Skip to content

Instantly share code, notes, and snippets.

@InvalidLenni

InvalidLenni/security.md

Last active February 17, 2022 08:33
Show Gist options
  • Save InvalidLenni/26ff039b1e058339ee4568df52e2fdd6 to your computer and use it in GitHub Desktop.
Save InvalidLenni/26ff039b1e058339ee4568df52e2fdd6 to your computer and use it in GitHub Desktop.
Download ZIP
security severity etc
Raw
security.md

What is CVE?

Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed information security issues. A CVE number uniquely identifies one vulnerability from the list. ... Enterprises typically use CVE, and corresponding CVSS scores, for planning and prioritization in their vulnerability management programs.

Where can I search CVE IDs?

You can search the IDs on https://cve.mitre.org/.

Where can I request, report or update a CVE ID / Record?

For Request or Report a CVE ID: https://www.cve.org/ResourcesSupport/ReportRequest#RequestCVEID For updating a CVE Record: https://www.cve.org/ResourcesSupport/ReportRequest#UpdateCVERecord

Severity Scores & Advisories

CVSS V3 SCORE RANGE SEVERITY IN ADVISORY
0.1 - 3.9 Low
4.0 - 6.9 Medium
7.0 - 8.9 High
9.0 - 10.0 Critical

Severity Level: Critical

  • Vulnerabilities that score in the critical range usually have most of the following characteristics:

  • Exploitation of the vulnerability likely results in root-level compromise of servers or infrastructure devices.Exploitation is usually straightforward, in the sense that the attacker does not need any special authentication credentials or knowledge about individual victims, and does not need to persuade a target user, for example via social engineering, into performing any special functions.

  • For critical vulnerabilities, is advised that you patch or upgrade as soon as possible, unless you have other mitigating measures in place. For example, a mitigating factor could be if your installation is not accessible from the Internet.

Severity Level: High

  • Vulnerabilities that score in the high range usually have some of the following characteristics:

  • The vulnerability is difficult to exploit.Exploitation could result in elevated privileges.Exploitation could result in a significant data loss or downtime.  

Severity Level: Medium

  • Vulnerabilities that score in the medium range usually have some of the following characteristics:

  • Vulnerabilities that require the attacker to manipulate individual victims via social engineering tactics.Denial of service vulnerabilities that are difficult to set up.Exploits that require an attacker to reside on the same local network as the victim.Vulnerabilities where exploitation provides only very limited access. Vulnerabilities that require user privileges for successful exploitation.   

Severity Level: Low

  • Vulnerabilities in the low range typically have very little impact on an organization's business. Exploitation of such vulnerabilities usually requires local or physical system access. Vulnerabilities in third party code that are unreachable from the code may be downgraded to low severity.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment