month report
June 2017
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
June 2017 closed with 1,048 published CVEs. 133 criticals, microsoft led volume, mostly via windows server 2016. Biggest breakout: google inc at ×36.0 their 12-month median. Top weakness class — CWE-119 (127 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,048
— MoM— YoY
Severity mix
133 / 454
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
1.3%
14 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
3190.8
n=14
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
1753
n=4
Detection gap
KEV pressure, no Nuclei coverage
June 2017 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 2microsoft106 CVE
- KEV 2microsoft corporation101 CVE
- KEV 2microsoft corp39 CVE
Weakness × Vendor
What's spreading where in June 2017
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
119Memory Buffer Bounds200Information Exposure79XSS20Improper Input Validation295Improper Certificate Validation125Out-of-bounds Read284CWE-28489SQL Injection352CSRF476NULL Pointer Dereferencemicrosoft204432microsoft corporation174332google18108397qualcomm, inc.1766386google inc1815336ibm418162211debian832134сообщество свободного программного обеспечения1132183microsoft corp181cisco262811ооо «русбитех-астра»1032253redhat4421
Breakout vendors
CVE count ≥3× their own 12-period median.
- 36.0×google inc72 CVE
- 13.0×apache software foundation13 CVE
- 9.0×ооо «русбитех-астра»36 CVE
- 9.0×cisco systems inc.9 CVE
- 8.3×gnu25 CVE
- 8.0×schneider-electric8 CVE
- 6.0×rockwellautomation6 CVE
- 4.7×сообщество свободного программного обеспечения47 CVE
- 4.4×lenovo11 CVE
- 4.0×cloudfoundry10 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #2microsoft corporation101 CVE
- #4qualcomm, inc.75 CVE
- #14meafinancial25 CVE
- #18foscam18 CVE
- #20google inc.17 CVE
- #22bigtreecms15 CVE
- #27lenovo group ltd.13 CVE
- #29audiocoding12 CVE
- #34cybozu, inc.10 CVE
- #46lame project7 CVE
Top vendors
Ranked by distinct CVE count this period.
- 106 CVE1 critCVSS 6.3KEV 2PoC 38windows server 2016 (61) · windows 10 (58) · windows server 2012 (54)
- 101 CVE1 critCVSS 6.3NEWKEV 2PoC 37microsoft windows (48) · microsoft edge (12) · microsoft office (8)
- 98 CVECVSS 7.0PoC 1android (97) · chrome (1)
- 75 CVECVSS 7.2NEWall qualcomm products (75)
- 72 CVE1 critCVSS 7.5×36.0android (71) · grpc (1)
- 62 CVE4 critCVSS 6.2PoC 1sterling b2b integrator (11) · rational quality manager (6) · rational doors next generation (6)
- 48 CVE2 critCVSS 7.0PoC 4debian linux (48)
- 47 CVE5 critCVSS 7.0×4.7KEV 1Nuclei 1PoC 13debian gnu/linux (18) · freeware advanced audio decoder 2 (11) · linux (10)
- 39 CVE1 critCVSS 8.3KEV 2PoC 7windows 8.1 (12) · windows server 2016 (12) · windows rt 8.1 (12)
- 38 CVE3 critCVSS 7.3elastic services controller (9) · ultra services framework element manager (3) · ultra services framework (2)
- 36 CVE4 critCVSS 6.8×9.0PoC 7astra linux special edition (30) · astra linux common edition (9) · astra linux special edition для «эльбрус» (4)
- 27 CVE5 critCVSS 7.9PoC 2enterprise linux server (12) · enterprise linux workstation (12) · enterprise linux desktop (12)
- 25 CVE3 critCVSS 7.7×8.3PoC 9binutils (17) · glibc (3) · ncurses (2)
- 25 CVECVSS 5.9NEWalgonquin state bank mobile banking (1) · avb bank mobile banking (1) · blue ridge bank and trust co. mobile banking (1)
- 22 CVE21 critCVSS 9.7PoC 3flash player (10) · digital editions (9) · captivate (2)
- 21 CVECVSS 6.7PoC 1kibana (11) · logstash (5) · elastic x-pack security (4)
- 19 CVE3 critCVSS 7.3PoC 1org.cloudfoundry.identity:cloudfoundry-identity-server (4) · org.apache.ranger:ranger (3) · org.apache.nifi:nifi (2)
- 18 CVE2 critCVSS 8.5NEWPoC 3indoor ip camera c1 series (17) · c1 indoor hd camera firmware (16) · c1 webcam firmware (1)
- 18 CVE5 critCVSS 8.1PoC 1horizon view (8) · workstation player (7) · workstation (7)
- 17 CVECVSS 6.1NEWandroid (17)
- 16 CVE4 critCVSS 7.5PoC 3ranger (4) · http server (4) · nifi (2)
- 15 CVE1 critCVSS 7.3NEWPoC 4bigtree cms (15)
- 15 CVECVSS 7.2PoC 2wireshark (15)
- 14 CVECVSS 6.9PoC 4linux kernel (14)
- 13 CVE4 critCVSS 8.1×13.0PoC 2apache http server (4) · http server (4) · apache ranger (4)
- 13 CVECVSS 7.0PoC 5ubuntu linux (13)
- 13 CVECVSS 6.8NEWservice bridge (4) · lenovo vibe and lenovo china-only moto mobile phones (3) · lenovo system x imm2 (1)
- 13 CVE3 critCVSS 8.0cloud foundry uaa (7) · rabbitmq (3) · cloud foundry elastic runtime (3)
- 12 CVECVSS 5.5NEWPoC 1freeware advanced audio decoder 2 (11) · freeware advanced audio coder (1)
- 11 CVE11 critCVSS 9.8PoC 3shockwave player (8) · flash player (3) · adobe flash player extended support release (1)
- 11 CVECVSS 6.0garoon (8) · dezie (2) · kintone (1)
- 11 CVECVSS 7.0×4.4lenovo service bridge (4) · xclarity administrator (1) · active protection system (1)
- 10 CVE3 critCVSS 7.9×4.0cf-release (8) · cloud foundry uaa bosh (6) · routing-release (1)
- 10 CVECVSS 6.0NEWcybozu garoon (7) · cybozu dezie (2) · kintone mobile for android (1)
- 9 CVE3 critCVSS 8.7×9.0elastic services controller (3) · prime data center network manager (2) · anyconnect secure mobility client (1)
- 9 CVE3 critCVSS 7.5vnx1 firmware (3) · vnx2 firmware (3) · rsa identity management and governance (2)
- 9 CVE1 critCVSS 7.2PoC 3fedora (8) · arm installer (1)
- 9 CVE1 critCVSS 7.3PoC 2piwigo (9)
- 8 CVE2 critCVSS 8.6PoC 1vmware fusion (4) · vmware workstation pro (3) · vmware esxi (3)
- 8 CVE1 critCVSS 7.7PoC 1oceanstor uds firmware (3) · s7700 firmware (2) · s9300 firmware (2)
- 8 CVECVSS 6.5imagemagick (8)
- 8 CVECVSS 6.9PoC 2libtiff (8)
- 8 CVE2 critCVSS 7.5KEV 1Nuclei 1PoC 4solaris (3) · secure global desktop (2) · enterprise manager base platform (1)
- 8 CVE3 critCVSS 7.7×8.0PoC 1modicon m251 firmware (3) · modicon m241 firmware (3) · modbus firmware (2)
- 7 CVECVSS 8.0ffmpeg (7)
- 7 CVECVSS 6.2NEWPoC 3lame (7)
- 7 CVECVSS 6.5NEWPoC 7libquicktime (7)
- 7 CVE1 critCVSS 7.3PoC 5leap (6) · opensuse (1)
- 7 CVE3 critCVSS 8.7KEV 1Nuclei 1PoC 4dolibarr/dolibarr (2) · craftcms/cms (1) · nilsteampassnet/teampass (1)
- 7 CVE2 critCVSS 7.7NEWPoC 71350hw2 firmware (7) · 2500 firmware (7) · 380hw6 firmware (7)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | microsoft | 106 | 1 | 2 | · | KEV 2PoC 38 | windows server 2016 (61) · windows 10 (58) · windows server 2012 (54) | — | |
| 2 | microsoft corporation | 101 | 1 | 2 | · | NEWKEV 2PoC 37 | microsoft windows (48) · microsoft edge (12) · microsoft office (8) | — | |
| 3 | 98 | · | · | · | PoC 1 | android (97) · chrome (1) | — | ||
| 4 | qualcomm, inc. | 75 | · | · | · | NEW | all qualcomm products (75) | — | |
| 5 | google inc | 72 | 1 | · | · | ×36.0 | android (71) · grpc (1) | — | |
| 6 | ibm | 62 | 4 | · | · | PoC 1 | sterling b2b integrator (11) · rational quality manager (6) · rational doors next generation (6) | — | |
| 7 | debian | 48 | 2 | · | · | PoC 4 | debian linux (48) | — | |
| 8 | сообщество свободного программного обеспечения | 47 | 5 | 1 | 1 | ×4.7KEV 1Nuclei 1PoC 13 | debian gnu/linux (18) · freeware advanced audio decoder 2 (11) · linux (10) | — | |
| 9 | microsoft corp | 39 | 1 | 2 | · | KEV 2PoC 7 | windows 8.1 (12) · windows server 2016 (12) · windows rt 8.1 (12) | — | |
| 10 | cisco | 38 | 3 | · | · | elastic services controller (9) · ultra services framework element manager (3) · ultra services framework (2) | — | ||
| 11 | ооо «русбитех-астра» | 36 | 4 | · | · | ×9.0PoC 7 | astra linux special edition (30) · astra linux common edition (9) · astra linux special edition для «эльбрус» (4) | — | |
| 12 | redhat | 27 | 5 | · | · | PoC 2 | enterprise linux server (12) · enterprise linux workstation (12) · enterprise linux desktop (12) | — | |
| 13 | gnu | 25 | 3 | · | · | ×8.3PoC 9 | binutils (17) · glibc (3) · ncurses (2) | — | |
| 14 | meafinancial | 25 | · | · | · | NEW | algonquin state bank mobile banking (1) · avb bank mobile banking (1) · blue ridge bank and trust co. mobile banking (1) | — | |
| 15 | adobe | 22 | 21 | · | · | PoC 3 | flash player (10) · digital editions (9) · captivate (2) | — | |
| 16 | elastic | 21 | · | · | · | PoC 1 | kibana (11) · logstash (5) · elastic x-pack security (4) | — | |
| 17 | maven | 19 | 3 | · | · | PoC 1 | org.cloudfoundry.identity:cloudfoundry-identity-server (4) · org.apache.ranger:ranger (3) · org.apache.nifi:nifi (2) | — | |
| 18 | foscam | 18 | 2 | · | · | NEWPoC 3 | indoor ip camera c1 series (17) · c1 indoor hd camera firmware (16) · c1 webcam firmware (1) | — | |
| 19 | vmware | 18 | 5 | · | · | PoC 1 | horizon view (8) · workstation player (7) · workstation (7) | — | |
| 20 | google inc. | 17 | · | · | · | NEW | android (17) | — | |
| 21 | apache | 16 | 4 | · | · | PoC 3 | ranger (4) · http server (4) · nifi (2) | — | |
| 22 | bigtreecms | 15 | 1 | · | · | NEWPoC 4 | bigtree cms (15) | — | |
| 23 | wireshark | 15 | · | · | · | PoC 2 | wireshark (15) | — | |
| 24 | linux | 14 | · | · | · | PoC 4 | linux kernel (14) | — | |
| 25 | apache software foundation | 13 | 4 | · | · | ×13.0PoC 2 | apache http server (4) · http server (4) · apache ranger (4) | — | |
| 26 | canonical | 13 | · | · | · | PoC 5 | ubuntu linux (13) | — | |
| 27 | lenovo group ltd. | 13 | · | · | · | NEW | service bridge (4) · lenovo vibe and lenovo china-only moto mobile phones (3) · lenovo system x imm2 (1) | — | |
| 28 | pivotal software | 13 | 3 | · | · | cloud foundry uaa (7) · rabbitmq (3) · cloud foundry elastic runtime (3) | — | ||
| 29 | audiocoding | 12 | · | · | · | NEWPoC 1 | freeware advanced audio decoder 2 (11) · freeware advanced audio coder (1) | — | |
| 30 | adobe systems inc. | 11 | 11 | · | · | PoC 3 | shockwave player (8) · flash player (3) · adobe flash player extended support release (1) | — | |
| 31 | cybozu | 11 | · | · | · | garoon (8) · dezie (2) · kintone (1) | — | ||
| 32 | lenovo | 11 | · | · | · | ×4.4 | lenovo service bridge (4) · xclarity administrator (1) · active protection system (1) | — | |
| 33 | cloudfoundry | 10 | 3 | · | · | ×4.0 | cf-release (8) · cloud foundry uaa bosh (6) · routing-release (1) | — | |
| 34 | cybozu, inc. | 10 | · | · | · | NEW | cybozu garoon (7) · cybozu dezie (2) · kintone mobile for android (1) | — | |
| 35 | cisco systems inc. | 9 | 3 | · | · | ×9.0 | elastic services controller (3) · prime data center network manager (2) · anyconnect secure mobility client (1) | — | |
| 36 | emc | 9 | 3 | · | · | vnx1 firmware (3) · vnx2 firmware (3) · rsa identity management and governance (2) | — | ||
| 37 | fedoraproject | 9 | 1 | · | · | PoC 3 | fedora (8) · arm installer (1) | — | |
| 38 | piwigo | 9 | 1 | · | · | PoC 2 | piwigo (9) | — | |
| 39 | broadcom inc. | 8 | 2 | · | · | PoC 1 | vmware fusion (4) · vmware workstation pro (3) · vmware esxi (3) | — | |
| 40 | huawei | 8 | 1 | · | · | PoC 1 | oceanstor uds firmware (3) · s7700 firmware (2) · s9300 firmware (2) | — | |
| 41 | imagemagick | 8 | · | · | · | imagemagick (8) | — | ||
| 42 | libtiff | 8 | · | · | · | PoC 2 | libtiff (8) | — | |
| 43 | oracle | 8 | 2 | 1 | 1 | KEV 1Nuclei 1PoC 4 | solaris (3) · secure global desktop (2) · enterprise manager base platform (1) | — | |
| 44 | schneider-electric | 8 | 3 | · | · | ×8.0PoC 1 | modicon m251 firmware (3) · modicon m241 firmware (3) · modbus firmware (2) | — | |
| 45 | ffmpeg | 7 | · | · | · | ffmpeg (7) | — | ||
| 46 | lame project | 7 | · | · | · | NEWPoC 3 | lame (7) | — | |
| 47 | libquicktime | 7 | · | · | · | NEWPoC 7 | libquicktime (7) | — | |
| 48 | opensuse | 7 | 1 | · | · | PoC 5 | leap (6) · opensuse (1) | — | |
| 49 | packagist | 7 | 3 | 1 | 1 | KEV 1Nuclei 1PoC 4 | dolibarr/dolibarr (2) · craftcms/cms (1) · nilsteampassnet/teampass (1) | — | |
| 50 | peplink | 7 | 2 | · | · | NEWPoC 7 | 1350hw2 firmware (7) · 2500 firmware (7) · 380hw6 firmware (7) | — |