month report
March 2017
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
March 2017 closed with 1,373 published CVEs — +312.3% YoY . 138 criticals, microsoft led volume, mostly via windows server 2008. Biggest breakout: imagemagick at ×19.4 their 12-month median. Top weakness class — CWE-119 (180 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,373
— MoM+312.3% YoY
Severity mix
138 / 536
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
2.0%
28 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
3283.6
n=28
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
1834
n=17
Detection gap
KEV pressure, no Nuclei coverage
March 2017 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 12microsoft corporation129 CVE
- KEV 6siemens13 CVE
- KEV 1сообщество свободного программного обеспечения29 CVE
Weakness × Vendor
What's spreading where in March 2017
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
119Memory Buffer Bounds79XSS200Information Exposure20Improper Input Validation125Out-of-bounds Read476NULL Pointer Dereference264CWE-264352CSRF190Integer Overflow89SQL Injectionmicrosoft4043812111microsoft corp4043812111microsoft corporation4043710111imagemagick3612761google inc1116722google inc.1119721debian9417112112linux11853333ibm116123124ibm corporation115122124google11452opensuse92134
Breakout vendors
CVE count ≥3× their own 12-period median.
- 19.4×imagemagick97 CVE
- 17.5×intel35 CVE
- 17.0×jasper project34 CVE
- 16.0×imagemagick studio llc32 CVE
- 12.0×openbsd12 CVE
- 12.0×owncloud12 CVE
- 11.6×gnu29 CVE
- 11.3×mcafee34 CVE
- 11.0×mcafee inc.11 CVE
- 10.0×libav10 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #3microsoft corporation129 CVE
- #6google inc.83 CVE
- #10ibm corporation53 CVE
- #23opensuse project20 CVE
- #28podofo project16 CVE
- #33audiofile13 CVE
- #38virglrenderer project12 CVE
- #44cloudera10 CVE
- #45exponentcms10 CVE
- #46libav10 CVE
Top vendors
Ranked by distinct CVE count this period.
- 134 CVE3 critCVSS 6.4×3.4KEV 13Nuclei 1PoC 50windows server 2008 (61) · windows 7 (57) · windows vista (56)
- 133 CVE3 critCVSS 6.6×4.0KEV 13Nuclei 1PoC 50windows server 2008 service pack 2 (65) · windows vista service pack 2 (61) · windows 7 service pack 1 (59)
- 129 CVE1 critCVSS 6.4NEWKEV 12PoC 47windows uniscribe (28) · browser (20) · office (10)
- 97 CVE10 critCVSS 6.9×19.4imagemagick (97)
- 86 CVECVSS 6.7PoC 1android (86)
- 83 CVECVSS 6.6NEWPoC 1android (83)
- 71 CVE6 critCVSS 6.9Nuclei 4PoC 11debian linux (71)
- 67 CVE1 critCVSS 6.6×3.5PoC 1linux kernel (67)
- 56 CVE2 critCVSS 6.6×3.3KEV 1Nuclei 1PoC 1qradar security information and event manager (13) · qradar incident forensics (6) · rational rhapsody design manager (5)
- 53 CVE1 critCVSS 6.2NEWqradar siem (12) · rational collaborative lifecycle management (5) · kenexa lcms premier on cloud (5)
- 48 CVECVSS 6.8PoC 1android (48)
- 37 CVE9 critCVSS 7.5PoC 1leap (28) · opensuse (18)
- 35 CVE1 critCVSS 6.9×17.5PoC 10virusscan enterprise linux (vsel) (10) · mcafee application control (mac) (3) · anti-virus engine (ave) (2)
- 34 CVECVSS 6.3×17.0PoC 3jasper (34)
- 34 CVE2 critCVSS 6.9×11.3PoC 10virusscan enterprise (10) · security scan plus (5) · application control (5)
- 32 CVE5 critCVSS 7.2×16.0imagemagick (32)
- 31 CVE3 critCVSS 7.2KEV 1Nuclei 1PoC 1ios xe (8) · ios (5) · unified communications manager (3)
- 29 CVE6 critCVSS 7.4×11.6PoC 1binutils (17) · glibc (5) · gnutls (4)
- 29 CVE8 critCVSS 7.5KEV 1PoC 3debian gnu/linux (13) · linux (10) · libgd2 (3)
- 22 CVE5 critCVSS 7.5ubuntu linux (21) · ubuntu touch (1) · ubuntu core (1)
- 21 CVE3 critCVSS 9.6×3.5KEV 1Nuclei 1PoC 1cisco ios (6) · unified communications manager (3) · nx-os (3)
- 20 CVECVSS 6.8PoC 3fedora (20)
- 20 CVE5 critCVSS 7.8NEWPoC 1leap (19) · suse linux enterprise software development kit (12) · suse linux enterprise server (11)
- 20 CVE1 critCVSS 6.5×5.0Nuclei 1PoC 5moodle/moodle (5) · drupal/drupal (3) · mantisbt/mantisbt (3)
- 20 CVE2 critCVSS 6.5×5.0PoC 8plone (7) · pysaml2 (2) · cherrymusic (2)
- 18 CVE4 critCVSS 6.8revive adserver (18)
- 17 CVE1 critCVSS 6.6PoC 1qemu (17)
- 16 CVE1 critCVSS 6.3NEWpodofo (16)
- 15 CVE2 critCVSS 7.2PoC 2opensuse leap (15) · suse linux enterprise server (2) · suse linux enterprise desktop (2)
- 14 CVE1 critCVSS 6.8×3.5PoC 1qemu (14)
- 14 CVE5 critCVSS 8.0KEV 1Nuclei 1PoC 3org.apache.ambari:ambari (2) · org.webjars.npm:jquery-ui (1) · ch.qos.logback:logback-classic (1)
- 13 CVE5 critCVSS 8.0KEV 1Nuclei 1PoC 2tomcat (4) · ambari (3) · camel (3)
- 13 CVECVSS 5.9NEWPoC 1audiofile (13)
- 13 CVECVSS 6.9PoC 3libtiff (13)
- 13 CVECVSS 8.3×6.5KEV 6PoC 7versant kpcr sample prep firmware (6) · acuson p300 firmware (6) · acuson p500 firmware (6)
- 12 CVECVSS 6.1×12.0PoC 8openbsd (12)
- 12 CVECVSS 5.4×12.0PoC 5owncloud (12)
- 12 CVECVSS 6.3NEWvirglrenderer (12)
- 11 CVECVSS 6.2×11.0PoC 10mcafee virusscan enterprise (10) · mcafee application control (1)
- 11 CVE1 critCVSS 7.4×5.5access manager (10) · access governance suite (1)
- 11 CVE2 critCVSS 7.2linux enterprise software development kit (6) · linux enterprise server (6) · linux enterprise desktop (5)
- 11 CVE2 critCVSS 8.2×3.7netbackup (11) · netbackup appliance (11) · access (3)
- 10 CVE1 critCVSS 8.5flash player (7) · flash player desktop runtime (7) · reader (2)
- 10 CVE1 critCVSS 5.6NEWmanager (3) · cdh (2) · hue (2)
- 10 CVE10 critCVSS 9.8NEWPoC 10exponent cms (10)
- 10 CVECVSS 5.8NEW×10.0PoC 2libav (10)
- 10 CVECVSS 5.5NEW×10.0PoC 5nextcloud server (9) · nextcloud (1)
- 10 CVECVSS 6.3×10.0PoC 7openbsd (10)
- 10 CVECVSS 6.1NEWPoC 7webpagetest (10)
- 9 CVE1 critCVSS 8.5flash player (7) · adobe reader (1) · shockwave player (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | microsoft | 134 | 3 | 13 | 1 | ×3.4KEV 13Nuclei 1PoC 50 | windows server 2008 (61) · windows 7 (57) · windows vista (56) | — | |
| 2 | microsoft corp | 133 | 3 | 13 | 1 | ×4.0KEV 13Nuclei 1PoC 50 | windows server 2008 service pack 2 (65) · windows vista service pack 2 (61) · windows 7 service pack 1 (59) | — | |
| 3 | microsoft corporation | 129 | 1 | 12 | · | NEWKEV 12PoC 47 | windows uniscribe (28) · browser (20) · office (10) | — | |
| 4 | imagemagick | 97 | 10 | · | · | ×19.4 | imagemagick (97) | — | |
| 5 | google inc | 86 | · | · | · | PoC 1 | android (86) | — | |
| 6 | google inc. | 83 | · | · | · | NEWPoC 1 | android (83) | — | |
| 7 | debian | 71 | 6 | · | 4 | Nuclei 4PoC 11 | debian linux (71) | — | |
| 8 | linux | 67 | 1 | · | · | ×3.5PoC 1 | linux kernel (67) | — | |
| 9 | ibm | 56 | 2 | 1 | 1 | ×3.3KEV 1Nuclei 1PoC 1 | qradar security information and event manager (13) · qradar incident forensics (6) · rational rhapsody design manager (5) | — | |
| 10 | ibm corporation | 53 | 1 | · | · | NEW | qradar siem (12) · rational collaborative lifecycle management (5) · kenexa lcms premier on cloud (5) | — | |
| 11 | 48 | · | · | · | PoC 1 | android (48) | — | ||
| 12 | opensuse | 37 | 9 | · | · | PoC 1 | leap (28) · opensuse (18) | — | |
| 13 | intel | 35 | 1 | · | · | ×17.5PoC 10 | virusscan enterprise linux (vsel) (10) · mcafee application control (mac) (3) · anti-virus engine (ave) (2) | — | |
| 14 | jasper project | 34 | · | · | · | ×17.0PoC 3 | jasper (34) | — | |
| 15 | mcafee | 34 | 2 | · | · | ×11.3PoC 10 | virusscan enterprise (10) · security scan plus (5) · application control (5) | — | |
| 16 | imagemagick studio llc | 32 | 5 | · | · | ×16.0 | imagemagick (32) | — | |
| 17 | cisco | 31 | 3 | 1 | 1 | KEV 1Nuclei 1PoC 1 | ios xe (8) · ios (5) · unified communications manager (3) | — | |
| 18 | gnu | 29 | 6 | · | · | ×11.6PoC 1 | binutils (17) · glibc (5) · gnutls (4) | — | |
| 19 | сообщество свободного программного обеспечения | 29 | 8 | 1 | · | KEV 1PoC 3 | debian gnu/linux (13) · linux (10) · libgd2 (3) | — | |
| 20 | canonical | 22 | 5 | · | · | ubuntu linux (21) · ubuntu touch (1) · ubuntu core (1) | — | ||
| 21 | cisco systems inc. | 21 | 3 | 1 | 1 | ×3.5KEV 1Nuclei 1PoC 1 | cisco ios (6) · unified communications manager (3) · nx-os (3) | — | |
| 22 | fedoraproject | 20 | · | · | · | PoC 3 | fedora (20) | — | |
| 23 | opensuse project | 20 | 5 | · | · | NEWPoC 1 | leap (19) · suse linux enterprise software development kit (12) · suse linux enterprise server (11) | — | |
| 24 | packagist | 20 | 1 | · | 1 | ×5.0Nuclei 1PoC 5 | moodle/moodle (5) · drupal/drupal (3) · mantisbt/mantisbt (3) | — | |
| 25 | pypi | 20 | 2 | · | · | ×5.0PoC 8 | plone (7) · pysaml2 (2) · cherrymusic (2) | — | |
| 26 | revive-adserver | 18 | 4 | · | · | revive adserver (18) | — | ||
| 27 | qemu | 17 | 1 | · | · | PoC 1 | qemu (17) | — | |
| 28 | podofo project | 16 | 1 | · | · | NEW | podofo (16) | — | |
| 29 | novell inc. | 15 | 2 | · | · | PoC 2 | opensuse leap (15) · suse linux enterprise server (2) · suse linux enterprise desktop (2) | — | |
| 30 | fabrice bellard | 14 | 1 | · | · | ×3.5PoC 1 | qemu (14) | — | |
| 31 | maven | 14 | 5 | 1 | 1 | KEV 1Nuclei 1PoC 3 | org.apache.ambari:ambari (2) · org.webjars.npm:jquery-ui (1) · ch.qos.logback:logback-classic (1) | — | |
| 32 | apache | 13 | 5 | 1 | 1 | KEV 1Nuclei 1PoC 2 | tomcat (4) · ambari (3) · camel (3) | — | |
| 33 | audiofile | 13 | · | · | · | NEWPoC 1 | audiofile (13) | — | |
| 34 | libtiff | 13 | · | · | · | PoC 3 | libtiff (13) | — | |
| 35 | siemens | 13 | · | 6 | · | ×6.5KEV 6PoC 7 | versant kpcr sample prep firmware (6) · acuson p300 firmware (6) · acuson p500 firmware (6) | — | |
| 36 | openbsd | 12 | · | · | · | ×12.0PoC 8 | openbsd (12) | — | |
| 37 | owncloud | 12 | · | · | · | ×12.0PoC 5 | owncloud (12) | — | |
| 38 | virglrenderer project | 12 | · | · | · | NEW | virglrenderer (12) | — | |
| 39 | mcafee inc. | 11 | · | · | · | ×11.0PoC 10 | mcafee virusscan enterprise (10) · mcafee application control (1) | — | |
| 40 | netiq | 11 | 1 | · | · | ×5.5 | access manager (10) · access governance suite (1) | — | |
| 41 | suse | 11 | 2 | · | · | linux enterprise software development kit (6) · linux enterprise server (6) · linux enterprise desktop (5) | — | ||
| 42 | veritas | 11 | 2 | · | · | ×3.7 | netbackup (11) · netbackup appliance (11) · access (3) | — | |
| 43 | adobe | 10 | 1 | · | · | flash player (7) · flash player desktop runtime (7) · reader (2) | — | ||
| 44 | cloudera | 10 | 1 | · | · | NEW | manager (3) · cdh (2) · hue (2) | — | |
| 45 | exponentcms | 10 | 10 | · | · | NEWPoC 10 | exponent cms (10) | — | |
| 46 | libav | 10 | · | · | · | NEW×10.0PoC 2 | libav (10) | — | |
| 47 | nextcloud | 10 | · | · | · | NEW×10.0PoC 5 | nextcloud server (9) · nextcloud (1) | — | |
| 48 | openbsd project | 10 | · | · | · | ×10.0PoC 7 | openbsd (10) | — | |
| 49 | webpagetest project | 10 | · | · | · | NEWPoC 7 | webpagetest (10) | — | |
| 50 | adobe systems inc. | 9 | 1 | · | · | flash player (7) · adobe reader (1) · shockwave player (1) | — |