month report

September 2016

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

September 2016 closed with 597 published CVEs — +19.6% YoY . 76 criticals, apple led volume, mostly via iphone os. Biggest breakout: php group at ×8.5 their 12-month median. Top weakness class — CWE-119 (99 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

597

— MoM+19.6% YoY

Severity mix

76 / 279

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

0.0%

0 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

—

n=0

Within 7 days

—%

Within 30 days

—%

Days → KEV (median)

2256

n=2

Detection gap

KEV pressure, no Nuclei coverage

September 2016 · vendors with active exploitation listed by CISA but no public detection template.

KEV 1microsoft53 CVE
KEV 1microsoft corp41 CVE
KEV 1cisco39 CVE

Weakness × Vendor

What's spreading where in September 2016

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

119Memory Buffer Bounds 200Information Exposure 264CWE-264 20Improper Input Validation 79XSS 284CWE-284 416Use After Free 787Out-of-bounds Write 399CWE-399 125Out-of-bounds Read apple 33 20 4 7 1 2 1 1 3 google 7 10 20 1 4 10 5 microsoft 20 10 7 2 1 2 ibm 1 9 3 17 5 microsoft corp 16 7 5 1 2 adobe 8 1 14 11 cisco 4 4 11 3 9 debian 8 1 3 1 1 2 4 2 canonical 3 4 3 11 opensuse 2 1 1 2 4 2 3 huawei 1 5 2 2 10 2 libarchive 5 5 1 8

Breakout vendors

CVE count ≥3× their own 12-period median.

8.5×php group17 CVE
8.0×red hat inc.8 CVE
7.0×emc14 CVE
4.0×huawei28 CVE
4.0×gnu8 CVE
4.0×fabrice bellard4 CVE
4.0×python4 CVE
4.0×siemens4 CVE
3.9×сообщество свободного программного обеспечения27 CVE
3.8×canonical ltd.19 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#12libarchive28 CVE
#28pivotal software9 CVE
#41cloudfoundry4 CVE
#49aver3 CVE
#50misp-project3 CVE
#54pivotal3 CVE
#57ооо «инновационные технологии в бизнесе»3 CVE
#59aternity2 CVE
#60barry warsaw2 CVE
#63irssi2 CVE

Top vendors

Ranked by distinct CVE count this period.

1apple—
80 CVE4 critCVSS 7.6
iphone os (48) · mac os x (47) · tvos (28)
2google—
72 CVE1 critCVSS 7.1
PoC 1
android (39) · chrome (32) · chrome os (1)
3microsoft—
53 CVECVSS 7.1
KEV 1PoC 6
windows 10 (19) · windows rt 8.1 (15) · windows 8.1 (15)
4ibm—
42 CVECVSS 5.7
connections (14) · security privileged identity manager virtual appliance (7) · tealeaf customer experience (6)
5microsoft corp—
41 CVECVSS 7.2
KEV 1PoC 4
microsoft edge (12) · windows 8.1 (12) · windows 10 rtm (11)
6adobe—
39 CVE11 critCVSS 8.8
PoC 2
flash player desktop runtime (26) · flash player (26) · digital editions (9)
7cisco—
39 CVE4 critCVSS 7.0
KEV 1PoC 4
ios (9) · small business 220 series smart plus switches (4) · firesight system software (4)
8debian—
32 CVE6 critCVSS 7.3
PoC 5
debian linux (32)
9canonical—
29 CVECVSS 6.5
PoC 6
ubuntu linux (29)
10opensuse—
29 CVE1 critCVSS 7.3
PoC 1
leap (29) · opensuse (6) · libstorage (1)
11huawei—
28 CVE3 critCVSS 7.1
×4.0PoC 1
honor 4c firmware (5) · rh2288 v3 server firmware (4) · xh620 v3 server firmware (4)
12libarchive—
28 CVECVSS 6.5
NEWPoC 8
libarchive (28)
13сообщество свободного программного обеспечения—
27 CVE11 critCVSS 8.1
×3.9PoC 4
debian gnu/linux (25) · libarchive (1) · libxml2 (1)
14apple inc.—
24 CVE2 critCVSS 8.0
macos (17) · ios (13) · safari (7)
15redhat—
22 CVE2 critCVSS 7.5
PoC 4
enterprise linux workstation (8) · enterprise linux desktop (8) · enterprise linux server (8)
16mozilla—
20 CVE8 critCVSS 8.2
firefox (20)
17canonical ltd.—
19 CVE8 critCVSS 8.3
×3.8PoC 4
ubuntu (19)
18oracle—
19 CVE2 critCVSS 7.4
PoC 5
linux (13) · vm server (5) · solaris (3)
19php—
19 CVE10 critCVSS 8.7
×3.2PoC 5
php (19)
20php group—
17 CVE9 critCVSS 8.6
×8.5PoC 4
php (17)
21emc—
14 CVE3 critCVSS 7.2
×7.0
avamar server (5) · vipr srm (5) · documentum d2 (1)
22openssl—
13 CVE3 critCVSS 7.7
PoC 2
openssl (13)
23adobe systems inc.—
12 CVECVSS 8.2
PoC 2
flash player (11) · coldfusion (1)
24hp—
11 CVE2 critCVSS 7.7
PoC 1
icewall sso agent option (2) · integrated lights-out 3 firmware (2) · network automation (2)
25novell—
11 CVE1 critCVSS 6.7
PoC 1
suse linux enterprise software development kit (7) · suse linux enterprise desktop (7) · suse linux enterprise server (7)
26openssl software foundation—
11 CVE3 critCVSS 7.7
PoC 1
openssl (11)
27maven—
10 CVE2 critCVSS 7.7
PoC 1
org.jboss.resteasy:resteasy-jaxrs (1) · org.wildfly:wildfly-undertow (1) · org.cloudfoundry.identity:cloudfoundry-identity-server (1)
28pivotal software—
9 CVE3 critCVSS 7.9
NEW
cloud foundry elastic runtime (6) · cloud foundry ops manager (3) · cloud foundry (3)
29suse—
9 CVECVSS 6.0
PoC 4
linux enterprise desktop (9) · linux enterprise server (9) · linux enterprise software development kit (9)
30gnu—
8 CVECVSS 7.9
×4.0PoC 1
libidn (4) · mailman (2) · wget (1)
31red hat inc.—
8 CVE2 critCVSS 7.6
×8.0PoC 1
red hat enterprise linux (7) · red hat enterprise linux server (1) · red hat jboss enterprise web server (1)
32novell inc.—
7 CVE2 critCVSS 8.4
PoC 1
opensuse leap (6) · suse linux enterprise desktop (3) · suse linux enterprise server (3)
33apache—
6 CVE1 critCVSS 7.7
PoC 2
ranger (1) · activemq artemis (1) · cxf fediz (1)
34fedoraproject—
6 CVECVSS 7.3
PoC 1
fedora (6)
35fortinet—
6 CVE1 critCVSS 7.4
×3.0
fortiwan (5) · fortiswitch (1)
36nodejs—
6 CVE1 critCVSS 7.5
×3.0PoC 2
node.js (6)
37wireshark—
6 CVECVSS 5.9
wireshark (6)
38ооо «русбитех-астра»—
6 CVE1 critCVSS 6.8
×3.0
astra linux common edition (4) · astra linux special edition (2)
39juniper—
5 CVE1 critCVSS 7.2
junos (5)
40qemu—
5 CVECVSS 5.8
qemu (5)
41cloudfoundry—
4 CVE1 critCVSS 7.8
NEW
cloud foundry uaa bosh (3) · php-buildpack (1)
42fabrice bellard—
4 CVECVSS 5.6
×4.0
qemu (4)
43libtiff—
4 CVECVSS 7.8
libtiff (4)
44pypi—
4 CVE1 critCVSS 7.4
PoC 1
trytond (2) · murano (1) · murano-dashboard (1)
45python—
4 CVE1 critCVSS 7.5
×4.0PoC 1
python (4)
46sap—
4 CVE1 critCVSS 6.7
PoC 4
trex (2) · hana (1) · hana db (1)
47siemens—
4 CVE1 critCVSS 6.8
×4.0
en100 ethernet module firmware (3) · scalance m-800 firmware (1) · scalance s615 firmware (1)
48xen—
4 CVECVSS 6.8
xen (4)
49aver—
3 CVE2 critCVSS 9.0
NEW
eh6108h\+ firmware (3)
50misp-project—
3 CVE2 critCVSS 8.6
NEW
malware information sharing platform (3)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	apple	80	4	·	·		iphone os (48) · mac os x (47) · tvos (28)	—
2	google	72	1	·	·	PoC 1	android (39) · chrome (32) · chrome os (1)	—
3	microsoft	53	·	1	·	KEV 1PoC 6	windows 10 (19) · windows rt 8.1 (15) · windows 8.1 (15)	—
4	ibm	42	·	·	·		connections (14) · security privileged identity manager virtual appliance (7) · tealeaf customer experience (6)	—
5	microsoft corp	41	·	1	·	KEV 1PoC 4	microsoft edge (12) · windows 8.1 (12) · windows 10 rtm (11)	—
6	adobe	39	11	·	·	PoC 2	flash player desktop runtime (26) · flash player (26) · digital editions (9)	—
7	cisco	39	4	1	·	KEV 1PoC 4	ios (9) · small business 220 series smart plus switches (4) · firesight system software (4)	—
8	debian	32	6	·	·	PoC 5	debian linux (32)	—
9	canonical	29	·	·	·	PoC 6	ubuntu linux (29)	—
10	opensuse	29	1	·	·	PoC 1	leap (29) · opensuse (6) · libstorage (1)	—
11	huawei	28	3	·	·	×4.0PoC 1	honor 4c firmware (5) · rh2288 v3 server firmware (4) · xh620 v3 server firmware (4)	—
12	libarchive	28	·	·	·	NEWPoC 8	libarchive (28)	—
13	сообщество свободного программного обеспечения	27	11	·	·	×3.9PoC 4	debian gnu/linux (25) · libarchive (1) · libxml2 (1)	—
14	apple inc.	24	2	·	·		macos (17) · ios (13) · safari (7)	—
15	redhat	22	2	·	·	PoC 4	enterprise linux workstation (8) · enterprise linux desktop (8) · enterprise linux server (8)	—
16	mozilla	20	8	·	·		firefox (20)	—
17	canonical ltd.	19	8	·	·	×3.8PoC 4	ubuntu (19)	—
18	oracle	19	2	·	·	PoC 5	linux (13) · vm server (5) · solaris (3)	—
19	php	19	10	·	·	×3.2PoC 5	php (19)	—
20	php group	17	9	·	·	×8.5PoC 4	php (17)	—
21	emc	14	3	·	·	×7.0	avamar server (5) · vipr srm (5) · documentum d2 (1)	—
22	openssl	13	3	·	·	PoC 2	openssl (13)	—
23	adobe systems inc.	12	·	·	·	PoC 2	flash player (11) · coldfusion (1)	—
24	hp	11	2	·	·	PoC 1	icewall sso agent option (2) · integrated lights-out 3 firmware (2) · network automation (2)	—
25	novell	11	1	·	·	PoC 1	suse linux enterprise software development kit (7) · suse linux enterprise desktop (7) · suse linux enterprise server (7)	—
26	openssl software foundation	11	3	·	·	PoC 1	openssl (11)	—
27	maven	10	2	·	·	PoC 1	org.jboss.resteasy:resteasy-jaxrs (1) · org.wildfly:wildfly-undertow (1) · org.cloudfoundry.identity:cloudfoundry-identity-server (1)	—
28	pivotal software	9	3	·	·	NEW	cloud foundry elastic runtime (6) · cloud foundry ops manager (3) · cloud foundry (3)	—
29	suse	9	·	·	·	PoC 4	linux enterprise desktop (9) · linux enterprise server (9) · linux enterprise software development kit (9)	—
30	gnu	8	·	·	·	×4.0PoC 1	libidn (4) · mailman (2) · wget (1)	—
31	red hat inc.	8	2	·	·	×8.0PoC 1	red hat enterprise linux (7) · red hat enterprise linux server (1) · red hat jboss enterprise web server (1)	—
32	novell inc.	7	2	·	·	PoC 1	opensuse leap (6) · suse linux enterprise desktop (3) · suse linux enterprise server (3)	—
33	apache	6	1	·	·	PoC 2	ranger (1) · activemq artemis (1) · cxf fediz (1)	—
34	fedoraproject	6	·	·	·	PoC 1	fedora (6)	—
35	fortinet	6	1	·	·	×3.0	fortiwan (5) · fortiswitch (1)	—
36	nodejs	6	1	·	·	×3.0PoC 2	node.js (6)	—
37	wireshark	6	·	·	·		wireshark (6)	—
38	ооо «русбитех-астра»	6	1	·	·	×3.0	astra linux common edition (4) · astra linux special edition (2)	—
39	juniper	5	1	·	·		junos (5)	—
40	qemu	5	·	·	·		qemu (5)	—
41	cloudfoundry	4	1	·	·	NEW	cloud foundry uaa bosh (3) · php-buildpack (1)	—
42	fabrice bellard	4	·	·	·	×4.0	qemu (4)	—
43	libtiff	4	·	·	·		libtiff (4)	—
44	pypi	4	1	·	·	PoC 1	trytond (2) · murano (1) · murano-dashboard (1)	—
45	python	4	1	·	·	×4.0PoC 1	python (4)	—
46	sap	4	1	·	·	PoC 4	trex (2) · hana (1) · hana db (1)	—
47	siemens	4	1	·	·	×4.0	en100 ethernet module firmware (3) · scalance m-800 firmware (1) · scalance s615 firmware (1)	—
48	xen	4	·	·	·		xen (4)	—
49	aver	3	2	·	·	NEW	eh6108h\+ firmware (3)	—
50	misp-project	3	2	·	·	NEW	malware information sharing platform (3)	—