month report

November 2014

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

November 2014 closed with 505 published CVEs — +26.6% YoY . 56 criticals, debian led volume, mostly via debian linux. Biggest breakout: qemu at ×27.0 their 12-month median. Top weakness class — CWE-79 (60 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

505

— MoM+26.6% YoY

Severity mix

56 / 123

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

5.3%

27 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

4118.9

n=27

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

2715

n=4

Detection gap

KEV pressure, no Nuclei coverage

November 2014 · vendors with active exploitation listed by CISA but no public detection template.

KEV 3microsoft33 CVE
KEV 1adobe20 CVE

Weakness × Vendor

What's spreading where in November 2014

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

79XSS 264CWE-264 200Information Exposure 119Memory Buffer Bounds 20Improper Input Validation 399CWE-399 89SQL Injection 94Code Injection 352CSRF 22Path Traversal debian 3 1 2 3 10 1 1 canonical 2 2 5 8 1 microsoft 1 6 4 1 2 10 5 opensuse 2 2 2 4 4 redhat 2 2 2 2 5 2 1 qemu 1 16 1 3 linux 1 1 2 2 4 ibm 4 2 5 3 2 1 1 packagist 5 4 3 1 1 2 2 adobe 1 1 4 5 sap 1 2 1 4 3 1 cisco 2 2 2 3 2 1 2

Breakout vendors

CVE count ≥3× their own 12-period median.

27.0×qemu27 CVE
7.3×packagist22 CVE
6.0×mantisbt6 CVE
6.0×phpmyadmin6 CVE
4.5×red hat inc.9 CVE
4.5×wordpress9 CVE
4.0×adobe20 CVE
4.0×ca4 CVE
4.0×zend4 CVE
3.8×moodle15 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#17arubanetworks11 CVE
#28compal broadband networks5 CVE
#34go4 CVE
#36arris3 CVE
#40gogits3 CVE
#42mageia project3 CVE
#44plone3 CVE
#49zte3 CVE
#50accuenergy2 CVE
#52ait-pro2 CVE

Top vendors

Ranked by distinct CVE count this period.

1debian—
36 CVECVSS 5.6
Nuclei 4PoC 3
debian linux (32) · advanced package tool (4)
2canonical—
34 CVECVSS 5.7
PoC 4
ubuntu linux (33) · ubuntu (1)
3microsoft—
33 CVE16 critCVSS 7.6
KEV 3PoC 3
internet explorer (17) · windows 7 (8) · windows server 2008 (8)
4opensuse—
28 CVECVSS 5.5
PoC 10
opensuse (20) · evergreen (9)
5redhat—
28 CVE1 critCVSS 5.0
PoC 6
enterprise linux workstation (8) · enterprise linux server (8) · enterprise linux desktop (8)
6qemu—
27 CVECVSS 6.8
×27.0PoC 1
qemu (27)
7linux—
24 CVECVSS 5.5
PoC 5
linux kernel (24)
8ibm—
23 CVECVSS 4.4
security identity manager (6) · qradar risk manager (4) · qradar vulnerability manager (4)
9packagist—
22 CVE1 critCVSS 5.7
×7.3PoC 3
moodle/moodle (15) · zendframework/zendservice-slideshare (3) · zendframework/zendservice-windowsazure (3)
10adobe—
20 CVE15 critCVSS 9.3
×4.0KEV 1PoC 1
air sdk (19) · air (19) · air sdk \& compiler (19)
11sap—
19 CVE3 critCVSS 6.7
PoC 2
netweaver (4) · business intelligence development workbench (2) · environment health and safety (2)
12cisco—
17 CVE1 critCVSS 6.6
PoC 3
ios (3) · rv220w firmware (3) · rv220w (3)
13apple—
16 CVE1 critCVSS 5.6
PoC 1
iphone os (10) · mac os x (10) · tvos (5)
14moodle—
15 CVECVSS 4.8
×3.8
moodle (15)
15suse—
13 CVECVSS 6.2
PoC 5
suse linux enterprise server (8) · linux enterprise software development kit (4) · linux enterprise real time extension (4)
16google—
12 CVECVSS 6.9
PoC 1
chrome (12)
17arubanetworks—
11 CVE5 critCVSS 7.3
NEW
clearpass (9) · airwave (1) · clearpass policy manager (1)
18ffmpeg—
11 CVECVSS 7.4
ffmpeg (11)
19oracle—
10 CVECVSS 5.7
PoC 3
linux (5) · solaris (3) · database server (1)
20digium—
9 CVE1 critCVSS 5.8
×3.6
asterisk (9) · certified asterisk (5)
21red hat inc.—
9 CVECVSS 5.5
×4.5PoC 2
red hat enterprise linux (9)
22wordpress—
9 CVECVSS 5.2
×4.5Nuclei 9
wordpress (9)
23maven—
7 CVECVSS 4.6
PoC 3
org.directwebremoting:dwr (2) · org.webjars.npm:jquery-ui (2) · org.apache.hive:hive-service (1)
24apache—
6 CVECVSS 4.8
PoC 3
cordova (3) · drill (1) · hive (1)
25mantisbt—
6 CVECVSS 6.1
×6.0
mantisbt (6)
26phpmyadmin—
6 CVECVSS 4.3
×6.0PoC 2
phpmyadmin (6)
27rubygems—
6 CVECVSS 5.5
PoC 5
actionpack (2) · jquery-ui-rails (2) · hiera (1)
28compal broadband networks—
5 CVE1 critCVSS 6.2
NEWPoC 5
firmware (5) · cg6640e wireless gateway (5) · ch664oe wireless gateway (5)
29gentoo foundation inc.—
5 CVECVSS 5.7
PoC 2
gentoo linux (5)
30pypi—
5 CVECVSS 4.7
PoC 1
plone (3) · pip (1) · keystone (1)
31wireshark—
5 CVECVSS 5.0
wireshark (5)
32ca—
4 CVECVSS 6.3
×4.0PoC 1
cloud service management (4)
33drupal—
4 CVECVSS 5.3
PoC 1
drupal (3) · organic groups menu (1)
34go—
4 CVECVSS 6.4
NEWNuclei 1PoC 3
gogs.io/gogs (3) · github.com/gogits/gogs (1) · github.com/docker/docker (1)
35zend—
4 CVECVSS 6.1
×4.0
zend framework (4) · zendopenid (4) · zendrest (3)
36arris—
3 CVE1 critCVSS 8.5
NEW
vap2500 firmware (3)
37checkpoint—
3 CVECVSS 7.1
security gateway (3)
38check point software technologies ltd.—
3 CVECVSS 7.1
check point security gateway (3)
39fedoraproject—
3 CVECVSS 5.9
PoC 1
fedora (3)
40gogits—
3 CVECVSS 6.4
NEWNuclei 1PoC 3
gogs (3)
41haxx—
3 CVECVSS 4.9
×3.0
libcurl (3) · curl (2)
42mageia project—
3 CVECVSS 4.4
NEWNuclei 2
mageia (3)
43novell—
3 CVECVSS 6.2
PoC 2
suse linux enterprise desktop (3) · suse linux enterprise server (3)
44plone—
3 CVECVSS 4.8
NEW×3.0PoC 1
plone (3)
45ruby-lang—
3 CVECVSS 5.0
PoC 1
ruby (3)
46rubyonrails—
3 CVECVSS 4.7
PoC 2
rails (3) · ruby on rails (2)
47symantec—
3 CVECVSS 6.0
endpoint protection manager (3)
48xen—
3 CVECVSS 4.8
xen (3)
49zte—
3 CVECVSS 5.1
NEW×3.0PoC 3
zxdsl (1) · zxdsl 831 (1) · zxdsl 831cii (1)
50accuenergy—
2 CVECVSS 7.5
NEW
accuenergy acuvim ii axn-net ethernet module (2) · acuvim ii (2) · axm-net (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	debian	36	·	·	4	Nuclei 4PoC 3	debian linux (32) · advanced package tool (4)	—
2	canonical	34	·	·	·	PoC 4	ubuntu linux (33) · ubuntu (1)	—
3	microsoft	33	16	3	·	KEV 3PoC 3	internet explorer (17) · windows 7 (8) · windows server 2008 (8)	—
4	opensuse	28	·	·	·	PoC 10	opensuse (20) · evergreen (9)	—
5	redhat	28	1	·	·	PoC 6	enterprise linux workstation (8) · enterprise linux server (8) · enterprise linux desktop (8)	—
6	qemu	27	·	·	·	×27.0PoC 1	qemu (27)	—
7	linux	24	·	·	·	PoC 5	linux kernel (24)	—
8	ibm	23	·	·	·		security identity manager (6) · qradar risk manager (4) · qradar vulnerability manager (4)	—
9	packagist	22	1	·	·	×7.3PoC 3	moodle/moodle (15) · zendframework/zendservice-slideshare (3) · zendframework/zendservice-windowsazure (3)	—
10	adobe	20	15	1	·	×4.0KEV 1PoC 1	air sdk (19) · air (19) · air sdk \& compiler (19)	—
11	sap	19	3	·	·	PoC 2	netweaver (4) · business intelligence development workbench (2) · environment health and safety (2)	—
12	cisco	17	1	·	·	PoC 3	ios (3) · rv220w firmware (3) · rv220w (3)	—
13	apple	16	1	·	·	PoC 1	iphone os (10) · mac os x (10) · tvos (5)	—
14	moodle	15	·	·	·	×3.8	moodle (15)	—
15	suse	13	·	·	·	PoC 5	suse linux enterprise server (8) · linux enterprise software development kit (4) · linux enterprise real time extension (4)	—
16	google	12	·	·	·	PoC 1	chrome (12)	—
17	arubanetworks	11	5	·	·	NEW	clearpass (9) · airwave (1) · clearpass policy manager (1)	—
18	ffmpeg	11	·	·	·		ffmpeg (11)	—
19	oracle	10	·	·	·	PoC 3	linux (5) · solaris (3) · database server (1)	—
20	digium	9	1	·	·	×3.6	asterisk (9) · certified asterisk (5)	—
21	red hat inc.	9	·	·	·	×4.5PoC 2	red hat enterprise linux (9)	—
22	wordpress	9	·	·	9	×4.5Nuclei 9	wordpress (9)	—
23	maven	7	·	·	·	PoC 3	org.directwebremoting:dwr (2) · org.webjars.npm:jquery-ui (2) · org.apache.hive:hive-service (1)	—
24	apache	6	·	·	·	PoC 3	cordova (3) · drill (1) · hive (1)	—
25	mantisbt	6	·	·	·	×6.0	mantisbt (6)	—
26	phpmyadmin	6	·	·	·	×6.0PoC 2	phpmyadmin (6)	—
27	rubygems	6	·	·	·	PoC 5	actionpack (2) · jquery-ui-rails (2) · hiera (1)	—
28	compal broadband networks	5	1	·	·	NEWPoC 5	firmware (5) · cg6640e wireless gateway (5) · ch664oe wireless gateway (5)	—
29	gentoo foundation inc.	5	·	·	·	PoC 2	gentoo linux (5)	—
30	pypi	5	·	·	·	PoC 1	plone (3) · pip (1) · keystone (1)	—
31	wireshark	5	·	·	·		wireshark (5)	—
32	ca	4	·	·	·	×4.0PoC 1	cloud service management (4)	—
33	drupal	4	·	·	·	PoC 1	drupal (3) · organic groups menu (1)	—
34	go	4	·	·	1	NEWNuclei 1PoC 3	gogs.io/gogs (3) · github.com/gogits/gogs (1) · github.com/docker/docker (1)	—
35	zend	4	·	·	·	×4.0	zend framework (4) · zendopenid (4) · zendrest (3)	—
36	arris	3	1	·	·	NEW	vap2500 firmware (3)	—
37	checkpoint	3	·	·	·		security gateway (3)	—
38	check point software technologies ltd.	3	·	·	·		check point security gateway (3)	—
39	fedoraproject	3	·	·	·	PoC 1	fedora (3)	—
40	gogits	3	·	·	1	NEWNuclei 1PoC 3	gogs (3)	—
41	haxx	3	·	·	·	×3.0	libcurl (3) · curl (2)	—
42	mageia project	3	·	·	2	NEWNuclei 2	mageia (3)	—
43	novell	3	·	·	·	PoC 2	suse linux enterprise desktop (3) · suse linux enterprise server (3)	—
44	plone	3	·	·	·	NEW×3.0PoC 1	plone (3)	—
45	ruby-lang	3	·	·	·	PoC 1	ruby (3)	—
46	rubyonrails	3	·	·	·	PoC 2	rails (3) · ruby on rails (2)	—
47	symantec	3	·	·	·		endpoint protection manager (3)	—
48	xen	3	·	·	·		xen (3)	—
49	zte	3	·	·	·	NEW×3.0PoC 3	zxdsl (1) · zxdsl 831 (1) · zxdsl 831cii (1)	—
50	accuenergy	2	·	·	·	NEW	accuenergy acuvim ii axn-net ethernet module (2) · acuvim ii (2) · axm-net (2)	—