CVE Tools
Sign in
month report

December 2012

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

December 2012 closed with 270 published CVEs-22.2% YoY . 42 criticals, ibm led volume, mostly via security appscan. Biggest breakout: samsung at ×5.0 their 12-month median. Top weakness class — CWE-79 (34 CVE). 10 vendors cracked the top-100 for the first time.

Print view
Total CVEs
270
— MoM-22.2% YoY
Severity mix
42 / 29
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
2.6%
7 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)
4825.4
n=7
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
3808
n=2
Detection gap

KEV pressure, no Nuclei coverage

December 2012 · vendors with active exploitation listed by CISA but no public detection template.

Weakness × Vendor

What's spreading where in December 2012

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

79XSS264CWE-264200Information Exposure119Memory Buffer Bounds20Improper Input Validation94Code Injection189CWE-18922Path Traversal352CSRF255CWE-255ibm232122microsoft115wireshark128xen111google211opensuse11oracle131adobe141linux11maven2111microfocus1111vmware312

Breakout vendors

CVE count ≥3× their own 12-period median.

First time in top-100

Vendors never in top-100 in the prior 24 periods.

Top vendors

Ranked by distinct CVE count this period.

  • 1ibm
    18 CVE2 critCVSS 5.7
    ×4.5
    security appscan (2) · rational clearquest (2) · rational policy tester (2)
  • 2microsoft
    11 CVE7 critCVSS 8.8
    KEV 2PoC 1
    internet explorer (4) · windows server 2008 (4) · windows 7 (3)
  • 3wireshark
    11 CVECVSS 5.0
    PoC 3
    wireshark (11)
  • 4xen
    11 CVECVSS 4.1
    NEWPoC 1
    xen (11)
  • 5google
    10 CVE8 critCVSS 9.1
    chrome (9) · android (1) · chrome os (1)
  • 6opensuse
    9 CVE8 critCVSS 9.4
    ×3.0
    opensuse (9)
  • 7oracle
    9 CVE2 critCVSS 6.9
    PoC 3
    mysql (6) · glassfish web space server10.0 (1) · hyperion financial management (1)
  • 8adobe
    8 CVE6 critCVSS 9.3
    air (3) · air sdk (3) · flash player (3)
  • 9linux
    7 CVECVSS 3.9
    PoC 1
    linux kernel (7)
  • 10maven
    7 CVECVSS 5.0
    org.springframework.security:spring-security-core (3) · org.apache.tomcat:tomcat (2) · org.jboss.ironjacamar:ironjacamar-jdbc (1)
  • 11microfocus
    7 CVE2 critCVSS 6.7
    NEWPoC 1
    edirectory (4) · privileged user manager (3)
  • 12vmware
    7 CVECVSS 4.2
    springsource spring security (3) · vcenter server appliance (2) · hyperic hq (1)
  • 13hp
    6 CVE2 critCVSS 5.2
    openvms (2) · color laserjet cm60xx (1) · color laserjet cp3525 (1)
  • 14layton technology
    5 CVECVSS 5.2
    NEW
    helpbox (5)
  • 15mariadb
    5 CVECVSS 5.6
    NEWPoC 3
    mariadb (5)
  • 16owncloud
    5 CVECVSS 5.4
    NEW
    owncloud server (5) · owncloud (4)
  • 17samsung
    5 CVE1 critCVSS 5.7
    ×5.0
    kies air (2) · samsungdive (2) · galaxy s2 (1)
  • 18canonical
    4 CVE1 critCVSS 7.2
    PoC 1
    ubuntu linux (4)
  • 19cisco
    4 CVECVSS 5.9
    PoC 2
    7500 wireless lan controller (3) · 8500 wireless lan controller (3) · wireless lan controller software (3)
  • 20openconstructor project
    4 CVECVSS 4.5
    NEWPoC 1
    openconstructor (4)
  • 21openstack
    4 CVECVSS 4.3
    NEW×4.0
    folsom (3) · essex (1) · grizzly (1)
  • 22symantec
    4 CVECVSS 6.7
    endpoint protection (1) · enterprise security manager (1) · messaging gateway (1)
  • 23apache
    3 CVECVSS 3.7
    tomcat (3)
  • 24ca
    3 CVE3 critCVSS 10.0
    ×3.0
    identityminder (2) · xcom data transport (1)
  • 25carlos carvalhar
    3 CVECVSS 6.2
    NEW
    time spent (3)
  • 26citrix
    3 CVE1 critCVSS 5.8
    xendesktop (1) · xenapp (1) · xenserver (1)
  • 27emc
    3 CVECVSS 5.4
    rsa netwitness informer (2) · data protection advisor (1)
  • 28forescout
    3 CVECVSS 4.8
    NEWNuclei 1
    counteract (3)
  • 29huawei
    3 CVECVSS 5.2
    NEW
    e585 (3) · e585u-82 (3)
  • 30packagist
    3 CVECVSS 6.1
    PoC 2
    symfony/symfony (2) · symfony/security (1) · concrete5/concrete5 (1)
  • 31pypi
    3 CVECVSS 4.6
    keystone (2) · nova (1)
  • 32sensiolabs
    3 CVECVSS 6.1
    NEWPoC 3
    symfony (3)
  • 33siemens
    3 CVECVSS 3.7
    rox ii os (1) · automation license manager (1) · processsuite (1)
  • 34carlo gavazzi automation
    2 CVE1 critCVSS 8.9
    NEW
    eos-box (2)
  • 35carlosgavazzi
    2 CVE1 critCVSS 8.9
    NEW
    eos-box photovoltaic monitoring system (2) · eos-box photovoltaic monitoring system firmware (2)
  • 36cmsmadesimple
    2 CVECVSS 5.2
    cms made simple (2)
  • 37daniel honrade
    2 CVECVSS 3.4
    NEW
    om maximenu (2)
  • 38dlink
    2 CVECVSS 3.5
    dcs-932l firmware (1) · dcs-932l (1) · dsl-2730u (1)
  • 39epiqo
    2 CVECVSS 3.5
    NEW
    email (2)
  • 40joomla
    2 CVECVSS 6.3
    joomla\! (2)
  • 41kent-web
    2 CVECVSS 4.3
    access report (2)
  • 42naver
    2 CVECVSS 3.5
    NEW
    loctouch (2)
  • 43novell inc.
    2 CVECVSS 3.0
    PoC 1
    opensuse (1) · suse linux enterprise (1)
  • 44perl
    2 CVECVSS 5.9
    perl (2)
  • 45realnetworks
    2 CVE2 critCVSS 9.3
    realplayer (2) · realplayer sp (2)
  • 46redhat
    2 CVECVSS 4.5
    enterprise linux desktop (1) · enterprise linux eus (1) · enterprise linux server (1)
  • 47the centos project
    2 CVECVSS 6.3
    PoC 1
    centos (2)
  • 48thinkshout
    2 CVECVSS 4.2
    NEW
    mailchimp (1) · mandrill (1)
  • 49welcart
    2 CVECVSS 5.5
    NEWNuclei 2
    welcart plugin (2)
  • 501password
    1 CVECVSS 4.3
    NEW
    1password (1)

Top weaknesses

CWE classes by distinct CVE count.

1CWE-7934
2CWE-26428
3CWE-20022
4CWE-11918
5CWE-2018
6CWE-9411
7CWE-18910
8CWE-229
9CWE-3529
10CWE-2558
11CWE-2877
12CWE-3997
13CWE-897
14CWE-166
15CWE-3105
16CWE-4165
17CWE-7873
18CWE-3622
19CWE-1901
20CWE-3311