month report
November 2017
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
November 2017 closed with 1,078 published CVEs. 154 criticals, huawei led volume, mostly via fusionsphere openstack. Biggest breakout: huawei at ×145.0 their 12-month median. Top weakness class — CWE-119 (155 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,078
— MoM— YoY
Severity mix
154 / 454
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
1.9%
21 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
3031.7
n=21
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
1452
n=2
Detection gap
KEV pressure, no Nuclei coverage
November 2017 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 1debian57 CVE
- KEV 1microsoft54 CVE
- KEV 1microsoft corporation53 CVE
- KEV 1microsoft corp27 CVE
Weakness × Vendor
What's spreading where in November 2017
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
119Memory Buffer Bounds200Information Exposure79XSS20Improper Input Validation125Out-of-bounds Read476NULL Pointer Dereference287Improper Authentication416Use After Free77Command Injection78OS Command Injectionhuawei261042146312huawei technologies co., ltd.251042146312cisco11620171382google910264apple30161611сообщество свободного программного обеспечения963115192debian87148126microsoft25171microsoft corporation24171linux311798qualcomm, inc.73153ооо «русбитех-астра»5525111
Breakout vendors
CVE count ≥3× their own 12-period median.
- 145.0×huawei145 CVE
- 144.0×huawei technologies co., ltd.144 CVE
- 26.5×microsoft corporation53 CVE
- 14.0×apache software foundation14 CVE
- 13.5×microsoft54 CVE
- 9.0×gnu general public license9 CVE
- 8.0×apache16 CVE
- 5.0×rubygems10 CVE
- 4.5×microsoft corp27 CVE
- 4.0×ооо «русбитех-астра»32 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #2huawei technologies co., ltd.144 CVE
- #9microsoft corporation53 CVE
- #11qualcomm, inc.32 CVE
- #16mahara27 CVE
- #19circle media22 CVE
- #20meetcircle22 CVE
- #30swftools12 CVE
- #32intel corporation11 CVE
- #41cesanta8 CVE
- #42intel corp.8 CVE
Top vendors
Ranked by distinct CVE count this period.
- 145 CVE10 critCVSS 6.8×145.0fusionsphere openstack (17) · uma (14) · p10 plus firmware (13)
- 144 CVE10 critCVSS 6.8NEW×144.0fusionsphere openstack (17) · uma (14) · honor 5c,honor 6x (6)
- 84 CVE7 critCVSS 6.8nx-os (14) · unified computing system (9) · webex meetings server (7)
- 65 CVE4 critCVSS 7.6android (65)
- 62 CVE3 critCVSS 7.8PoC 14mac os x (42) · iphone os (21) · tvos (18)
- 62 CVE10 critCVSS 7.6PoC 12debian gnu/linux (35) · linux (24) · libxml2 (2)
- 57 CVE12 critCVSS 7.9KEV 1PoC 10debian linux (57)
- 54 CVE1 critCVSS 6.1×13.5KEV 1PoC 10edge (24) · chakracore (17) · internet explorer (12)
- 53 CVE1 critCVSS 6.4NEW×26.5KEV 1PoC 9chakracore, microsoft edge (9) · windows kernel (7) · microsoft edge (7)
- 34 CVECVSS 6.7PoC 3linux kernel (34)
- 32 CVECVSS 7.6NEWandroid for msm, firefox os for msm, qrd android (32)
- 32 CVE6 critCVSS 7.9×4.0PoC 10astra linux special edition (19) · astra linux special edition для «эльбрус» (14) · astra linux common edition (5)
- 31 CVE3 critCVSS 7.5android (31)
- 30 CVE2 critCVSS 5.5rational doors next generation (12) · openpages grc platform (6) · rational team concert (4)
- 28 CVE6 critCVSS 7.8×4.0PoC 4io.swagger:swagger-parser (2) · org.jvnet.hudson.plugins:favorite (2) · io.swagger:swagger-codegen (2)
- 27 CVE4 critCVSS 6.7NEWPoC 9mahara (26) · mahara mobile (1)
- 27 CVE1 critCVSS 7.7×4.5KEV 1PoC 8microsoft edge (17) · chakracore (15) · internet explorer (9)
- 26 CVE4 critCVSS 8.0android (26)
- 22 CVE2 critCVSS 7.8NEWPoC 13circle (22)
- 22 CVE2 critCVSS 7.8NEWPoC 13circle with disney firmware (22)
- 18 CVE3 critCVSS 7.8PoC 2ubuntu linux (18) · bazaar (1)
- 17 CVE2 critCVSS 6.7PoC 4nilsteampassnet/teampass (5) · october/october (3) · codeigniter4/framework (1)
- 16 CVE4 critCVSS 7.6×8.0Nuclei 2PoC 3openoffice (6) · camel (2) · couchdb (2)
- 15 CVE3 critCVSS 7.9PoC 1enterprise linux server (7) · enterprise linux workstation (6) · enterprise linux desktop (6)
- 15 CVECVSS 7.5PoC 1workstation (6) · horizon view (3) · horizon view client for windows (3)
- 14 CVE3 critCVSS 7.8×14.0Nuclei 2PoC 2apache openoffice (6) · apache couchdb (2) · apache camel (2)
- 13 CVE3 critCVSS 8.2macos (13) · tvos (1) · watchos (1)
- 13 CVE8 critCVSS 8.5PoC 1ansible (1) · aubio (1) · confire (1)
- 12 CVE5 critCVSS 8.4Nuclei 2PoC 5ejs (3) · mathjs (2) · jqueryfiletree (1)
- 12 CVECVSS 6.3NEWswftools (12)
- 11 CVE2 critCVSS 7.6manageability engine firmware (4) · active management technology firmware (3) · server platform services firmware (2)
- 11 CVE2 critCVSS 8.0NEWmanageability engine (2) · trusted execution engine (2) · active management technology (2)
- 10 CVE4 critCVSS 8.2×5.0PoC 7private_address_check (2) · gemirro (1) · nokogiri (1)
- 9 CVE1 critCVSS 8.3unified computing system central (3) · nx-os (3) · cisco firepower 4100 series next-generation firewall (1)
- 9 CVECVSS 7.5PoC 2binutils (8) · ncurses (1)
- 9 CVE1 critCVSS 7.8×9.0PoC 2gnu binutils (8) · exim (1)
- 9 CVECVSS 6.5PoC 9mkclean (8) · mkvalidator (8) · libebml2 (7)
- 9 CVE1 critCVSS 7.5eds-g512e firmware (6) · nport 5110 firmware (3) · nport 5150 firmware (3)
- 9 CVE2 critCVSS 8.0PoC 1microsoft.chakracore (4) · microsoft.aspnetcore.mvc.core (2) · microsoft.netcore.app (1)
- 9 CVE1 critCVSS 7.4PoC 1роса кобальт (9)
- 8 CVE5 critCVSS 9.0NEWmongoose (8)
- 8 CVECVSS 7.7NEWintel management engine (4) · intel server platform services (2) · intel trusted execution engine (2)
- 8 CVE1 critCVSS 7.5NEWgluster storage for rhel 6 (3) · postgresql (3) · rpm (1)
- 8 CVE7 critCVSS 9.7PoC 2manageengine applications manager (8)
- 7 CVE1 critCVSS 7.1mediawiki (7)
- 7 CVE3 critCVSS 8.7NEWPoC 1october (7)
- 6 CVECVSS 7.2PoC 1cacti (6)
- 6 CVE3 critCVSS 8.9scaleio (2) · vmax emanagement (1) · appsync (1)
- 6 CVECVSS 7.1PoC 1clustered data ontap (3) · oncommand unified manager (2) · snapcenter server (2)
- 6 CVE2 critCVSS 7.6tuxedo (5) · peoplesoft enterprise peopletools (1) · retail predictive application server (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | huawei | 145 | 10 | · | · | ×145.0 | fusionsphere openstack (17) · uma (14) · p10 plus firmware (13) | — | |
| 2 | huawei technologies co., ltd. | 144 | 10 | · | · | NEW×144.0 | fusionsphere openstack (17) · uma (14) · honor 5c,honor 6x (6) | — | |
| 3 | cisco | 84 | 7 | · | · | nx-os (14) · unified computing system (9) · webex meetings server (7) | — | ||
| 4 | 65 | 4 | · | · | android (65) | — | |||
| 5 | apple | 62 | 3 | · | · | PoC 14 | mac os x (42) · iphone os (21) · tvos (18) | — | |
| 6 | сообщество свободного программного обеспечения | 62 | 10 | · | · | PoC 12 | debian gnu/linux (35) · linux (24) · libxml2 (2) | — | |
| 7 | debian | 57 | 12 | 1 | · | KEV 1PoC 10 | debian linux (57) | — | |
| 8 | microsoft | 54 | 1 | 1 | · | ×13.5KEV 1PoC 10 | edge (24) · chakracore (17) · internet explorer (12) | — | |
| 9 | microsoft corporation | 53 | 1 | 1 | · | NEW×26.5KEV 1PoC 9 | chakracore, microsoft edge (9) · windows kernel (7) · microsoft edge (7) | — | |
| 10 | linux | 34 | · | · | · | PoC 3 | linux kernel (34) | — | |
| 11 | qualcomm, inc. | 32 | · | · | · | NEW | android for msm, firefox os for msm, qrd android (32) | — | |
| 12 | ооо «русбитех-астра» | 32 | 6 | · | · | ×4.0PoC 10 | astra linux special edition (19) · astra linux special edition для «эльбрус» (14) · astra linux common edition (5) | — | |
| 13 | google inc. | 31 | 3 | · | · | android (31) | — | ||
| 14 | ibm | 30 | 2 | · | · | rational doors next generation (12) · openpages grc platform (6) · rational team concert (4) | — | ||
| 15 | maven | 28 | 6 | · | · | ×4.0PoC 4 | io.swagger:swagger-parser (2) · org.jvnet.hudson.plugins:favorite (2) · io.swagger:swagger-codegen (2) | — | |
| 16 | mahara | 27 | 4 | · | · | NEWPoC 9 | mahara (26) · mahara mobile (1) | — | |
| 17 | microsoft corp | 27 | 1 | 1 | · | ×4.5KEV 1PoC 8 | microsoft edge (17) · chakracore (15) · internet explorer (9) | — | |
| 18 | google inc | 26 | 4 | · | · | android (26) | — | ||
| 19 | circle media | 22 | 2 | · | · | NEWPoC 13 | circle (22) | — | |
| 20 | meetcircle | 22 | 2 | · | · | NEWPoC 13 | circle with disney firmware (22) | — | |
| 21 | canonical | 18 | 3 | · | · | PoC 2 | ubuntu linux (18) · bazaar (1) | — | |
| 22 | packagist | 17 | 2 | · | · | PoC 4 | nilsteampassnet/teampass (5) · october/october (3) · codeigniter4/framework (1) | — | |
| 23 | apache | 16 | 4 | · | 2 | ×8.0Nuclei 2PoC 3 | openoffice (6) · camel (2) · couchdb (2) | — | |
| 24 | redhat | 15 | 3 | · | · | PoC 1 | enterprise linux server (7) · enterprise linux workstation (6) · enterprise linux desktop (6) | — | |
| 25 | vmware | 15 | · | · | · | PoC 1 | workstation (6) · horizon view (3) · horizon view client for windows (3) | — | |
| 26 | apache software foundation | 14 | 3 | · | 2 | ×14.0Nuclei 2PoC 2 | apache openoffice (6) · apache couchdb (2) · apache camel (2) | — | |
| 27 | apple inc. | 13 | 3 | · | · | macos (13) · tvos (1) · watchos (1) | — | ||
| 28 | pypi | 13 | 8 | · | · | PoC 1 | ansible (1) · aubio (1) · confire (1) | — | |
| 29 | npm | 12 | 5 | · | 2 | Nuclei 2PoC 5 | ejs (3) · mathjs (2) · jqueryfiletree (1) | — | |
| 30 | swftools | 12 | · | · | · | NEW | swftools (12) | — | |
| 31 | intel | 11 | 2 | · | · | manageability engine firmware (4) · active management technology firmware (3) · server platform services firmware (2) | — | ||
| 32 | intel corporation | 11 | 2 | · | · | NEW | manageability engine (2) · trusted execution engine (2) · active management technology (2) | — | |
| 33 | rubygems | 10 | 4 | · | · | ×5.0PoC 7 | private_address_check (2) · gemirro (1) · nokogiri (1) | — | |
| 34 | cisco systems inc. | 9 | 1 | · | · | unified computing system central (3) · nx-os (3) · cisco firepower 4100 series next-generation firewall (1) | — | ||
| 35 | gnu | 9 | · | · | · | PoC 2 | binutils (8) · ncurses (1) | — | |
| 36 | gnu general public license | 9 | 1 | · | · | ×9.0PoC 2 | gnu binutils (8) · exim (1) | — | |
| 37 | matroska | 9 | · | · | · | PoC 9 | mkclean (8) · mkvalidator (8) · libebml2 (7) | — | |
| 38 | moxa | 9 | 1 | · | · | eds-g512e firmware (6) · nport 5110 firmware (3) · nport 5150 firmware (3) | — | ||
| 39 | nuget | 9 | 2 | · | · | PoC 1 | microsoft.chakracore (4) · microsoft.aspnetcore.mvc.core (2) · microsoft.netcore.app (1) | — | |
| 40 | ао «нтц ит роса» | 9 | 1 | · | · | PoC 1 | роса кобальт (9) | — | |
| 41 | cesanta | 8 | 5 | · | · | NEW | mongoose (8) | — | |
| 42 | intel corp. | 8 | · | · | · | NEW | intel management engine (4) · intel server platform services (2) · intel trusted execution engine (2) | — | |
| 43 | red hat, inc. | 8 | 1 | · | · | NEW | gluster storage for rhel 6 (3) · postgresql (3) · rpm (1) | — | |
| 44 | zohocorp | 8 | 7 | · | · | PoC 2 | manageengine applications manager (8) | — | |
| 45 | mediawiki | 7 | 1 | · | · | mediawiki (7) | — | ||
| 46 | octobercms | 7 | 3 | · | · | NEWPoC 1 | october (7) | — | |
| 47 | cacti | 6 | · | · | · | PoC 1 | cacti (6) | — | |
| 48 | emc | 6 | 3 | · | · | scaleio (2) · vmax emanagement (1) · appsync (1) | — | ||
| 49 | netapp | 6 | · | · | · | PoC 1 | clustered data ontap (3) · oncommand unified manager (2) · snapcenter server (2) | — | |
| 50 | oracle | 6 | 2 | · | · | tuxedo (5) · peoplesoft enterprise peopletools (1) · retail predictive application server (1) | — |