month report

October 2017

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

October 2017 closed with 1,441 published CVEs. 187 criticals, oracle led volume, mostly via mysql. Biggest breakout: microsoft corporation at ×30.5 their 12-month median. Top weakness class — CWE-119 (224 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,441

— MoM— YoY

Severity mix

187 / 633

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

2.4%

35 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

3063.2

n=35

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1598

n=8

Detection gap

KEV pressure, no Nuclei coverage

October 2017 · vendors with active exploitation listed by CISA but no public detection template.

KEV 2microsoft62 CVE
KEV 2microsoft corporation61 CVE
KEV 1google123 CVE
KEV 1google inc57 CVE
KEV 1сообщество свободного программного обеспечения50 CVE
KEV 1microsoft corp43 CVE
KEV 1linux15 CVE

Weakness × Vendor

What's spreading where in October 2017

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

30.5×microsoft corporation61 CVE
24.0×gnu24 CVE
21.5×apache43 CVE
19.0×google inc57 CVE
15.0×apache software foundation30 CVE
10.2×redhat112 CVE
10.0×gnu general public license10 CVE
8.9×maven62 CVE
8.0×ооо «русбитех-астра»40 CVE
7.0×ао «концерн вниинс»7 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#2oracle corporation179 CVE
#9microsoft corporation61 CVE
#10irfanview59 CVE
#22juniper networks25 CVE
#27xnview21 CVE
#29kanboard18 CVE
#37aruba networks11 CVE
#41phpmyfaq11 CVE
#45espressif systems (shanghai) co., ltd.10 CVE
#48intel corp.10 CVE

Top vendors

Ranked by distinct CVE count this period.

1oracle—
187 CVE11 critCVSS 6.5
KEV 2Nuclei 2PoC 5
mysql (20) · jdk (16) · jre (16)
2oracle corporation—
179 CVE11 critCVSS 6.4
NEWKEV 1Nuclei 1PoC 4
java (20) · mysql server (18) · peoplesoft enterprise pt peopletools (14)
3google—
123 CVE6 critCVSS 7.4
KEV 1PoC 3
chrome (71) · android (50) · chrome os (1)
4debian—
121 CVE12 critCVSS 7.0
×3.2KEV 1Nuclei 3PoC 18
debian linux (120) · ftpsync (1)
5redhat—
112 CVE14 critCVSS 7.0
×10.2KEV 5Nuclei 3PoC 12
enterprise linux server (99) · enterprise linux desktop (96) · enterprise linux workstation (85)
6apple—
75 CVE14 critCVSS 8.0
PoC 3
iphone os (51) · tvos (36) · mac os x (26)
7maven—
62 CVE11 critCVSS 7.5
×8.9KEV 1Nuclei 2PoC 6
org.apache.nifi:nifi (4) · org.keycloak:keycloak-parent (3) · org.cloudfoundry.identity:cloudfoundry-identity-server (3)
8microsoft—
62 CVE1 critCVSS 6.9
KEV 2PoC 9
windows 10 (29) · windows server 2016 (27) · windows server 2012 (22)
9microsoft corporation—
61 CVE1 critCVSS 6.9
NEW×30.5KEV 2PoC 8
chakracore, microsoft edge (12) · internet explorer (5) · windows kernel (5)
10irfanview—
59 CVECVSS 7.8
NEWPoC 59
irfanview (58) · pdf (25) · babacad4image (16)
11google inc—
57 CVE6 critCVSS 7.8
×19.0KEV 1PoC 3
google chrome (37) · android (18) · android studio (1)
12сообщество свободного программного обеспечения—
50 CVE2 critCVSS 6.9
×5.0KEV 1PoC 5
debian gnu/linux (44) · linux (6) · bchunk (3)
13apache—
43 CVE14 critCVSS 8.0
×21.5KEV 1Nuclei 2PoC 7
wicket (4) · nifi (4) · cordova (3)
14microsoft corp—
43 CVE1 critCVSS 7.1
KEV 1PoC 10
windows 10 1511 (18) · windows server 2016 (18) · windows 10 1703 (18)
15ibm—
41 CVE1 critCVSS 6.0
bigfix platform (8) · rational engineering lifecycle manager (7) · rational collaborative lifecycle management (5)
16ооо «русбитех-астра»—
40 CVE2 critCVSS 7.1
×8.0PoC 3
astra linux special edition (27) · astra linux special edition для «эльбрус» (19) · astra linux common edition (6)
17cisco—
34 CVE1 critCVSS 6.5
webex meetings server (4) · wide area application services (2) · nx-os (2)
18canonical—
33 CVE6 critCVSS 7.4
×4.1KEV 1Nuclei 2PoC 11
ubuntu linux (33)
19apache software foundation—
30 CVE10 critCVSS 8.1
×15.0KEV 1Nuclei 2PoC 4
apache nifi (4) · apache portable runtime (2) · xml-rpc (2)
20netapp—
26 CVE2 critCVSS 6.0
×3.7KEV 1Nuclei 1PoC 2
active iq unified manager (25) · oncommand balance (25) · oncommand insight (24)
21juniper—
25 CVE3 critCVSS 7.2
PoC 2
junos (16) · junos space (5) · contrail (2)
22juniper networks—
25 CVE3 critCVSS 7.2
NEWPoC 2
junos os (18) · junos space (4) · contrail (2)
23gnu—
24 CVE2 critCVSS 6.8
×24.0PoC 3
binutils (11) · libextractor (6) · glibc (4)
24jenkins—
24 CVECVSS 6.5
×4.8PoC 2
blue ocean (3) · pipeline\ (2) · github branch source (2)
25google inc.—
22 CVE5 critCVSS 7.9
android (22)
26apple inc.—
21 CVE14 critCVSS 8.9
PoC 1
macos (14) · ios (13) · icloud (1)
27xnview—
21 CVECVSS 7.8
NEWPoC 21
xnview (21)
28canonical ltd.—
18 CVECVSS 6.3
KEV 1Nuclei 1PoC 3
ubuntu (18)
29kanboard—
18 CVECVSS 4.3
NEW
kanboard (18)
30linux—
15 CVECVSS 6.5
KEV 1PoC 1
linux kernel (15)
31juniper networks inc.—
14 CVE2 critCVSS 6.5
PoC 1
junos (13) · screenos (10) · junos space network management platform (1)
32cisco systems inc.—
12 CVECVSS 6.1
×4.8PoC 1
small business 500 series wireless access point (10) · aironet access point (10) · dx series ip phones (10)
33fortinet inc.—
12 CVECVSS 6.1
PoC 1
fortiap (10) · fortios (2)
34freebsd—
12 CVECVSS 6.3
PoC 2
freebsd (12)
35opensuse—
12 CVE2 critCVSS 6.7
PoC 3
leap (12)
36red hat inc.—
12 CVE2 critCVSS 7.6
KEV 3Nuclei 2PoC 3
red hat enterprise linux (9) · red hat virtualization (2) · libvirt (1)
37aruba networks—
11 CVE1 critCVSS 6.1
NEWPoC 1
hp 501 wireless client bridge (10) · airmesh msr (10) · aruba 501 wireless client bridge (10)
38f5—
11 CVE1 critCVSS 6.9
×5.5
big-ip policy enforcement manager (11) · big-ip application acceleration manager (10) · big-ip local traffic manager (9)
39f5 networks, inc.—
11 CVE1 critCVSS 7.2
big-ip link controller (2) · big-ip access policy manager (2) · big-ip advanced firewall manager (2)
40freebsd project—
11 CVECVSS 6.2
×3.7PoC 2
wpa_supplicant (10) · freebsd (1)
41phpmyfaq—
11 CVECVSS 7.9
NEWPoC 3
phpmyfaq (11)
42redmine—
11 CVECVSS 6.6
redmine (11)
43suse—
11 CVE1 critCVSS 6.3
×5.5PoC 2
linux enterprise point of sale (11) · linux enterprise server (11) · openstack cloud (10)
44xen—
11 CVE1 critCVSS 7.9
PoC 1
xen (11)
45espressif systems (shanghai) co., ltd.—
10 CVECVSS 6.0
NEWPoC 1
espressif iot development framework (10)
46gnu general public license—
10 CVECVSS 6.2
×10.0
gnu binutils (10)
47imagemagick—
10 CVE1 critCVSS 7.8
imagemagick (10)
48intel corp.—
10 CVECVSS 6.0
NEWPoC 1
active management technology (10) · intel atom processor c3200 series for yocto project bsp (10) · intel dual band wireless-ac 3160 (10)
49jouni malinen—
10 CVECVSS 6.1
PoC 1
hostapd (10) · wpa supplicant (9)
50microchip technology—
10 CVECVSS 6.0
NEWPoC 1
rn1810 (10) · rn131 (10) · rn171 (10)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	oracle	187	11	2	2	KEV 2Nuclei 2PoC 5	mysql (20) · jdk (16) · jre (16)	—
2	oracle corporation	179	11	1	1	NEWKEV 1Nuclei 1PoC 4	java (20) · mysql server (18) · peoplesoft enterprise pt peopletools (14)	—
3	google	123	6	1	·	KEV 1PoC 3	chrome (71) · android (50) · chrome os (1)	—
4	debian	121	12	1	3	×3.2KEV 1Nuclei 3PoC 18	debian linux (120) · ftpsync (1)	—
5	redhat	112	14	5	3	×10.2KEV 5Nuclei 3PoC 12	enterprise linux server (99) · enterprise linux desktop (96) · enterprise linux workstation (85)	—
6	apple	75	14	·	·	PoC 3	iphone os (51) · tvos (36) · mac os x (26)	—
7	maven	62	11	1	2	×8.9KEV 1Nuclei 2PoC 6	org.apache.nifi:nifi (4) · org.keycloak:keycloak-parent (3) · org.cloudfoundry.identity:cloudfoundry-identity-server (3)	—
8	microsoft	62	1	2	·	KEV 2PoC 9	windows 10 (29) · windows server 2016 (27) · windows server 2012 (22)	—
9	microsoft corporation	61	1	2	·	NEW×30.5KEV 2PoC 8	chakracore, microsoft edge (12) · internet explorer (5) · windows kernel (5)	—
10	irfanview	59	·	·	·	NEWPoC 59	irfanview (58) · pdf (25) · babacad4image (16)	—
11	google inc	57	6	1	·	×19.0KEV 1PoC 3	google chrome (37) · android (18) · android studio (1)	—
12	сообщество свободного программного обеспечения	50	2	1	·	×5.0KEV 1PoC 5	debian gnu/linux (44) · linux (6) · bchunk (3)	—
13	apache	43	14	1	2	×21.5KEV 1Nuclei 2PoC 7	wicket (4) · nifi (4) · cordova (3)	—
14	microsoft corp	43	1	1	·	KEV 1PoC 10	windows 10 1511 (18) · windows server 2016 (18) · windows 10 1703 (18)	—
15	ibm	41	1	·	·		bigfix platform (8) · rational engineering lifecycle manager (7) · rational collaborative lifecycle management (5)	—
16	ооо «русбитех-астра»	40	2	·	·	×8.0PoC 3	astra linux special edition (27) · astra linux special edition для «эльбрус» (19) · astra linux common edition (6)	—
17	cisco	34	1	·	·		webex meetings server (4) · wide area application services (2) · nx-os (2)	—
18	canonical	33	6	1	2	×4.1KEV 1Nuclei 2PoC 11	ubuntu linux (33)	—
19	apache software foundation	30	10	1	2	×15.0KEV 1Nuclei 2PoC 4	apache nifi (4) · apache portable runtime (2) · xml-rpc (2)	—
20	netapp	26	2	1	1	×3.7KEV 1Nuclei 1PoC 2	active iq unified manager (25) · oncommand balance (25) · oncommand insight (24)	—
21	juniper	25	3	·	·	PoC 2	junos (16) · junos space (5) · contrail (2)	—
22	juniper networks	25	3	·	·	NEWPoC 2	junos os (18) · junos space (4) · contrail (2)	—
23	gnu	24	2	·	·	×24.0PoC 3	binutils (11) · libextractor (6) · glibc (4)	—
24	jenkins	24	·	·	·	×4.8PoC 2	blue ocean (3) · pipeline\ (2) · github branch source (2)	—
25	google inc.	22	5	·	·		android (22)	—
26	apple inc.	21	14	·	·	PoC 1	macos (14) · ios (13) · icloud (1)	—
27	xnview	21	·	·	·	NEWPoC 21	xnview (21)	—
28	canonical ltd.	18	·	1	1	KEV 1Nuclei 1PoC 3	ubuntu (18)	—
29	kanboard	18	·	·	·	NEW	kanboard (18)	—
30	linux	15	·	1	·	KEV 1PoC 1	linux kernel (15)	—
31	juniper networks inc.	14	2	·	·	PoC 1	junos (13) · screenos (10) · junos space network management platform (1)	—
32	cisco systems inc.	12	·	·	·	×4.8PoC 1	small business 500 series wireless access point (10) · aironet access point (10) · dx series ip phones (10)	—
33	fortinet inc.	12	·	·	·	PoC 1	fortiap (10) · fortios (2)	—
34	freebsd	12	·	·	·	PoC 2	freebsd (12)	—
35	opensuse	12	2	·	·	PoC 3	leap (12)	—
36	red hat inc.	12	2	3	2	KEV 3Nuclei 2PoC 3	red hat enterprise linux (9) · red hat virtualization (2) · libvirt (1)	—
37	aruba networks	11	1	·	·	NEWPoC 1	hp 501 wireless client bridge (10) · airmesh msr (10) · aruba 501 wireless client bridge (10)	—
38	f5	11	1	·	·	×5.5	big-ip policy enforcement manager (11) · big-ip application acceleration manager (10) · big-ip local traffic manager (9)	—
39	f5 networks, inc.	11	1	·	·		big-ip link controller (2) · big-ip access policy manager (2) · big-ip advanced firewall manager (2)	—
40	freebsd project	11	·	·	·	×3.7PoC 2	wpa_supplicant (10) · freebsd (1)	—
41	phpmyfaq	11	·	·	·	NEWPoC 3	phpmyfaq (11)	—
42	redmine	11	·	·	·		redmine (11)	—
43	suse	11	1	·	·	×5.5PoC 2	linux enterprise point of sale (11) · linux enterprise server (11) · openstack cloud (10)	—
44	xen	11	1	·	·	PoC 1	xen (11)	—
45	espressif systems (shanghai) co., ltd.	10	·	·	·	NEWPoC 1	espressif iot development framework (10)	—
46	gnu general public license	10	·	·	·	×10.0	gnu binutils (10)	—
47	imagemagick	10	1	·	·		imagemagick (10)	—
48	intel corp.	10	·	·	·	NEWPoC 1	active management technology (10) · intel atom processor c3200 series for yocto project bsp (10) · intel dual band wireless-ac 3160 (10)	—
49	jouni malinen	10	·	·	·	PoC 1	hostapd (10) · wpa supplicant (9)	—
50	microchip technology	10	·	·	·	NEWPoC 1	rn1810 (10) · rn131 (10) · rn171 (10)	—