CVSSv3 10/26/2022

CVSSv3 Base

≤10
≤20
≤33
≤412
≤519
≤617
≤729
≤817
≤97
≤1010

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤33
≤412
≤519
≤634
≤715
≤815
≤96
≤1010

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤34
≤414
≤522
≤613
≤730
≤819
≤92
≤1010

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤61
≤72
≤85
≤90
≤105

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤515
≤65
≤73
≤84
≤95
≤1015

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2123245.05.0
 
 
 
 
vim autocmd quickfix.c qf_update_buffer use after free2.780.00885CVE-2022-3705
2123236.36.3
 
 
 
 
CERTCC VINCE User Profile code injection0.000.01156CVE-2022-40238
2123223.53.5
 
 
 
 
Apache IoTDB Regexp Query denial of service0.040.00885CVE-2022-43766
2123216.36.3
 
 
 
 
Apache Linkis MySQL Data Source deserialization0.260.01156CVE-2022-39944
2123206.36.3
 
 
 
 
Apache Flume JMS Source injection0.400.05634CVE-2022-42468
2123193.53.5
 
 
 
 
Ruby on Rails _table.html.erb cross site scripting2.050.00890CVE-2022-3704
2123186.36.3
 
 
 
 
Google Chrome Extensions input validation0.260.00000CVE-2022-3661
2123176.36.3
 
 
 
 
Google Chrome Full Screen Mode Remote Code Execution0.330.00000CVE-2022-3660
2123166.36.3
 
 
 
 
Google Chrome Accessibility use after free0.400.00000CVE-2022-3659
2123156.36.3
 
 
 
 
Google Chrome Feedback Service use after free0.200.00000CVE-2022-3658
2123146.36.3
 
 
 
 
Google Chrome Extensions use after free0.200.00000CVE-2022-3657
2123136.36.3
 
 
 
 
Google Chrome File System input validation0.290.00000CVE-2022-3656
2123126.36.3
 
 
 
 
Google Chrome Media Galleries heap-based overflow0.200.00000CVE-2022-3655
2123116.36.3
 
 
 
 
Google Chrome Layout use after free0.260.00000CVE-2022-3654
2123106.36.3
 
 
 
 
Google Chrome Vulkan heap-based overflow0.200.00000CVE-2022-3653
2123096.36.3
 
 
 
 
Google Chrome V8 type confusion1.200.00000CVE-2022-3652
2123085.55.5
 
 
 
 
Winter Snowboard Framework prototype pollution0.080.01018CVE-2022-39357
2123074.84.3
 
5.4
 
 
joyqi hyper-down Markdown Parser cross site scripting0.030.00885CVE-2022-25849
2123067.37.3
 
 
 
 
Feathers JS Library sql injection0.000.00885CVE-2022-29822
2123057.37.3
 
 
 
 
Feathers JS Library Backend Database sql injection0.070.00885CVE-2022-2422
2123045.55.5
 
 
 
 
shescape incorrect regex0.000.01018CVE-2022-25918
2123036.55.3
 
7.7
 
 
SUSE openSUSE Factory Sendmail link following0.050.00885CVE-2022-31256
2123028.67.3
 
10.0
 
 
Socket.io JS Library Attachment Parser sql injection0.960.00885CVE-2022-2421
2123014.34.3
 
4.3
 
 
Synology Presto File Server Summary Report Management privileges management0.040.01055CVE-2022-43749
2123006.67.3
 
5.8
 
 
Synology Presto File Server File Operation Management path traversal0.000.01055CVE-2022-43748
2122996.36.3
 
 
 
 
Feather-Sequalize cleanQuery prototype pollution0.080.01978CVE-2022-29823
2122984.34.3
 
 
 
 
Corel CorelDRAW BMP File Parser out-of-bounds0.050.00000CVE-2022-43611
2122974.34.3
 
 
 
 
Corel CorelDRAW JP2 File Parser out-of-bounds0.000.00000CVE-2022-43612
2122964.34.3
 
 
 
 
Corel CorelDRAW PDF File Parser out-of-bounds0.090.00000CVE-2022-43615
2122954.34.3
 
 
 
 
Corel CorelDRAW GIF File Parser out-of-bounds0.000.00000CVE-2022-43610
2122946.36.3
 
 
 
 
Corel CorelDRAW CGM File Parser stack-based overflow0.040.00000CVE-2022-43613
2122936.36.3
 
 
 
 
Corel CorelDRAW GIF File Parser out-of-bounds write0.040.00000CVE-2022-43614
2122926.36.3
 
 
 
 
Corel CorelDRAW EMF File Parser out-of-bounds0.000.00000CVE-2022-43616
2122916.36.3
 
 
 
 
Corel CorelDRAW PCX File Parser out-of-bounds write0.040.00000CVE-2022-43617
2122906.36.3
 
 
 
 
Corel CorelDRAW PCX File Parser out-of-bounds write0.040.00000CVE-2022-43618
2122896.36.3
 
 
 
 
IronCAD STP File Parser uninitialized pointer0.000.00000CVE-2022-43609
2122883.53.5
 
 
 
 
OX Software OX App Suite Attachment cross site scripting0.040.00885CVE-2022-31468
2122873.53.5
 
 
 
 
AlgoSec FireFlow result.html IntersectudRule cross site scripting0.040.00885CVE-2022-36783
2122863.53.5
 
 
 
 
F-Secure Policy Manager cross site scripting0.190.01061CVE-2022-38162
2122853.33.3
 
 
 
 
Brocade Fabric OS information disclosure0.060.00885CVE-2022-33180
2122845.35.3
 
 
 
 
Brocade Fabric OS Restricted Shell sandbox0.000.00885CVE-2022-33179
2122833.33.3
 
 
 
 
Brocade Fabric OS Statement debug log file0.110.00885CVE-2022-28170
2122828.06.39.8
 
 
 
Zalando Skipper server-side request forgery0.000.01018CVE-2022-38580
2122815.24.3
 
6.1
 
 
ESRI ArcGIS Server Map Service Configuration cross site scripting0.040.00885CVE-2022-38200
2122803.53.5
 
 
 
 
PRTG Network Monitor Cascading Style Sheet cross site scripting0.280.00885CVE-2022-35739
2122798.57.39.8
 
 
 
OX Software OX App Suite Ghostscript os command injection0.000.02055CVE-2022-29851
2122784.43.55.4
 
 
 
Apache Geode Pulse Web Application cross site scripting0.040.00885CVE-2022-34870
2122777.87.8
 
 
 
 
Brocade Fabric OS fab_seg.c.h stack-based overflow0.040.01036CVE-2022-33184
2122767.87.8
 
 
 
 
Brocade Fabric OS CLI Local Privilege Escalation0.000.00885CVE-2022-33182
2122753.33.3
 
 
 
 
Brocade Fabric OS CLI information disclosure0.000.00885CVE-2022-33181

64 more entries are not shown

Do you know our Splunk app?

Download it now for free!