Risk
The vulnerability data provides multiple indicators for the risk level of an entry. For example CVSSv2 and CVSSv3 scores and exploit prices - There is also risk information available from other sources like other vulnerability databases, vulnerability scanners, and intrusion detection systems.
Every entry does also contain a risk level which is defined by the VulDB moderation team. The risk level consists of 3 different levels:
- low ⇒ problematic
- medium ⇒ critical
- high ⇒ very critical
- Attack vectors limited to local are usually low (e.g. denial of service, information disclosure) or medium (e.g. privilege escalation, code execution, buffer overflow)
- Impact levels which promise high level access or even system access are at least medium (e.g. authentication required) and under some circumstances high (e.g. no prerequisites, exploit available, popular vulnerability)