month report

November 2016

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

November 2016 closed with 398 published CVEs — +8.2% YoY . 34 criticals, ibm led volume, mostly via bigfix remote control. Biggest breakout: nuget at ×8.0 their 12-month median. Top weakness class — CWE-264 (66 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

398

— MoM+8.2% YoY

Severity mix

34 / 197

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

0.0%

0 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

—

n=0

Within 7 days

—%

Within 30 days

—%

Days → KEV (median)

1944

n=8

Detection gap

KEV pressure, no Nuclei coverage

November 2016 · vendors with active exploitation listed by CISA but no public detection template.

KEV 4microsoft67 CVE
KEV 4microsoft corp54 CVE
KEV 2redhat16 CVE
KEV 2nuget8 CVE
KEV 1linux28 CVE
KEV 1debian16 CVE
KEV 1adobe12 CVE
KEV 1сообщество свободного программного обеспечения11 CVE

Weakness × Vendor

What's spreading where in November 2016

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

8.0×nuget8 CVE
6.3×nvidia25 CVE
3.3×ibm70 CVE
3.1×linux28 CVE
3.0×siemens6 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#5google inc.50 CVE
#9exponentcms18 CVE
#25hdfgroup4 CVE
#30lenovo group ltd.3 CVE
#33teradata3 CVE
#39moinmo2 CVE
#46squareup2 CVE
#477-zip1 CVE
#50boa1 CVE
#53dbd-mysql project1 CVE

Top vendors

Ranked by distinct CVE count this period.

1ibm—
70 CVE2 critCVSS 5.4
×3.3
bigfix remote control (19) · rational team concert (10) · rational doors next generation (9)
2microsoft—
67 CVECVSS 7.3
KEV 4PoC 12
windows server 2016 (29) · windows 10 (29) · windows rt 8.1 (27)
3microsoft corp—
54 CVE1 critCVSS 7.2
KEV 4PoC 13
windows 10 (24) · windows 8.1 (20) · windows server 2016 (20)
4google—
52 CVE1 critCVSS 6.8
PoC 2
android (52)
5google inc.—
50 CVE1 critCVSS 6.8
NEWPoC 2
android (50)
6linux—
28 CVE1 critCVSS 6.8
×3.1KEV 1PoC 2
linux kernel (28)
7nvidia—
25 CVECVSS 7.6
×6.3PoC 14
gpu driver (20) · geforce experience (5)
8cisco—
20 CVE4 critCVSS 7.1
email security appliance firmware (3) · ios xe (2) · ip interoperability and collaboration system (2)
9exponentcms—
18 CVE6 critCVSS 7.9
NEW
exponent cms (18)
10debian—
16 CVECVSS 6.3
KEV 1PoC 1
debian linux (16)
11redhat—
16 CVECVSS 8.0
KEV 2PoC 1
enterprise linux workstation (11) · enterprise linux desktop (11) · enterprise linux server (11)
12adobe—
12 CVE1 critCVSS 8.9
KEV 1PoC 1
flash player (10) · flash player for linux (9) · connect (1)
13сообщество свободного программного обеспечения—
11 CVE1 critCVSS 6.1
KEV 1PoC 4
linux (8) · debian gnu/linux (5) · libxml2 (1)
14libtiff—
8 CVE8 critCVSS 9.8
PoC 1
libtiff (8)
15nuget—
8 CVECVSS 7.8
×8.0KEV 2PoC 5
microsoft.chakracore (8)
16opensuse—
8 CVECVSS 6.0
leap (8)
17qemu—
8 CVECVSS 6.0
qemu (8)
18dotcms—
7 CVE1 critCVSS 8.9
PoC 3
dotcms (7)
19packagist—
6 CVECVSS 6.5
PoC 5
drupal/core (4) · drupal/drupal (3) · moodle/moodle (2)
20siemens—
6 CVE1 critCVSS 7.7
×3.0KEV 1
simatic cp 343-1 firmware (2) · simatic s7 400 cpu firmware (2) · simatic cp 443-1 firmware (2)
21ооо «русбитех-астра»—
6 CVECVSS 5.8
KEV 1PoC 2
astra linux special edition (6) · astra linux special edition для «эльбрус» (1)
22wireshark—
5 CVECVSS 5.9
wireshark (5)
23canonical—
4 CVECVSS 7.0
KEV 1PoC 2
ubuntu linux (4)
24drupal—
4 CVECVSS 6.3
PoC 3
drupal (4)
25hdfgroup—
4 CVECVSS 8.6
NEWPoC 1
hdf5 (4)
26paloaltonetworks—
4 CVE1 critCVSS 7.8
KEV 1PoC 3
pan-os (4)
27pypi—
4 CVECVSS 6.4
PoC 1
pillow (2) · moin (2)
28adobe systems inc.—
3 CVE1 critCVSS 8.8
KEV 1
adobe acrobat (1) · acrobat reader (1) · adobe acrobat document cloud (1)
29lenovo—
3 CVECVSS 4.4
bios (1) · notebook 110 14ibr bios (1) · notebook 110 15ibr bios (1)
30lenovo group ltd.—
3 CVECVSS 5.5
NEW
all thinkpad, thinkcentre, thinkstation and lenovo-branded systems preloaded with the windows 10 operating system, or any system running lenovo companion, lenovo settings, or lenovo id. (1) · lenovo notebook models 110-14ibr/110-15ibr, b70-80, e31-80, e40-80, e41-80, e51-80, g40-80, g50-80, g50-80 touch, ideapad 300-14ibr/300-15ibr, ideapad 300-14isk/300-15isk/300-17isk, ideapad 510s-12isk, k21-80, k41-80, miix 710-12ikb , xiaoxin air 12, yoga 510-14isk/510-15isk, yoga 710-11ikb, yoga 710-11isk, yoga 900-13isk, yoga 900s-12isk; thinkserver models thinkserver ts150, thinkserver ts450 (1) · thinkpad systems (1)
31moodle—
3 CVECVSS 7.9
PoC 3
moodle (3)
32samsung—
3 CVECVSS 6.8
samsung mobile (3)
33teradata—
3 CVE1 critCVSS 8.5
NEWPoC 1
virtual machine (2) · virtual machine community edition (2) · studio express (1)
34artifex—
2 CVECVSS 7.5
mujs (2)
35fedoraproject—
2 CVECVSS 7.4
KEV 1PoC 2
fedora (2)
36joomla—
2 CVE1 critCVSS 8.9
PoC 2
joomla\! (2)
37maven—
2 CVECVSS 8.2
PoC 1
com.sparkjava:spark-core (1) · org.apache.hadoop:hadoop-common (1)
38microfocus—
2 CVE1 critCVSS 7.2
PoC 1
host access management and security server (1) · reflection for the web (1) · reflection security gateway (1)
39moinmo—
2 CVECVSS 6.1
NEWPoC 1
moinmoin (2)
40netapp—
2 CVECVSS 7.1
KEV 1PoC 1
solidfire (2) · oncommand balance (1) · oncommand unified manager for clustered data ontap (1)
41python—
2 CVECVSS 6.7
pillow (2)
42red hat inc.—
2 CVECVSS 5.5
PoC 1
red hat enterprise linux (1) · se linux (1)
43rubygems—
2 CVE1 critCVSS 9.3
PoC 2
git-fastclone (2)
44sap—
2 CVECVSS 7.0
KEV 1
netweaver application server java (2)
45siemens ag—
2 CVECVSS 6.5
KEV 1
primary setup tool (pst) (1) · security configuration tool (1) · simatic cp 1543-1 (1)
46squareup—
2 CVE1 critCVSS 9.3
NEWPoC 2
git-fastclone (2)
477-zip—
1 CVECVSS 7.5
NEW
p7zip (1)
48apache—
1 CVECVSS 8.8
hadoop (1)
49avast—
1 CVECVSS 5.5
business security (1) · email server security (1) · endpoint protection (1)
50boa—
1 CVECVSS 7.5
NEWPoC 1
boa (1)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	ibm	70	2	·	·	×3.3	bigfix remote control (19) · rational team concert (10) · rational doors next generation (9)	—
2	microsoft	67	·	4	·	KEV 4PoC 12	windows server 2016 (29) · windows 10 (29) · windows rt 8.1 (27)	—
3	microsoft corp	54	1	4	·	KEV 4PoC 13	windows 10 (24) · windows 8.1 (20) · windows server 2016 (20)	—
4	google	52	1	·	·	PoC 2	android (52)	—
5	google inc.	50	1	·	·	NEWPoC 2	android (50)	—
6	linux	28	1	1	·	×3.1KEV 1PoC 2	linux kernel (28)	—
7	nvidia	25	·	·	·	×6.3PoC 14	gpu driver (20) · geforce experience (5)	—
8	cisco	20	4	·	·		email security appliance firmware (3) · ios xe (2) · ip interoperability and collaboration system (2)	—
9	exponentcms	18	6	·	·	NEW	exponent cms (18)	—
10	debian	16	·	1	·	KEV 1PoC 1	debian linux (16)	—
11	redhat	16	·	2	·	KEV 2PoC 1	enterprise linux workstation (11) · enterprise linux desktop (11) · enterprise linux server (11)	—
12	adobe	12	1	1	·	KEV 1PoC 1	flash player (10) · flash player for linux (9) · connect (1)	—
13	сообщество свободного программного обеспечения	11	1	1	·	KEV 1PoC 4	linux (8) · debian gnu/linux (5) · libxml2 (1)	—
14	libtiff	8	8	·	·	PoC 1	libtiff (8)	—
15	nuget	8	·	2	·	×8.0KEV 2PoC 5	microsoft.chakracore (8)	—
16	opensuse	8	·	·	·		leap (8)	—
17	qemu	8	·	·	·		qemu (8)	—
18	dotcms	7	1	·	·	PoC 3	dotcms (7)	—
19	packagist	6	·	·	·	PoC 5	drupal/core (4) · drupal/drupal (3) · moodle/moodle (2)	—
20	siemens	6	1	1	·	×3.0KEV 1	simatic cp 343-1 firmware (2) · simatic s7 400 cpu firmware (2) · simatic cp 443-1 firmware (2)	—
21	ооо «русбитех-астра»	6	·	1	·	KEV 1PoC 2	astra linux special edition (6) · astra linux special edition для «эльбрус» (1)	—
22	wireshark	5	·	·	·		wireshark (5)	—
23	canonical	4	·	1	·	KEV 1PoC 2	ubuntu linux (4)	—
24	drupal	4	·	·	·	PoC 3	drupal (4)	—
25	hdfgroup	4	·	·	·	NEWPoC 1	hdf5 (4)	—
26	paloaltonetworks	4	1	1	·	KEV 1PoC 3	pan-os (4)	—
27	pypi	4	·	·	·	PoC 1	pillow (2) · moin (2)	—
28	adobe systems inc.	3	1	1	·	KEV 1	adobe acrobat (1) · acrobat reader (1) · adobe acrobat document cloud (1)	—
29	lenovo	3	·	·	·		bios (1) · notebook 110 14ibr bios (1) · notebook 110 15ibr bios (1)	—
30	lenovo group ltd.	3	·	·	·	NEW	all thinkpad, thinkcentre, thinkstation and lenovo-branded systems preloaded with the windows 10 operating system, or any system running lenovo companion, lenovo settings, or lenovo id. (1) · lenovo notebook models 110-14ibr/110-15ibr, b70-80, e31-80, e40-80, e41-80, e51-80, g40-80, g50-80, g50-80 touch, ideapad 300-14ibr/300-15ibr, ideapad 300-14isk/300-15isk/300-17isk, ideapad 510s-12isk, k21-80, k41-80, miix 710-12ikb , xiaoxin air 12, yoga 510-14isk/510-15isk, yoga 710-11ikb, yoga 710-11isk, yoga 900-13isk, yoga 900s-12isk; thinkserver models thinkserver ts150, thinkserver ts450 (1) · thinkpad systems (1)	—
31	moodle	3	·	·	·	PoC 3	moodle (3)	—
32	samsung	3	·	·	·		samsung mobile (3)	—
33	teradata	3	1	·	·	NEWPoC 1	virtual machine (2) · virtual machine community edition (2) · studio express (1)	—
34	artifex	2	·	·	·		mujs (2)	—
35	fedoraproject	2	·	1	·	KEV 1PoC 2	fedora (2)	—
36	joomla	2	1	·	·	PoC 2	joomla\! (2)	—
37	maven	2	·	·	·	PoC 1	com.sparkjava:spark-core (1) · org.apache.hadoop:hadoop-common (1)	—
38	microfocus	2	1	·	·	PoC 1	host access management and security server (1) · reflection for the web (1) · reflection security gateway (1)	—
39	moinmo	2	·	·	·	NEWPoC 1	moinmoin (2)	—
40	netapp	2	·	1	·	KEV 1PoC 1	solidfire (2) · oncommand balance (1) · oncommand unified manager for clustered data ontap (1)	—
41	python	2	·	·	·		pillow (2)	—
42	red hat inc.	2	·	·	·	PoC 1	red hat enterprise linux (1) · se linux (1)	—
43	rubygems	2	1	·	·	PoC 2	git-fastclone (2)	—
44	sap	2	·	1	·	KEV 1	netweaver application server java (2)	—
45	siemens ag	2	·	1	·	KEV 1	primary setup tool (pst) (1) · security configuration tool (1) · simatic cp 1543-1 (1)	—
46	squareup	2	1	·	·	NEWPoC 2	git-fastclone (2)	—
47	7-zip	1	·	·	·	NEW	p7zip (1)	—
48	apache	1	·	·	·		hadoop (1)	—
49	avast	1	·	·	·		business security (1) · email server security (1) · endpoint protection (1)	—
50	boa	1	·	·	·	NEWPoC 1	boa (1)	—