month report
August 2017
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
August 2017 closed with 1,564 published CVEs. 246 criticals, oracle led volume, mostly via jdk. Biggest breakout: google inc at ×98.0 their 12-month median. Top weakness class — CWE-119 (198 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,564
— MoM— YoY
Severity mix
246 / 657
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
1.9%
30 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
3122.1
n=30
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
1837
n=6
Detection gap
KEV pressure, no Nuclei coverage
August 2017 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 1cisco40 CVE
- KEV 1cisco systems inc.10 CVE
Weakness × Vendor
What's spreading where in August 2017
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
119Memory Buffer Bounds79XSS200Information Exposure20Improper Input Validation125Out-of-bounds Read89SQL Injection22Path Traversal772CWE-772287Improper Authentication416Use After Freeoracle241oracle corporation2google361223528qualcomm, inc.35102047debian81110102224google inc3015117сообщество свободного программного обеспечения10131645adobe56613adobe systems incorporated55613ibm2241451ооо «русбитех-астра»1014183113imagemagick3154303
Breakout vendors
CVE count ≥3× their own 12-period median.
- 98.0×google inc98 CVE
- 37.0×gnu37 CVE
- 28.0×apache software foundation28 CVE
- 26.0×ао «концерн вниинс»26 CVE
- 20.0×netapp50 CVE
- 18.0×gnu general public license18 CVE
- 15.0×ооо «русбитех-астра»75 CVE
- 13.4×oracle254 CVE
- 10.0×cisco systems inc.10 CVE
- 8.3×сообщество свободного программного обеспечения83 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #2oracle corporation239 CVE
- #4qualcomm, inc.119 CVE
- #9adobe systems incorporated79 CVE
- #15microsoft corporation53 CVE
- #20google inc.36 CVE
- #24ао «концерн вниинс»26 CVE
- #29cisco systems, inc.19 CVE
- #36sma14 CVE
- #38opencv13 CVE
- #40graphicsmagick group12 CVE
Top vendors
Ranked by distinct CVE count this period.
- 254 CVE14 critCVSS 6.4×13.4Nuclei 1PoC 7jdk (28) · jre (28) · mysql (22)
- 239 CVE13 critCVSS 6.3NEWNuclei 1PoC 6java (32) · mysql server (20) · peoplesoft enterprise pt peopletools (15)
- 157 CVE75 critCVSS 8.4PoC 1android (157)
- 119 CVE75 critCVSS 8.8NEWPoC 1all qualcomm products (99) · snapdragon mobile, snapdragon wear (12) · snapdragon mobile (7)
- 115 CVE21 critCVSS 7.5×3.6Nuclei 1PoC 20debian linux (114) · xbindkeys-config (1)
- 98 CVE64 critCVSS 9.0×98.0PoC 1android (98)
- 83 CVE11 critCVSS 7.8×8.3Nuclei 1PoC 21debian gnu/linux (68) · linux (7) · libidn2 (2)
- 80 CVE3 critCVSS 8.0PoC 1acrobat (66) · reader (66) · acrobat dc (66)
- 79 CVE3 critCVSS 8.0NEWPoC 1acrobat reader (65) · digital editions (9) · experience manager (3)
- 76 CVE2 critCVSS 6.1×3.0sametime (22) · emptoris strategic supply management (6) · infosphere information server (5)
- 75 CVE11 critCVSS 7.6×15.0PoC 21astra linux special edition (44) · astra linux special edition для «эльбрус» (38) · astra linux common edition (26)
- 67 CVE1 critCVSS 7.3×6.7PoC 3imagemagick (67)
- 58 CVE12 critCVSS 7.3×3.6Nuclei 1PoC 6enterprise linux desktop (47) · enterprise linux workstation (47) · enterprise linux server (45)
- 54 CVE1 critCVSS 7.2PoC 15edge (29) · windows 10 (14) · windows server 2016 (11)
- 53 CVE1 critCVSS 7.1NEWPoC 14microsoft scripting engine (18) · microsoft edge (8) · microsoft office (4)
- 50 CVE14 critCVSS 7.6×20.0PoC 4oncommand unified manager (41) · oncommand performance manager (41) · oncommand balance (35)
- 44 CVE2 critCVSS 6.9×6.3PoC 3org.apache.atlas:atlas-common (7) · org.apache.tomcat:tomcat (7) · com.liferay.portal:release.portal.bom (6)
- 40 CVE1 critCVSS 6.1KEV 1ios xe (4) · adaptive security appliance software (4) · elastic services controller (4)
- 37 CVE2 critCVSS 7.3×37.0PoC 5binutils (17) · ncurses (7) · pspp (4)
- 36 CVECVSS 7.2NEWandroid (36)
- 33 CVE4 critCVSS 7.2×5.5PoC 3tomcat (9) · atlas (7) · cxf (4)
- 30 CVE2 critCVSS 8.1×7.5Nuclei 1PoC 17opencv-contrib-python (13) · opencv-python (13) · salt (3)
- 28 CVE2 critCVSS 7.1×28.0Nuclei 1PoC 3apache tomcat (9) · apache atlas (7) · tomcat (3)
- 26 CVE7 critCVSS 7.9NEW×26.0PoC 8ос он «стрелец» (26)
- 25 CVECVSS 7.8PoC 11microsoft edge (20) · internet explorer (6) · windows 10 1607 (3)
- 24 CVE1 critCVSS 6.8PoC 2imagemagick (24)
- 21 CVE4 critCVSS 7.4PoC 5ubuntu linux (21)
- 20 CVE2 critCVSS 7.3×3.3Nuclei 1PoC 5fedora (18) · 389 directory server (1) · 389 administration server (1)
- 19 CVECVSS 5.8NEWelastic services controller (4) · staros for asr 5000 series aggregated services routers (3) · application policy infrastructure controller (apic) (2)
- 18 CVE1 critCVSS 7.6×18.0gnu binutils (17) · rsyslog (1)
- 18 CVE2 critCVSS 7.2PoC 5photo station (6) · synology photo station (6) · synology download station (2)
- 17 CVE3 critCVSS 7.5×3.4PoC 2sipass integrated (4) · logo! 8 bm (incl. siplus variants) (2) · ozw672 firmware (2)
- 17 CVE9 critCVSS 8.9PoC 1control manager (9) · deep discovery director (3) · interscan messaging security virtual appliance (2)
- 15 CVECVSS 7.1PoC 1graphicsmagick (15)
- 15 CVE3 critCVSS 7.7PoC 3ntp (15)
- 14 CVE7 critCVSS 8.7NEWsunny tripower core1 firmware (12) · sunny boy 2.5 firmware (12) · sunny boy 3000tl firmware (12)
- 13 CVE6 critCVSS 8.1ffmpeg (13)
- 13 CVECVSS 8.6NEWPoC 13opencv (13)
- 12 CVE2 critCVSS 7.8Nuclei 1PoC 1fedora (11) · 389 directory server (1)
- 12 CVECVSS 7.1NEWPoC 1graphicsmagick (12)
- 12 CVE2 critCVSS 7.0PoC 1linux kernel (12)
- 11 CVECVSS 8.8NEWPoC 11open source computer vision library (opencv) (11)
- 10 CVE1 critCVSS 6.9×10.0KEV 1cisco ios (2) · clam antivirus (2) · cisco ios xe (2)
- 10 CVE1 critCVSS 7.1NEWfl mguard dm (10)
- 10 CVE1 critCVSS 6.6qemu (10)
- 9 CVE3 critCVSS 8.7webaccess (9)
- 9 CVECVSS 7.3PoC 4jasper (9)
- 9 CVE4 critCVSS 7.7NEWPoC 2nexusphp (9)
- 8 CVE2 critCVSS 9.0adobe reader document cloud (7) · adobe acrobat document cloud (7) · adobe reader (6)
- 8 CVE7 critCVSS 7.8zenworks configuration management (4) · opensuse leap (3) · suse linux enterprise module for basesystem (2)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | oracle | 254 | 14 | · | 1 | ×13.4Nuclei 1PoC 7 | jdk (28) · jre (28) · mysql (22) | — | |
| 2 | oracle corporation | 239 | 13 | · | 1 | NEWNuclei 1PoC 6 | java (32) · mysql server (20) · peoplesoft enterprise pt peopletools (15) | — | |
| 3 | 157 | 75 | · | · | PoC 1 | android (157) | — | ||
| 4 | qualcomm, inc. | 119 | 75 | · | · | NEWPoC 1 | all qualcomm products (99) · snapdragon mobile, snapdragon wear (12) · snapdragon mobile (7) | — | |
| 5 | debian | 115 | 21 | · | 1 | ×3.6Nuclei 1PoC 20 | debian linux (114) · xbindkeys-config (1) | — | |
| 6 | google inc | 98 | 64 | · | · | ×98.0PoC 1 | android (98) | — | |
| 7 | сообщество свободного программного обеспечения | 83 | 11 | · | 1 | ×8.3Nuclei 1PoC 21 | debian gnu/linux (68) · linux (7) · libidn2 (2) | — | |
| 8 | adobe | 80 | 3 | · | · | PoC 1 | acrobat (66) · reader (66) · acrobat dc (66) | — | |
| 9 | adobe systems incorporated | 79 | 3 | · | · | NEWPoC 1 | acrobat reader (65) · digital editions (9) · experience manager (3) | — | |
| 10 | ibm | 76 | 2 | · | · | ×3.0 | sametime (22) · emptoris strategic supply management (6) · infosphere information server (5) | — | |
| 11 | ооо «русбитех-астра» | 75 | 11 | · | · | ×15.0PoC 21 | astra linux special edition (44) · astra linux special edition для «эльбрус» (38) · astra linux common edition (26) | — | |
| 12 | imagemagick | 67 | 1 | · | · | ×6.7PoC 3 | imagemagick (67) | — | |
| 13 | redhat | 58 | 12 | · | 1 | ×3.6Nuclei 1PoC 6 | enterprise linux desktop (47) · enterprise linux workstation (47) · enterprise linux server (45) | — | |
| 14 | microsoft | 54 | 1 | · | · | PoC 15 | edge (29) · windows 10 (14) · windows server 2016 (11) | — | |
| 15 | microsoft corporation | 53 | 1 | · | · | NEWPoC 14 | microsoft scripting engine (18) · microsoft edge (8) · microsoft office (4) | — | |
| 16 | netapp | 50 | 14 | · | · | ×20.0PoC 4 | oncommand unified manager (41) · oncommand performance manager (41) · oncommand balance (35) | — | |
| 17 | maven | 44 | 2 | · | · | ×6.3PoC 3 | org.apache.atlas:atlas-common (7) · org.apache.tomcat:tomcat (7) · com.liferay.portal:release.portal.bom (6) | — | |
| 18 | cisco | 40 | 1 | 1 | · | KEV 1 | ios xe (4) · adaptive security appliance software (4) · elastic services controller (4) | — | |
| 19 | gnu | 37 | 2 | · | · | ×37.0PoC 5 | binutils (17) · ncurses (7) · pspp (4) | — | |
| 20 | google inc. | 36 | · | · | · | NEW | android (36) | — | |
| 21 | apache | 33 | 4 | · | · | ×5.5PoC 3 | tomcat (9) · atlas (7) · cxf (4) | — | |
| 22 | pypi | 30 | 2 | · | 1 | ×7.5Nuclei 1PoC 17 | opencv-contrib-python (13) · opencv-python (13) · salt (3) | — | |
| 23 | apache software foundation | 28 | 2 | · | 1 | ×28.0Nuclei 1PoC 3 | apache tomcat (9) · apache atlas (7) · tomcat (3) | — | |
| 24 | ао «концерн вниинс» | 26 | 7 | · | · | NEW×26.0PoC 8 | ос он «стрелец» (26) | — | |
| 25 | microsoft corp | 25 | · | · | · | PoC 11 | microsoft edge (20) · internet explorer (6) · windows 10 1607 (3) | — | |
| 26 | imagemagick studio llc | 24 | 1 | · | · | PoC 2 | imagemagick (24) | — | |
| 27 | canonical | 21 | 4 | · | · | PoC 5 | ubuntu linux (21) | — | |
| 28 | fedoraproject | 20 | 2 | · | 1 | ×3.3Nuclei 1PoC 5 | fedora (18) · 389 directory server (1) · 389 administration server (1) | — | |
| 29 | cisco systems, inc. | 19 | · | · | · | NEW | elastic services controller (4) · staros for asr 5000 series aggregated services routers (3) · application policy infrastructure controller (apic) (2) | — | |
| 30 | gnu general public license | 18 | 1 | · | · | ×18.0 | gnu binutils (17) · rsyslog (1) | — | |
| 31 | synology | 18 | 2 | · | · | PoC 5 | photo station (6) · synology photo station (6) · synology download station (2) | — | |
| 32 | siemens | 17 | 3 | · | · | ×3.4PoC 2 | sipass integrated (4) · logo! 8 bm (incl. siplus variants) (2) · ozw672 firmware (2) | — | |
| 33 | trendmicro | 17 | 9 | · | · | PoC 1 | control manager (9) · deep discovery director (3) · interscan messaging security virtual appliance (2) | — | |
| 34 | graphicsmagick | 15 | · | · | · | PoC 1 | graphicsmagick (15) | — | |
| 35 | ntp | 15 | 3 | · | · | PoC 3 | ntp (15) | — | |
| 36 | sma | 14 | 7 | · | · | NEW | sunny tripower core1 firmware (12) · sunny boy 2.5 firmware (12) · sunny boy 3000tl firmware (12) | — | |
| 37 | ffmpeg | 13 | 6 | · | · | ffmpeg (13) | — | ||
| 38 | opencv | 13 | · | · | · | NEWPoC 13 | opencv (13) | — | |
| 39 | fedora project | 12 | 2 | · | 1 | Nuclei 1PoC 1 | fedora (11) · 389 directory server (1) | — | |
| 40 | graphicsmagick group | 12 | · | · | · | NEWPoC 1 | graphicsmagick (12) | — | |
| 41 | linux | 12 | 2 | · | · | PoC 1 | linux kernel (12) | — | |
| 42 | opencv team | 11 | · | · | · | NEWPoC 11 | open source computer vision library (opencv) (11) | — | |
| 43 | cisco systems inc. | 10 | 1 | 1 | · | ×10.0KEV 1 | cisco ios (2) · clam antivirus (2) · cisco ios xe (2) | — | |
| 44 | phoenixcontact | 10 | 1 | · | · | NEW | fl mguard dm (10) | — | |
| 45 | qemu | 10 | 1 | · | · | qemu (10) | — | ||
| 46 | advantech | 9 | 3 | · | · | webaccess (9) | — | ||
| 47 | jasper project | 9 | · | · | · | PoC 4 | jasper (9) | — | |
| 48 | nexusphp project | 9 | 4 | · | · | NEWPoC 2 | nexusphp (9) | — | |
| 49 | adobe systems inc. | 8 | 2 | · | · | adobe reader document cloud (7) · adobe acrobat document cloud (7) · adobe reader (6) | — | ||
| 50 | novell inc. | 8 | 7 | · | · | zenworks configuration management (4) · opensuse leap (3) · suse linux enterprise module for basesystem (2) | — |