month report
September 2017
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
September 2017 closed with 1,238 published CVEs. 247 criticals, tcpdump led volume, mostly via tcpdump. Biggest breakout: google inc at ×44.0 their 12-month median. Top weakness class — CWE-119 (200 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,238
— MoM— YoY
Severity mix
247 / 534
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
6.9%
86 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
3095.3
n=86
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
1617
n=13
Detection gap
KEV pressure, no Nuclei coverage
September 2017 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 9cisco systems inc.19 CVE
- KEV 1microsoft80 CVE
- KEV 1microsoft corporation77 CVE
- KEV 1microsoft corp37 CVE
- KEV 1dlink19 CVE
Weakness × Vendor
What's spreading where in September 2017
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
119Memory Buffer Bounds79XSS125Out-of-bounds Read200Information Exposure20Improper Input Validation89SQL Injection476NULL Pointer Dereference287Improper Authentication352CSRF434Unrestricted File Uploadtcpdump1841microsoft333266google10113microsoft corporation303266debian812014511stdutility67сообщество свободного программного обеспечения91151111ооо «русбитех-астра»811411cisco46320141google inc.48google inc615ibm104413
Breakout vendors
CVE count ≥3× their own 12-period median.
- 44.0×google inc44 CVE
- 28.0×ао «концерн вниинс»28 CVE
- 23.0×apache software foundation23 CVE
- 19.0×cisco systems inc.19 CVE
- 17.0×gnu17 CVE
- 14.0×gnu general public license14 CVE
- 12.6×ооо «русбитех-астра»63 CVE
- 7.0×ibm corp.7 CVE
- 7.0×packagist28 CVE
- 6.5×сообщество свободного программного обеспечения65 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #1tcpdump87 CVE
- #4microsoft corporation77 CVE
- #6stdutility67 CVE
- #10google inc.52 CVE
- #17ао «концерн вниинс»28 CVE
- #25xnview19 CVE
- #28bento415 CVE
- #33schneider electric se12 CVE
- #35exiv210 CVE
- #36eyesofnetwork10 CVE
Top vendors
Ranked by distinct CVE count this period.
- 87 CVE85 critCVSS 9.7NEWtcpdump (87)
- 80 CVE1 critCVSS 6.2KEV 1PoC 17windows 10 (31) · windows server 2016 (28) · edge (27)
- 79 CVECVSS 7.3PoC 2android (78) · protobuf (1)
- 77 CVECVSS 6.3NEWKEV 1PoC 16microsoft edge (22) · microsoft office (9) · windows kernel (8)
- 69 CVE13 critCVSS 7.5PoC 16debian linux (69)
- 67 CVECVSS 7.8NEWPoC 67stdu viewer (67)
- 65 CVE9 critCVSS 7.0×6.5PoC 12debian gnu/linux (59) · libarchive (4) · linux (3)
- 63 CVE7 critCVSS 7.1×12.6Nuclei 1PoC 12astra linux special edition (46) · astra linux special edition для «эльбрус» (44) · astra linux common edition (30)
- 53 CVE4 critCVSS 6.8KEV 10Nuclei 1PoC 1ios (14) · ios xe (13) · unified intelligence center (4)
- 52 CVECVSS 7.4NEWPoC 1android (52)
- 44 CVE2 critCVSS 7.4×44.0PoC 3android (42) · android studio (1) · protobuf (1)
- 41 CVECVSS 6.7PoC 2business process manager (8) · db2 for linux, unix and windows (7) · db2 (7)
- 37 CVE1 critCVSS 7.7KEV 1PoC 9microsoft edge (20) · windows server 2016 (8) · windows rt 8.1 (7)
- 33 CVE5 critCVSS 7.2×3.3PoC 7imagemagick (33)
- 29 CVE5 critCVSS 7.0×3.6PoC 9ubuntu linux (29)
- 28 CVE5 critCVSS 7.1×7.0PoC 10simplesamlphp/simplesamlphp (6) · genix/cms (6) · dolibarr/dolibarr (5)
- 28 CVE6 critCVSS 7.3NEW×28.0PoC 5ос он «стрелец» (28)
- 27 CVE4 critCVSS 7.5×3.9KEV 2Nuclei 3PoC 3org.apache.struts:struts2-core (4) · org.apache.brooklyn:brooklyn (2) · org.apache.mesos:mesos (2)
- 25 CVE6 critCVSS 7.9×4.2KEV 2Nuclei 3PoC 4struts (7) · brooklyn (3) · traffic server (2)
- 25 CVE7 critCVSS 7.7KEV 1Nuclei 1PoC 5enterprise linux desktop (8) · enterprise linux server aus (8) · enterprise linux server (7)
- 23 CVE6 critCVSS 8.0×23.0KEV 2Nuclei 3PoC 4apache struts (6) · struts (4) · apache brooklyn (3)
- 22 CVE5 critCVSS 7.3PoC 5imagemagick (22)
- 19 CVE4 critCVSS 7.8×19.0KEV 9cisco ios (11) · cisco ios xe (7) · cisco media experience engine (mxe) 3500 series (1)
- 19 CVE4 critCVSS 8.3KEV 1PoC 8dir-850l firmware (18) · dir-636l firmware (1) · dir-651 firmware (1)
- 19 CVECVSS 7.8NEWPoC 19xnview (19)
- 18 CVECVSS 7.1×4.5Nuclei 1PoC 3plone (4) · ipython (3) · kallithea (2)
- 17 CVECVSS 6.1×17.0PoC 1binutils (14) · coreutils (1) · emacs (1)
- 15 CVECVSS 7.2NEWPoC 5bento4 (15)
- 14 CVECVSS 6.0×14.0PoC 1gnu binutils (14)
- 14 CVE4 critCVSS 7.1arcsight enterprise security manager (6) · arcsight enterprise security manager express (6) · bsm platform application performance management system health (4)
- 13 CVECVSS 6.1PoC 2linux kernel (13)
- 12 CVE3 critCVSS 7.4u.motion builder (7) · powerscada anywhere (4) · citect anywhere (4)
- 12 CVE3 critCVSS 7.5NEWu.motion (6) · powerscada anywhere (4) · citect anywhere (4)
- 11 CVE2 critCVSS 7.1fedora (10) · 389 directory server (1) · python-fedora (1)
- 10 CVECVSS 5.5NEWPoC 5exiv2 (10)
- 10 CVE5 critCVSS 8.7NEWPoC 5eyesofnetwork (10)
- 9 CVECVSS 6.7PoC 3poppler (9)
- 9 CVECVSS 6.3NEWmp3gain (9)
- 9 CVECVSS 6.9PoC 1gpu driver (8) · jetson tk1 (1) · jetson tx1 (1)
- 9 CVE1 critCVSS 6.9PoC 1sap netweaver (6) · enterprise portal (1) · e-recruiting (1)
- 9 CVE1 critCVSS 6.7×4.5Nuclei 9wordpress (9)
- 8 CVECVSS 6.7gpu display driver (8)
- 7 CVECVSS 8.5NEWNuclei 6PoC 7annual maintenance contract management system (1) · hospital management system (1) · school management system (1)
- 7 CVECVSS 7.5ffmpeg (7)
- 7 CVE1 critCVSS 7.6×7.0Nuclei 1ibm db2 (3) · ibm call center for commerce (2) · ibm db2 connect (2)
- 7 CVE1 critCVSS 8.1KEV 2Nuclei 2PoC 2oncommand balance (2) · clustered data ontap (2) · data ontap (2)
- 7 CVECVSS 7.2×3.5PoC 6geminabox (2) · ember-source (1) · devise-two-factor (1)
- 7 CVE3 critCVSS 7.9NEWu.motion builder (7)
- 7 CVE2 critCVSS 7.5NEWPoC 7simplesamlphp (6) · infocard module (1)
- 6 CVECVSS 7.8PoC 3gsview (3) · mupdf (3)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | tcpdump | 87 | 85 | · | · | NEW | tcpdump (87) | — | |
| 2 | microsoft | 80 | 1 | 1 | · | KEV 1PoC 17 | windows 10 (31) · windows server 2016 (28) · edge (27) | — | |
| 3 | 79 | · | · | · | PoC 2 | android (78) · protobuf (1) | — | ||
| 4 | microsoft corporation | 77 | · | 1 | · | NEWKEV 1PoC 16 | microsoft edge (22) · microsoft office (9) · windows kernel (8) | — | |
| 5 | debian | 69 | 13 | · | · | PoC 16 | debian linux (69) | — | |
| 6 | stdutility | 67 | · | · | · | NEWPoC 67 | stdu viewer (67) | — | |
| 7 | сообщество свободного программного обеспечения | 65 | 9 | · | · | ×6.5PoC 12 | debian gnu/linux (59) · libarchive (4) · linux (3) | — | |
| 8 | ооо «русбитех-астра» | 63 | 7 | · | 1 | ×12.6Nuclei 1PoC 12 | astra linux special edition (46) · astra linux special edition для «эльбрус» (44) · astra linux common edition (30) | — | |
| 9 | cisco | 53 | 4 | 10 | 1 | KEV 10Nuclei 1PoC 1 | ios (14) · ios xe (13) · unified intelligence center (4) | — | |
| 10 | google inc. | 52 | · | · | · | NEWPoC 1 | android (52) | — | |
| 11 | google inc | 44 | 2 | · | · | ×44.0PoC 3 | android (42) · android studio (1) · protobuf (1) | — | |
| 12 | ibm | 41 | · | · | · | PoC 2 | business process manager (8) · db2 for linux, unix and windows (7) · db2 (7) | — | |
| 13 | microsoft corp | 37 | 1 | 1 | · | KEV 1PoC 9 | microsoft edge (20) · windows server 2016 (8) · windows rt 8.1 (7) | — | |
| 14 | imagemagick | 33 | 5 | · | · | ×3.3PoC 7 | imagemagick (33) | — | |
| 15 | canonical | 29 | 5 | · | · | ×3.6PoC 9 | ubuntu linux (29) | — | |
| 16 | packagist | 28 | 5 | · | · | ×7.0PoC 10 | simplesamlphp/simplesamlphp (6) · genix/cms (6) · dolibarr/dolibarr (5) | — | |
| 17 | ао «концерн вниинс» | 28 | 6 | · | · | NEW×28.0PoC 5 | ос он «стрелец» (28) | — | |
| 18 | maven | 27 | 4 | 2 | 3 | ×3.9KEV 2Nuclei 3PoC 3 | org.apache.struts:struts2-core (4) · org.apache.brooklyn:brooklyn (2) · org.apache.mesos:mesos (2) | — | |
| 19 | apache | 25 | 6 | 2 | 3 | ×4.2KEV 2Nuclei 3PoC 4 | struts (7) · brooklyn (3) · traffic server (2) | — | |
| 20 | redhat | 25 | 7 | 1 | 1 | KEV 1Nuclei 1PoC 5 | enterprise linux desktop (8) · enterprise linux server aus (8) · enterprise linux server (7) | — | |
| 21 | apache software foundation | 23 | 6 | 2 | 3 | ×23.0KEV 2Nuclei 3PoC 4 | apache struts (6) · struts (4) · apache brooklyn (3) | — | |
| 22 | imagemagick studio llc | 22 | 5 | · | · | PoC 5 | imagemagick (22) | — | |
| 23 | cisco systems inc. | 19 | 4 | 9 | · | ×19.0KEV 9 | cisco ios (11) · cisco ios xe (7) · cisco media experience engine (mxe) 3500 series (1) | — | |
| 24 | dlink | 19 | 4 | 1 | · | KEV 1PoC 8 | dir-850l firmware (18) · dir-636l firmware (1) · dir-651 firmware (1) | — | |
| 25 | xnview | 19 | · | · | · | NEWPoC 19 | xnview (19) | — | |
| 26 | pypi | 18 | · | · | 1 | ×4.5Nuclei 1PoC 3 | plone (4) · ipython (3) · kallithea (2) | — | |
| 27 | gnu | 17 | · | · | · | ×17.0PoC 1 | binutils (14) · coreutils (1) · emacs (1) | — | |
| 28 | bento4 | 15 | · | · | · | NEWPoC 5 | bento4 (15) | — | |
| 29 | gnu general public license | 14 | · | · | · | ×14.0PoC 1 | gnu binutils (14) | — | |
| 30 | hp | 14 | 4 | · | · | arcsight enterprise security manager (6) · arcsight enterprise security manager express (6) · bsm platform application performance management system health (4) | — | ||
| 31 | linux | 13 | · | · | · | PoC 2 | linux kernel (13) | — | |
| 32 | schneider-electric | 12 | 3 | · | · | u.motion builder (7) · powerscada anywhere (4) · citect anywhere (4) | — | ||
| 33 | schneider electric se | 12 | 3 | · | · | NEW | u.motion (6) · powerscada anywhere (4) · citect anywhere (4) | — | |
| 34 | fedoraproject | 11 | 2 | · | · | fedora (10) · 389 directory server (1) · python-fedora (1) | — | ||
| 35 | exiv2 | 10 | · | · | · | NEWPoC 5 | exiv2 (10) | — | |
| 36 | eyesofnetwork | 10 | 5 | · | · | NEWPoC 5 | eyesofnetwork (10) | — | |
| 37 | freedesktop | 9 | · | · | · | PoC 3 | poppler (9) | — | |
| 38 | mp3gain | 9 | · | · | · | NEW | mp3gain (9) | — | |
| 39 | nvidia | 9 | · | · | · | PoC 1 | gpu driver (8) · jetson tk1 (1) · jetson tx1 (1) | — | |
| 40 | sap | 9 | 1 | · | · | PoC 1 | sap netweaver (6) · enterprise portal (1) · e-recruiting (1) | — | |
| 41 | wordpress | 9 | 1 | · | 9 | ×4.5Nuclei 9 | wordpress (9) | — | |
| 42 | nvidia corporation | 8 | · | · | · | gpu display driver (8) | — | ||
| 43 | dasinfomedia | 7 | · | · | 6 | NEWNuclei 6PoC 7 | annual maintenance contract management system (1) · hospital management system (1) · school management system (1) | — | |
| 44 | ffmpeg | 7 | · | · | · | ffmpeg (7) | — | ||
| 45 | ibm corp. | 7 | 1 | · | 1 | ×7.0Nuclei 1 | ibm db2 (3) · ibm call center for commerce (2) · ibm db2 connect (2) | — | |
| 46 | netapp | 7 | 1 | 2 | 2 | KEV 2Nuclei 2PoC 2 | oncommand balance (2) · clustered data ontap (2) · data ontap (2) | — | |
| 47 | rubygems | 7 | · | · | · | ×3.5PoC 6 | geminabox (2) · ember-source (1) · devise-two-factor (1) | — | |
| 48 | schneider electric | 7 | 3 | · | · | NEW | u.motion builder (7) | — | |
| 49 | simplesamlphp | 7 | 2 | · | · | NEWPoC 7 | simplesamlphp (6) · infocard module (1) | — | |
| 50 | artifex | 6 | · | · | · | PoC 3 | gsview (3) · mupdf (3) | — |