month report

June 2016

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

June 2016 closed with 515 published CVEs — +3.2% YoY . 60 criticals, opensuse led volume, mostly via opensuse. Biggest breakout: suse at ×17.5 their 12-month median. Top weakness class — CWE-119 (80 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

515

— MoM+3.2% YoY

Severity mix

60 / 293

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

2.9%

15 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

3537.3

n=15

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

2028

n=6

Detection gap

KEV pressure, no Nuclei coverage

June 2016 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1opensuse101 CVE
KEV 1suse70 CVE
KEV 1adobe49 CVE
KEV 1adobe systems inc.37 CVE
KEV 1microsoft37 CVE
KEV 1microsoft corp33 CVE

Weakness × Vendor

What's spreading where in June 2016

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

119Memory Buffer Bounds 200Information Exposure 20Improper Input Validation 284CWE-284 264CWE-264 79XSS 254CWE-254 787Out-of-bounds Write 22Path Traversal 399CWE-399 opensuse 22 6 3 17 2 1 5 15 redhat 14 9 1 16 2 4 15 debian 24 3 3 14 1 4 2 3 google 18 6 8 10 7 3 1 suse 10 5 10 3 14 canonical 23 3 6 12 1 3 3 1 google inc 18 6 8 10 7 3 adobe 6 1 2 2 15 adobe systems inc.15 microsoft 12 6 8 1 8 1 1 microsoft corp 8 5 4 1 7 1 1 2 hp 2 3 1 1 1

Breakout vendors

CVE count ≥3× their own 12-period median.

17.5×suse70 CVE
6.3×symantec19 CVE
6.0×broadcom6 CVE
6.0×gnupg6 CVE
5.2×redhat94 CVE
4.0×qemu10 CVE
4.0×abb4 CVE
4.0×spice project4 CVE
4.0×welcart4 CVE
3.7×cybozu11 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#33gen digital7 CVE
#35gnupg6 CVE
#44asea brown boveri ltd.4 CVE
#47imagemagick4 CVE
#51spice project4 CVE
#53welcart4 CVE
#55fonality3 CVE
#62solarwinds inc.3 CVE
#63trihedral3 CVE
#69atheme2 CVE

Top vendors

Ranked by distinct CVE count this period.

1opensuse—
101 CVE5 critCVSS 7.8
×3.6KEV 1PoC 6
opensuse (99) · leap (59)
2redhat—
94 CVE7 critCVSS 8.1
×5.2KEV 2Nuclei 1PoC 6
enterprise linux server (78) · enterprise linux workstation (78) · enterprise linux desktop (78)
3debian—
73 CVE5 critCVSS 7.6
×3.3PoC 6
debian linux (73)
4google—
71 CVE2 critCVSS 7.6
PoC 1
android (39) · chrome (32) · v8 (3)
5suse—
70 CVE4 critCVSS 8.4
×17.5KEV 1PoC 4
linux enterprise workstation extension (37) · linux enterprise desktop (37) · linux enterprise (32)
6canonical—
69 CVE1 critCVSS 7.2
PoC 3
ubuntu linux (69) · lxd (2)
7google inc—
69 CVE2 critCVSS 7.6
×3.0PoC 1
android (37) · google chrome (32) · google v8 (3)
8adobe—
49 CVE10 critCVSS 9.0
KEV 1PoC 4
flash player (42) · flash player desktop runtime (41) · air desktop runtime (7)
9adobe systems inc.—
37 CVE2 critCVSS 8.8
KEV 1PoC 4
flash player (37) · flash player for linux (34)
10microsoft—
37 CVE2 critCVSS 7.4
KEV 1PoC 8
windows server 2012 (16) · windows 10 (13) · windows 8.1 (12)
11microsoft corp—
33 CVE3 critCVSS 7.4
KEV 1PoC 9
windows server 2012 gold (16) · windows server 2012 r2 (16) · windows 8.1 (12)
12hp—
29 CVE9 critCVSS 8.5
×3.6
systems insight manager (14) · matrix operating environment (13) · insight control server deployment (4)
13cisco—
25 CVE2 critCVSS 7.5
ip phone 8800 series firmware (4) · prime virtual network analysis module software (3) · prime network analysis module software (3)
14ibm—
23 CVE2 critCVSS 7.3
PoC 1
domino (5) · websphere mq (4) · java sdk (3)
15symantec—
19 CVE1 critCVSS 8.0
×6.3PoC 9
endpoint protection manager (12) · csapi (7) · data center security server (7)
16linux—
17 CVECVSS 7.1
PoC 1
linux kernel (16) · linux kernel-rt (1)
17huawei—
16 CVE1 critCVSS 7.0
mate 8 firmware (4) · honor ws851 firmware (3) · hilink app (2)
18mozilla—
14 CVECVSS 7.7
PoC 1
firefox (14) · network security services (1)
19maven—
12 CVE6 critCVSS 8.1
KEV 2Nuclei 2PoC 8
org.apache.struts:struts2-core (2) · org.apache.james:james-server (1) · org.apache.pdfbox:pdfbox (1)
20cybozu—
11 CVECVSS 6.0
×3.7
garoon (11)
21novell—
11 CVECVSS 8.1
PoC 1
suse linux enterprise software development kit (6) · suse linux enterprise server (6) · suse linux enterprise real time extension (5)
22apache—
10 CVE4 critCVSS 8.1
KEV 2Nuclei 2PoC 8
qpid broker-j (2) · struts (2) · aurora (1)
23qemu—
10 CVECVSS 6.0
×4.0
qemu (10)
24сообщество свободного программного обеспечения—
10 CVE3 critCVSS 7.9
PoC 1
debian gnu/linux (7) · libxml2 (3) · p7zip (1)
25mozilla corp.—
9 CVECVSS 7.8
firefox (9) · firefox esr (4) · network security services (1)
26oracle—
9 CVE3 critCVSS 8.0
PoC 1
linux (6) · solaris (4) · vm server (4)
27apple—
8 CVE3 critCVSS 8.4
PoC 1
mac os x (7) · iphone os (5) · watchos (4)
28canonical ltd.—
8 CVE1 critCVSS 7.5
PoC 2
ubuntu (8)
29wordpress—
8 CVECVSS 7.2
Nuclei 8
wordpress (8)
30broadcom inc.—
7 CVE1 critCVSS 8.2
PoC 6
symantec content security api (csapi) (7) · broadcom data center security: server (7) · broadcom end-user security: advanced threat protection (7)
31cisco systems inc.—
7 CVE1 critCVSS 7.2
cisco ios (4) · cisco rv110w (3) · cisco rv130w (3)
32fedoraproject—
7 CVE2 critCVSS 8.1
PoC 1
fedora (7)
33gen digital—
7 CVE1 critCVSS 8.2
NEWPoC 6
norton 360 (7) · norton antivirus (7) · norton bootable recovery tool (7)
34broadcom—
6 CVECVSS 7.8
×6.0
symantec critical system protection (4) · symantec data center security server (4) · symantec data center security server and agents (4)
35gnupg—
6 CVECVSS 7.5
NEW×6.0
libksba (6)
36ibm corp.—
6 CVECVSS 4.9
websphere mq (4) · business process manager (1) · flex system manager (1)
37novell inc.—
6 CVE2 critCVSS 7.6
opensuse (4) · opensuse leap (4)
38f5—
5 CVECVSS 6.8
big-ip access policy manager (4) · big-ip analytics (3) · big-ip application acceleration manager (3)
39gnu—
5 CVECVSS 7.4
PoC 2
glibc (4) · wget (1)
40pypi—
5 CVE1 critCVSS 7.5
PoC 1
neutron (3) · ansible (1) · keystone (1)
41xmlsoft—
5 CVE1 critCVSS 7.8
×3.3
libxml2 (3) · libxlst (2) · libxslt (2)
42abb—
4 CVECVSS 4.0
×4.0
pcm600 (4)
43apple inc.—
4 CVECVSS 4.6
PoC 1
os x (3) · safari (1) · ios (1)
44asea brown boveri ltd.—
4 CVECVSS 4.0
NEW
abb pcm600 (4)
45citrix—
4 CVE1 critCVSS 7.4
PoC 1
ios receiver (1) · netscaler gateway 11.0 firmware (1) · xenapp (1)
46emc—
4 CVE1 critCVSS 7.2
data domain os (1) · documentum administrator (1) · documentum capital projects (1)
47imagemagick—
4 CVE2 critCVSS 9.3
NEW
imagemagick (4)
48lenovo—
4 CVECVSS 7.3
solution center (2) · accelerator application (1) · bios efi driver (1)
49packagist—
4 CVE1 critCVSS 7.8
PoC 3
symfony/symfony (2) · symfony/security (2) · zendframework/zendframework1 (2)
50red hat inc.—
4 CVE2 critCVSS 8.5
KEV 1Nuclei 1PoC 1
red hat enterprise linux (2) · red hat jboss fuse (1) · jboss a-mq (1)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	opensuse	101	5	1	·	×3.6KEV 1PoC 6	opensuse (99) · leap (59)	—
2	redhat	94	7	2	1	×5.2KEV 2Nuclei 1PoC 6	enterprise linux server (78) · enterprise linux workstation (78) · enterprise linux desktop (78)	—
3	debian	73	5	·	·	×3.3PoC 6	debian linux (73)	—
4	google	71	2	·	·	PoC 1	android (39) · chrome (32) · v8 (3)	—
5	suse	70	4	1	·	×17.5KEV 1PoC 4	linux enterprise workstation extension (37) · linux enterprise desktop (37) · linux enterprise (32)	—
6	canonical	69	1	·	·	PoC 3	ubuntu linux (69) · lxd (2)	—
7	google inc	69	2	·	·	×3.0PoC 1	android (37) · google chrome (32) · google v8 (3)	—
8	adobe	49	10	1	·	KEV 1PoC 4	flash player (42) · flash player desktop runtime (41) · air desktop runtime (7)	—
9	adobe systems inc.	37	2	1	·	KEV 1PoC 4	flash player (37) · flash player for linux (34)	—
10	microsoft	37	2	1	·	KEV 1PoC 8	windows server 2012 (16) · windows 10 (13) · windows 8.1 (12)	—
11	microsoft corp	33	3	1	·	KEV 1PoC 9	windows server 2012 gold (16) · windows server 2012 r2 (16) · windows 8.1 (12)	—
12	hp	29	9	·	·	×3.6	systems insight manager (14) · matrix operating environment (13) · insight control server deployment (4)	—
13	cisco	25	2	·	·		ip phone 8800 series firmware (4) · prime virtual network analysis module software (3) · prime network analysis module software (3)	—
14	ibm	23	2	·	·	PoC 1	domino (5) · websphere mq (4) · java sdk (3)	—
15	symantec	19	1	·	·	×6.3PoC 9	endpoint protection manager (12) · csapi (7) · data center security server (7)	—
16	linux	17	·	·	·	PoC 1	linux kernel (16) · linux kernel-rt (1)	—
17	huawei	16	1	·	·		mate 8 firmware (4) · honor ws851 firmware (3) · hilink app (2)	—
18	mozilla	14	·	·	·	PoC 1	firefox (14) · network security services (1)	—
19	maven	12	6	2	2	KEV 2Nuclei 2PoC 8	org.apache.struts:struts2-core (2) · org.apache.james:james-server (1) · org.apache.pdfbox:pdfbox (1)	—
20	cybozu	11	·	·	·	×3.7	garoon (11)	—
21	novell	11	·	·	·	PoC 1	suse linux enterprise software development kit (6) · suse linux enterprise server (6) · suse linux enterprise real time extension (5)	—
22	apache	10	4	2	2	KEV 2Nuclei 2PoC 8	qpid broker-j (2) · struts (2) · aurora (1)	—
23	qemu	10	·	·	·	×4.0	qemu (10)	—
24	сообщество свободного программного обеспечения	10	3	·	·	PoC 1	debian gnu/linux (7) · libxml2 (3) · p7zip (1)	—
25	mozilla corp.	9	·	·	·		firefox (9) · firefox esr (4) · network security services (1)	—
26	oracle	9	3	·	·	PoC 1	linux (6) · solaris (4) · vm server (4)	—
27	apple	8	3	·	·	PoC 1	mac os x (7) · iphone os (5) · watchos (4)	—
28	canonical ltd.	8	1	·	·	PoC 2	ubuntu (8)	—
29	wordpress	8	·	·	8	Nuclei 8	wordpress (8)	—
30	broadcom inc.	7	1	·	·	PoC 6	symantec content security api (csapi) (7) · broadcom data center security: server (7) · broadcom end-user security: advanced threat protection (7)	—
31	cisco systems inc.	7	1	·	·		cisco ios (4) · cisco rv110w (3) · cisco rv130w (3)	—
32	fedoraproject	7	2	·	·	PoC 1	fedora (7)	—
33	gen digital	7	1	·	·	NEWPoC 6	norton 360 (7) · norton antivirus (7) · norton bootable recovery tool (7)	—
34	broadcom	6	·	·	·	×6.0	symantec critical system protection (4) · symantec data center security server (4) · symantec data center security server and agents (4)	—
35	gnupg	6	·	·	·	NEW×6.0	libksba (6)	—
36	ibm corp.	6	·	·	·		websphere mq (4) · business process manager (1) · flex system manager (1)	—
37	novell inc.	6	2	·	·		opensuse (4) · opensuse leap (4)	—
38	f5	5	·	·	·		big-ip access policy manager (4) · big-ip analytics (3) · big-ip application acceleration manager (3)	—
39	gnu	5	·	·	·	PoC 2	glibc (4) · wget (1)	—
40	pypi	5	1	·	·	PoC 1	neutron (3) · ansible (1) · keystone (1)	—
41	xmlsoft	5	1	·	·	×3.3	libxml2 (3) · libxlst (2) · libxslt (2)	—
42	abb	4	·	·	·	×4.0	pcm600 (4)	—
43	apple inc.	4	·	·	·	PoC 1	os x (3) · safari (1) · ios (1)	—
44	asea brown boveri ltd.	4	·	·	·	NEW	abb pcm600 (4)	—
45	citrix	4	1	·	·	PoC 1	ios receiver (1) · netscaler gateway 11.0 firmware (1) · xenapp (1)	—
46	emc	4	1	·	·		data domain os (1) · documentum administrator (1) · documentum capital projects (1)	—
47	imagemagick	4	2	·	·	NEW	imagemagick (4)	—
48	lenovo	4	·	·	·		solution center (2) · accelerator application (1) · bios efi driver (1)	—
49	packagist	4	1	·	·	PoC 3	symfony/symfony (2) · symfony/security (2) · zendframework/zendframework1 (2)	—
50	red hat inc.	4	2	1	1	KEV 1Nuclei 1PoC 1	red hat enterprise linux (2) · red hat jboss fuse (1) · jboss a-mq (1)	—