CVSSv3 11/13/2022

CVSSv3 Base

≤10
≤20
≤32
≤43
≤55
≤63
≤72
≤82
≤90
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤32
≤43
≤55
≤65
≤72
≤80
≤90
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤32
≤43
≤55
≤63
≤72
≤82
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

IDBaseVDBNVDCNAVendResVulnerabilityCTIEPSSCVE
2135575.65.6
 
 
 
 
NagVis CoreLogonMultisite.php checkAuthCookie type conversion0.040.00954CVE-2022-3979
2135565.55.5
 
 
 
 
MZ Automation libiec61850 MMS File Services mms_client_files.c path traversal0.040.00954CVE-2022-3976
2135554.34.3
 
 
 
 
NodeBB abort cross-site request forgery0.050.01018CVE-2022-3978
2135543.53.5
 
 
 
 
NukeViet CMS Data URL Request.php filterAttr cross site scripting0.090.00954CVE-2022-3975
2135536.36.3
 
 
 
 
Axiomatic Bento4 mp4info Ap4StdCFileByteStream.cpp ReadPartial heap-based overflow0.040.00954CVE-2022-3974
2135527.37.3
 
 
 
 
Pingkon HMS-PHP Data Pump Metadata admin.php sql injection0.040.00885CVE-2022-3973
2135517.37.3
 
 
 
 
Pingkon HMS-PHP adminlogin.php sql injection0.040.00885CVE-2022-3972
2135504.64.6
 
 
 
 
matrix-appservice-irc PgDataStore.ts sql injection0.040.01018CVE-2022-3971
2135496.36.3
 
 
 
 
LibTIFF tif_getimage.c TIFFReadRGBATileExt integer overflow2.370.01018CVE-2022-3970
2135482.62.6
 
 
 
 
OpenKM FileUtils.java getFileExtension temp file0.040.00950CVE-2022-3969
2135473.53.5
 
 
 
 
emlog article_save.php cross site scripting0.080.00885CVE-2022-3968
2135465.35.3
 
 
 
 
Vesta Control Panel sed main.sh argument injection0.080.00885CVE-2022-3967
2135454.34.3
 
 
 
 
Ultimate Member Plugin Template class-shortcodes.php load_template pathname traversal0.040.00954CVE-2022-3966
2135444.34.3
 
 
 
 
ffmpeg QuickTime Graphics Video Encoder smcenc.c smc_encode_stream out-of-bounds0.240.00885CVE-2022-3965
2135434.34.3
 
 
 
 
ffmpeg QuickTime RPZA Video Encoder rpzaenc.c out-of-bounds0.200.00885CVE-2022-3964
2135423.53.5
 
 
 
 
Hyperledger Fabric Channel Name denial of service0.070.00885CVE-2022-45196
2135412.62.6
 
 
 
 
SimpleXMQ Private Key cryptographic issues0.050.00950CVE-2022-45195

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!