CVSSv3 10/18/2022

CVSSv3 Base

≤10
≤20
≤33
≤412
≤588
≤629
≤785
≤832
≤920
≤105

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤34
≤413
≤587
≤683
≤736
≤830
≤916
≤105

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤311
≤421
≤585
≤635
≤777
≤826
≤914
≤105

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤41
≤53
≤68
≤79
≤820
≤911
≤109

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤34
≤46
≤59
≤618
≤717
≤825
≤97
≤106

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2119436.36.3
 
 
 
 
Mozilla Firefox memory corruption0.040.00000CVE-2022-42932
2119422.62.6
 
 
 
 
Mozilla Firefox Form Manager cleartext storage in a file or on disk0.030.00000CVE-2022-42931
2119415.05.0
 
 
 
 
Mozilla Firefox ThirdPartyUtil race condition0.040.00000CVE-2022-42930
2119404.34.3
 
 
 
 
Mozilla Firefox window.print denial of service0.000.00000CVE-2022-42929
2119393.13.1
 
 
 
 
Mozilla Firefox Garbage Collector memory corruption0.000.00000CVE-2022-42928
2119384.34.3
 
 
 
 
Mozilla Firefox unknown vulnerability0.040.00000CVE-2022-42927
2113644.23.55.53.5
 
 
Linux Kernel CIFS sess.c sess_free_buffer double free0.050.00885CVE-2022-3595
2113636.05.37.55.3
 
 
Linux Kernel BPF r8152.c intr_callback logging of excessive data0.050.00885CVE-2022-3594
2113622.32.3
 
 
 
 
Linux Kernel iproute2 ipmptcp.c mptcp_limit_get_set memory leak [False-Positive]0.050.00000CVE-2022-3593
2113615.55.5
 
 
 
 
Billing System Project editProductImage.php unrestricted upload0.060.01338CVE-2022-41504
2113606.96.77.26.7
 
 
Fortinet FortiTester Certificate Import os command injection0.030.00885CVE-2022-35844
2113597.86.89.86.8
 
 
Fortinet FortiTester Console Login os command injection0.060.02055CVE-2022-33873
2113584.43.55.3
 
 
 
supybot-fedora Refresh resource consumption0.000.00885CVE-2020-15853
2113575.53.57.5
 
 
 
MobSF Mobile Security Framework HTTP Request views.py file inclusion0.000.00885CVE-2022-41547
2113564.83.75.9
 
 
 
TP-LINK AX10v1 hard-coded key0.000.10855CVE-2022-41540
2113557.65.59.8
 
 
 
Tenda AC18 fromSetSysTime stack-based overflow0.030.00885CVE-2022-43260
2113546.55.57.5
 
 
 
Tenda AC15 form_fast_setting_wifi_set stack-based overflow0.070.00885CVE-2022-43259
2113536.85.68.1
 
 
 
TP-Link AX10v1 authentication replay0.000.10855CVE-2022-41541
2113524.34.3
 
 
 
 
DevExpress ASP.NET Web Forms ASPxHttpHandlerModule DXR.axd resource injection0.030.00885CVE-2022-41479
2113517.23.79.88.1
 
 
Fortinet FortiTester Telnet Port excessive authentication0.000.00885CVE-2022-35846
2113509.89.8
 
9.8
 
 
Fortinet FortiTester SSH Login os command injection0.070.01055CVE-2022-33874
2113499.89.8
 
9.8
 
 
Fortinet FortiTester Telnet Login os command injection0.040.01055CVE-2022-33872
2113487.57.5
 
7.5
 
 
Fortinet FortiOS/FortiProxy HTTP GET Request uninitialized pointer0.030.00885CVE-2022-29055
2113476.35.57.2
 
 
 
Online Tours & Travels Management System profile.php unrestricted upload0.000.01338CVE-2022-41537
2113468.06.39.8
 
 
 
GetSimple CMS theme-edit.php Privilege Escalation0.000.01156CVE-2022-41544
2113453.53.5
 
 
 
 
AVEVA Edge LoadImportedLibraries xml external entity reference0.000.00000CVE-2022-36969
2113446.86.8
 
 
 
 
Tesla Model 3 ice_updater toctou0.040.00000CVE-2022-3093
2113435.55.5
 
 
 
 
AVEVA Edge Privilege Escalation0.060.00000CVE-2022-36970
2113429.89.8
 
 
 
 
D-Link DIR-2150 xupnpd_generic command injection0.000.00000CVE-2022-40719
2113419.89.8
 
 
 
 
D-Link DIR-2150 xupnpd command injection0.040.00000CVE-2022-40720
2113408.88.8
 
 
 
 
OPC Labs QuickOPC deserialization0.060.00000CVE-2022-2561
2113398.88.8
 
 
 
 
AVEVA Edge SetBytesToManagedControl deserialization0.000.00000CVE-2022-28685
2113388.88.8
 
 
 
 
AVEVA Edge uncontrolled search path0.000.00000CVE-2022-28686
2113378.88.8
 
 
 
 
AVEVA Edge uncontrolled search path0.060.00000CVE-2022-28687
2113368.88.8
 
 
 
 
AVEVA Edge uncontrolled search path0.000.00000CVE-2022-28688
2113358.08.0
 
 
 
 
D-Link DIR-2150 anweb action_handler stack-based overflow0.000.00000CVE-2022-40717
2113348.88.8
 
 
 
 
D-Link DIR-2150 anweb websocket_data_handler stack-based overflow0.000.00000CVE-2022-40718
2113338.88.8
 
 
 
 
D-Link DIR-2150 xupnpd ui_upload command injection0.000.00000CVE-2022-3210
2113329.89.8
 
 
 
 
D-Link Router lighttpd stack-based overflow0.090.00000CVE-2022-41140
2113313.53.5
 
 
 
 
TP-LINK TL-WR841N cross site scripting0.050.00885CVE-2022-42202
2113305.14.26.0
 
 
 
Asus System Control Interface AsusSoftwareManager.exe temp file0.000.00885CVE-2022-36439
2113297.06.37.8
 
 
 
ASUS System Control Interface AsusSwitch.exe permission0.050.00885CVE-2022-36438
2113288.88.8
 
 
 
 
Linux Kernel nft_object use after free0.040.00000CVE-2022-2586
2113276.36.3
 
 
 
 
Adobe Acrobat Reader AcroForm use after free0.000.00000CVE-2022-34227
2113268.18.1
 
 
 
 
Apple macOS Remote Event memory corruption0.030.00000CVE-2022-22630
2113258.88.8
 
 
 
 
Windscribe uncontrolled search path0.000.00000CVE-2022-41141
2113245.35.3
 
 
 
 
Unified Automation OPC UA C++ denial of service0.050.00000CVE-2022-37013
2113235.35.3
 
 
 
 
Unified Automation OPC UA C++ denial of service0.030.00000CVE-2022-37012
2113227.37.3
 
 
 
 
EnterpriseDT CompleteFTP Server HttpFile pathname traversal0.000.00000CVE-2022-2560
2113214.74.7
 
 
 
 
Centreon Poller Broker sql injection0.000.00000CVE-2022-42429

224 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!