NVD scores and bug classifications are completely useless, as they are often entirely misclassified. My favorite being that they slap the "network" attack vector on things which are not at all network related or exploitable.