Chat OAuth Token cleartext storage2.080.00000CVE-2022-32217
2095246.36.3
 
 
 
 
Rocket.Chat 2FA Secret sql injection1.860.00000CVE-2022-32211
2095234.34.3
 
 
 
 
Apple macOS Environment Variable information disclosure1.940.00000CVE-2022-26707
2095229.38.8
 
9.8
 
 
Grandstream GSD3710 strcopy stack-based overflow2.160.00000CVE-2022-2025
2095213.53.5
 
 
 
 
AjaXplorer SVG File cross site scripting2.040.00000CVE-2022-40358
2095205.75.7
 
 
 
 
Tenda i9 String set_local_time buffer overflow1.820.00000CVE-2022-40106
2095194.74.7
 
 
 
 
Apple macOS access control1.840.00000CVE-2022-32782
2095184.74.7
 
 
 
 
Apple macOS access control2.010.00000CVE-2022-32781
2095174.74.7
 
 
 
 
Apple iOS/iPadOS access control1.870.00000CVE-2022-32781
2095168.38.8
 
7.8
 
 
Measuresoft ScadaPro Server access control1.950.00000CVE-2022-3263
2095155.35.3
 
5.3
 
 
Frontier Transaction calculation2.160.00000CVE-2022-39242
2095146.36.3
 
 
 
 
Apple iTunes Web Contents buffer overflow1.920.00000CVE-2022-22629
2095136.46.3
 
6.5
 
 
Tacitine EN6200-PRIME QUAD-35/EN6200-PRIME QUAD-100 Web-based Management Interface session fixiation1.950.00000CVE-2022-40630
2095126.45.3
 
7.5
 
 
Tacitine EN6200-PRIME QUAD-35/EN6200-PRIME QUAD-100 Web-based Management Interface information disclosure2.270.00000CVE-2022-40629
2095115.75.7
 
 
 
 
Tenda i9 String formexeCommand buffer overflow2.080.00000CVE-2022-40107
2095105.75.7
 
 
 
 
Tenda i9 String formWifiMacFilterGet buffer overflow1.890.00000CVE-2022-40105
2095095.75.7
 
 
 
 
Tenda i9 String formwrlSSIDget buffer overflow2.060.00000CVE-2022-40104
2095085.75.7
 
 
 
 
Tenda i9 String formSetAutoPing buffer overflow3.000.00000CVE-2022-40103
2095075.75.7
 
 
 
 
Tenda i9 String formwrlSSIDset buffer overflow3.800.00000CVE-2022-40102
2095065.75.7
 
 
 
 
Tenda i9 formWifiMacFilterSet buffer overflow3.080.00000CVE-2022-40101
2095055.55.5
 
 
 
 
Tenda i9 FormexeCommand command injection1.74-0.00000CVE-2022-40100
2095045.55.5
 
 
 
 
Scala JAR File deserialization1.74-0.00000CVE-2022-36944
2095033.53.5
 
 
 
 
Rocket.Chat Direct Message getUserMentionsByChannel information disclosure2.31-0.00000CVE-2022-35249
2095023.53.5
 
 
 
 
Rocket.Chat ACL Check getRoomRoles information disclosure1.61-0.00000CVE-2022-35247
2095013.53.5
 
 
 
 
Rocket.Chat Meteor Server getS3FileUrl injection1.57-0.00000CVE-2022-35246
2095007.57.5
 
 
 
 
Apple macOS denial of service1.70-0.00000CVE-2022-32790
2094997.57.5
 
 
 
 
Apple watchOS denial of service1.81-0.00000CVE-2022-32790
2094987.57.5
 
 
 
 
Apple tvOS denial of service1.81-0.00000CVE-2022-32790
2094977.57.5
 
 
 
 
Apple iOS/iPadOS denial of service3.17-0.00000CVE-2022-32790
2094963.53.5
 
 
 
 
Rocket.Chat MongoDB chat.getThreadsList information disclosure1.68-0.00000CVE-2022-32229
2094953.53.5
 
 
 
 
Rocket.Chat Message ID information disclosure1.44-0.00000CVE-2022-32228
2094945.55.5
 
 
 
 
Rocket.Chat Meteor Server getUsersOfRoom access control1.55-0.00000CVE-2022-32226
2094933.53.5
 
 
 
 
Rocket.Chat Message getUserMentionsByChannel information disclosure1.76-0.00000CVE-2022-32220
2094923.53.5
 
 
 
 
Rocket.Chat REST Endpoint Users.find information disclosure1.32-0.00000CVE-2022-32219
2094913.53.5
 
 
 
 
Rocket.Chat Regex MongoDB Query actionLinkHandler information exposure2.27-0.00000CVE-2022-32218
2094904.85.3
 
4.3
 
 
F-Secure/WithSecure Product PE File Unpack aerdl.dll denial of service2.82-0.00000CVE-2022-28886
2094896.36.3
 
 
 
 
Apple iTunes TIFF File out-of-bounds3.21-0.00000CVE-2020-36521
2094886.36.3
 
 
 
 
Apple iCloud TIFF File out-of-bounds3.13-0.00000CVE-2020-36521

49 more entries are not shown

Want to stay up to date on a daily basis?

Enable the mail alert feature now!