CVSSv3 10/02/2022

CVSSv3 Base

≤10
≤20
≤30
≤42
≤50
≤60
≤717
≤82
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤42
≤50
≤617
≤72
≤80
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤30
≤42
≤50
≤60
≤717
≤82
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2100996.36.3
 
 
 
 
ZKTeco ZKBiosecurity authUserAction!edit.action access control0.000.00890CVE-2022-36634
2100986.36.3
 
 
 
 
ZKTeco ZKBiosecurity baseOpLog.do sql injection0.090.00890CVE-2022-36635
2100976.36.3
 
 
 
 
Google Chrome ChromeOS Notifications use after free0.910.00000CVE-2022-3318
2100966.36.3
 
 
 
 
Google Chrome Intents input validation0.070.00000CVE-2022-3317
2100956.36.3
 
 
 
 
Google Chrome Safe Browsing Remote Code Execution0.050.00000CVE-2022-3316
2100946.36.3
 
 
 
 
Google Chrome Blink type confusion0.050.00000CVE-2022-3315
2100936.36.3
 
 
 
 
Google Chrome Logging use after free0.270.00000CVE-2022-3314
2100926.36.3
 
 
 
 
Google Chrome Full Screen Remote Code Execution0.050.00000CVE-2022-3313
2100916.36.3
 
 
 
 
Google Chrome VPN Remote Code Execution0.000.00000CVE-2022-3312
2100906.36.3
 
 
 
 
Google Chrome Import use after free0.180.00000CVE-2022-3311
2100896.36.3
 
 
 
 
Google Chrome Custom Tabs Remote Code Execution0.000.00000CVE-2022-3310
2100886.36.3
 
 
 
 
Google Chrome Assistant use after free0.320.00000CVE-2022-3309
2100876.36.3
 
 
 
 
Google Chrome Developer Tools Remote Code Execution0.050.00000CVE-2022-3308
2100866.36.3
 
 
 
 
Google Chrome Media use after free0.180.00000CVE-2022-3307
2100856.36.3
 
 
 
 
Google Chrome Survey use after free0.000.00000CVE-2022-3306
2100846.36.3
 
 
 
 
Google Chrome Survey use after free0.060.00000CVE-2022-3305
2100836.36.3
 
 
 
 
Google Chrome CSS use after free0.050.00000CVE-2022-3304
2100827.37.3
 
 
 
 
Backdoor.Win32.Delf.eg Service Port 7401 backdoor0.050.00000
2100817.37.3
 
 
 
 
Backdoor.Win32.NTRC hard-coded credentials0.060.00000
2100803.53.5
 
 
 
 
FasterXML jackson-databind Array BeanDeserializer._deserializeFromArray resource consumption0.740.00954CVE-2022-42004
2100793.53.5
 
 
 
 
FasterXML jackson-databind Deserialize resource consumption1.610.00954CVE-2022-42003

Do you know our Splunk app?

Download it now for free!