CVSSv3 10/22/2022

CVSSv3 Base

≤10
≤20
≤30
≤41
≤54
≤64
≤73
≤86
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤30
≤41
≤57
≤61
≤79
≤80
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤31
≤41
≤53
≤65
≤70
≤88
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤41
≤52
≤61
≤75
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2120107.37.3
 
 
 
 
Axiomatic Bento4 mp42hevc WriteSample heap-based overflow1.920.00954CVE-2022-3670
2120095.35.3
 
 
 
 
Axiomatic Bento4 mp4edit Create memory leak1.690.00954CVE-2022-3669
2120085.35.3
 
 
 
 
Axiomatic Bento4 mp4edit CreateAtomFromStream memory leak1.720.00954CVE-2022-3668
2120077.37.3
 
 
 
 
Axiomatic Bento4 mp42aac Ap4ByteStream.cpp WritePartial heap-based overflow1.720.00954CVE-2022-3667
2120067.37.3
 
 
 
 
Axiomatic Bento4 mp42ts Ap4LinearReader.cpp Advance use after free1.750.00954CVE-2022-3666
2120057.37.3
 
 
 
 
Axiomatic Bento4 avcinfo AvcInfo.cpp heap-based overflow2.020.00954CVE-2022-3665
2120047.37.3
 
 
 
 
Axiomatic Bento4 avcinfo Ap4BitStream.cpp WriteBytes heap-based overflow2.280.00954CVE-2022-3664
2120035.35.3
 
 
 
 
Axiomatic Bento4 MP4fragment Ap4StsdAtom.cpp AP4_StsdAtom null pointer dereference1.420.00954CVE-2022-3663
2120027.37.3
 
 
 
 
Axiomatic Bento4 mp42hls Ap4Sample.h GetOffset use after free2.150.00954CVE-2022-3662
2120017.07.2
 
6.7
 
 
Dell EMC PowerScale OneFS Privilege Escalation0.060.00885CVE-2022-34438
2120007.07.2
 
6.7
 
 
Dell EMC PowerScale OneFS os command injection0.050.01005CVE-2022-34437
2119994.72.7
 
6.7
 
 
Dell EMC PowerScale OneFS log file0.000.00885CVE-2022-31239
2119983.84.3
 
3.3
 
 
skylot jadx ZIP File denial of service0.050.00885CVE-2022-39259
2119974.83.5
 
6.2
 
 
Softmotions IOWOW JSON Parser buffer overflow0.040.00885CVE-2022-23462
2119966.35.6
 
7.0
 
 
Dell PowerStore authentication bypass0.180.01055CVE-2022-26870
2119954.34.3
 
4.3
 
 
Dell EMC Isilon OneFS SSHD default permission0.070.00885CVE-2020-5355
2119944.64.3
 
5.0
 
 
Flux unknown vulnerability0.060.00885CVE-2022-39272
2119935.35.3
 
5.3
 
 
Dell EMC PowerScale OneFS allocation of resources0.000.01055CVE-2022-34439

Interested in the pricing of exploits?

See the underground prices here!