month report

December 2018

Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →

December 2018 closed with 1,212 published CVEs. 175 criticals, ооо «русбитех-астра» led volume, mostly via astra linux special edition. Biggest breakout: amazon at ×13.0 their 12-month median. Top weakness class — CWE-79 (207 CVE). 10 vendors cracked the top-100 for the first time.

Print view

Total CVEs

1,212

— MoM— YoY

Severity mix

175 / 434

critical / high

KEV added

0 ransomware-linked

Nuclei coverage

3.5%

43 CVEs with templates

Time to exploit

How fast the community ships detection after a CVE drops.

Days → Nuclei (median)

2641.2

n=43

Within 7 days

0.0%

Within 30 days

0.0%

Days → KEV (median)

1339

n=10

Detection gap

KEV pressure, no Nuclei coverage

December 2018 · vendors with active exploitation listed by CISA but no public detection template.

KEV 3microsoft40 CVE
KEV 3microsoft corp40 CVE
KEV 1ооо «русбитех-астра»133 CVE
KEV 1google102 CVE
KEV 1google inc42 CVE
KEV 1novell inc.39 CVE

Weakness × Vendor

What's spreading where in December 2018

Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.

Breakout vendors

CVE count ≥3× their own 12-period median.

13.0×amazon13 CVE
12.0×siemens ag24 CVE
10.0×red hat inc.20 CVE
8.0×opensuse32 CVE
8.0×microsoft corp40 CVE
7.0×ао "нппкт"21 CVE
7.0×canonical ltd.49 CVE
6.0×arubanetworks6 CVE
4.8×fedoraproject29 CVE
4.7×ао «концерн вниинс»33 CVE

First time in top-100

Vendors never in top-100 in the prior 24 periods.

#18infovista26 CVE
#24libraw llc19 CVE
#28asustor15 CVE
#29drobo14 CVE
#31amazon13 CVE
#35douco12 CVE
#36gitlab12 CVE
#41hewlett packard enterprise11 CVE
#45technicolor11 CVE
#47kibokolabs10 CVE

Top vendors

Ranked by distinct CVE count this period.

1ооо «русбитех-астра»—
133 CVE11 critCVSS 7.1
×3.5KEV 1PoC 26
astra linux special edition (126) · astra linux special edition для «эльбрус» (62) · astra linux common edition (13)
2сообщество свободного программного обеспечения—
130 CVE13 critCVSS 7.2
×3.8KEV 2Nuclei 1PoC 29
debian gnu/linux (111) · freeware advanced audio decoder 2 (12) · libvnc (9)
3debian—
127 CVE14 critCVSS 7.4
KEV 1Nuclei 7PoC 18
debian linux (127)
4google—
102 CVE4 critCVSS 7.5
KEV 1PoC 5
chrome (49) · android (48) · rendertron (4)
5redhat—
78 CVE9 critCVSS 7.6
×3.4KEV 2Nuclei 2PoC 11
enterprise linux workstation (33) · enterprise linux server (33) · enterprise linux desktop (32)
6canonical—
71 CVE9 critCVSS 7.5
PoC 14
ubuntu linux (71)
7ibm—
65 CVECVSS 5.6
PoC 1
security access manager appliance (10) · security access manager (10) · security guardium (8)
8canonical ltd.—
49 CVE4 critCVSS 7.3
×7.0PoC 6
ubuntu (49)
9google inc—
42 CVE3 critCVSS 7.6
×3.8KEV 1PoC 1
google chrome (28) · android (12) · kubernetes (2)
10microsoft—
40 CVE2 critCVSS 6.9
KEV 3PoC 4
windows server 2019 (14) · windows 10 (14) · windows 10 servers (12)
11microsoft corp—
40 CVE2 critCVSS 7.0
×8.0KEV 3PoC 4
windows server 2019 (server core installation) (14) · windows 10 1809 (13) · windows server 2019 (13)
12novell inc.—
39 CVECVSS 7.1
KEV 1PoC 6
opensuse leap (37) · suse linux enterprise module for basesystem (5) · suse linux enterprise desktop (3)
13maven—
34 CVE9 critCVSS 7.8
×3.4KEV 1Nuclei 1PoC 6
org.jenkins-ci.main:jenkins-core (4) · org.apache.nifi:nifi (3) · org.hswebframework.web:hsweb-commons (2)
14ао «концерн вниинс»—
33 CVE2 critCVSS 7.2
×4.7PoC 10
ос он «стрелец» (33)
15google inc.—
32 CVE2 critCVSS 7.6
android (32)
16opensuse—
32 CVE1 critCVSS 7.3
×8.0PoC 5
leap (29) · libsolv (3) · backports sle (2)
17fedoraproject—
29 CVE2 critCVSS 7.0
×4.8PoC 11
fedora (28) · sssd (1)
18infovista—
26 CVECVSS 6.1
NEWPoC 26
vistaportal (26)
19siemens ag—
24 CVE3 critCVSS 7.5
×12.0PoC 1
sinumerik 808d (7) · sinumerik 840d sl (7) · sinumerik 828d (7)
20libraw—
21 CVECVSS 7.4
PoC 4
libraw (21)
21siemens—
21 CVE4 critCVSS 8.0
×4.2
sinumerik 840d sl v4.7 firmware (9) · sinumerik 828d v4.7 firmware (9) · sinumerik 840d sl v4.8 firmware (9)
22ао "нппкт"—
21 CVE1 critCVSS 6.8
×7.0PoC 4
осон основа оnyx (21)
23red hat inc.—
20 CVE2 critCVSS 8.0
×10.0KEV 1Nuclei 1PoC 3
red hat enterprise linux (16) · openshift container platform (3) · red hat software collections (2)
24libraw llc—
19 CVECVSS 7.3
NEWPoC 4
libraw (19)
25packagist—
19 CVECVSS 6.2
PoC 14
phpmyadmin/phpmyadmin (3) · evolutioncms/evolution (2) · craftcms/cms (2)
26audiocoding—
18 CVECVSS 5.9
PoC 6
freeware advanced audio decoder 2 (12) · freeware advanced audio coder (6)
27qualcomm, inc.—
16 CVE2 critCVSS 8.0
android for msm, firefox os for msm, qrd android (15) · snapdragon mobile, snapdragon wear (1)
28asustor—
15 CVE1 critCVSS 7.6
NEWPoC 10
data master (15)
29drobo—
14 CVE6 critCVSS 8.2
NEWPoC 7
5n2 firmware (14)
30facebook—
14 CVE4 critCVSS 8.0
PoC 1
hhvm (5) · proxygen (3) · whatsapp for windows phone (1)
31amazon—
13 CVECVSS 6.8
NEW×13.0PoC 5
amazon web services freertos (13) · freertos (11)
32schneider-electric—
13 CVE2 critCVSS 7.6
PoC 2
modicom premium firmware (3) · evlink parking firmware (3) · modicom quantum firmware (3)
33schneider electric se—
13 CVE2 critCVSS 7.9
PoC 2
iiot monitor 3.1.38 (3) · evlink parking v3.2.0-12_v1 and earlier (3) · embedded web servers in all modicon m340, premium, quantum plcs and bmxnor0200 (3)
34d-link corp.—
12 CVE8 critCVSS 8.7
PoC 1
dcs-825l (3) · dcm-704 (2) · dcm-604 (2)
35douco—
12 CVECVSS 5.2
NEWPoC 5
douphp (12)
36gitlab—
12 CVE2 critCVSS 7.1
NEWPoC 2
gitlab (12)
37gnu—
12 CVECVSS 6.5
PoC 3
binutils (5) · libextractor (2) · gnutls (1)
38schneider electric—
12 CVE2 critCVSS 7.3
PoC 2
iiot monitor (3) · modicon bmxnor0200 (3) · modicon premium (3)
39fabrice bellard—
11 CVECVSS 6.2
qemu (11)
40fedora project—
11 CVECVSS 6.6
PoC 2
fedora (11)
41hewlett packard enterprise—
11 CVE2 critCVSS 7.4
NEW
aruba clearpass policy manager (5) · hpe intelligent management center (imc) (3) · hpe integrated lights-out 5 (ilo 5) for hpe gen10 servers (1)
42mcafee—
11 CVE2 critCVSS 7.2
PoC 3
agent (5) · true key (3) · mcafee agent (ma) for linux (3)
43netapp—
11 CVE5 critCVSS 8.4
×3.7PoC 1
e-series santricity os controller (4) · snapcenter (4) · snap creator framework (4)
44qemu—
11 CVECVSS 6.2
qemu (11)
45technicolor—
11 CVE10 critCVSS 9.6
NEWPoC 3
dpc3928sl firmware (3) · cga0111 firmware (2) · tc7200.d1i firmware (2)
46f5—
10 CVECVSS 6.9
big-ip access policy manager (7) · big-ip local traffic manager (5) · big-ip application acceleration manager (5)
47kibokolabs—
10 CVECVSS 5.0
NEWNuclei 10PoC 10
arigato autoresponder and newsletter (10)
48kiboko labs https://calendarscripts.info/—
10 CVECVSS 5.0
NEWNuclei 10PoC 10
arigato autoresponder and newsletter (10)
49[unknown]—
10 CVECVSS 6.5
NEW
golang (3) · qemu: (2) · pdns-recursor (1)
50ао «нтц ит роса»—
10 CVECVSS 8.1
×3.3PoC 4
роса кобальт (5) · rosa virtualization 3.0 (3) · rosa virtualization (2)

#	Vendor	CVEs	Crit	KEV	Nuclei	Signals	Top products	Δ
1	ооо «русбитех-астра»	133	11	1	·	×3.5KEV 1PoC 26	astra linux special edition (126) · astra linux special edition для «эльбрус» (62) · astra linux common edition (13)	—
2	сообщество свободного программного обеспечения	130	13	2	1	×3.8KEV 2Nuclei 1PoC 29	debian gnu/linux (111) · freeware advanced audio decoder 2 (12) · libvnc (9)	—
3	debian	127	14	1	7	KEV 1Nuclei 7PoC 18	debian linux (127)	—
4	google	102	4	1	·	KEV 1PoC 5	chrome (49) · android (48) · rendertron (4)	—
5	redhat	78	9	2	2	×3.4KEV 2Nuclei 2PoC 11	enterprise linux workstation (33) · enterprise linux server (33) · enterprise linux desktop (32)	—
6	canonical	71	9	·	·	PoC 14	ubuntu linux (71)	—
7	ibm	65	·	·	·	PoC 1	security access manager appliance (10) · security access manager (10) · security guardium (8)	—
8	canonical ltd.	49	4	·	·	×7.0PoC 6	ubuntu (49)	—
9	google inc	42	3	1	·	×3.8KEV 1PoC 1	google chrome (28) · android (12) · kubernetes (2)	—
10	microsoft	40	2	3	·	KEV 3PoC 4	windows server 2019 (14) · windows 10 (14) · windows 10 servers (12)	—
11	microsoft corp	40	2	3	·	×8.0KEV 3PoC 4	windows server 2019 (server core installation) (14) · windows 10 1809 (13) · windows server 2019 (13)	—
12	novell inc.	39	·	1	·	KEV 1PoC 6	opensuse leap (37) · suse linux enterprise module for basesystem (5) · suse linux enterprise desktop (3)	—
13	maven	34	9	1	1	×3.4KEV 1Nuclei 1PoC 6	org.jenkins-ci.main:jenkins-core (4) · org.apache.nifi:nifi (3) · org.hswebframework.web:hsweb-commons (2)	—
14	ао «концерн вниинс»	33	2	·	·	×4.7PoC 10	ос он «стрелец» (33)	—
15	google inc.	32	2	·	·		android (32)	—
16	opensuse	32	1	·	·	×8.0PoC 5	leap (29) · libsolv (3) · backports sle (2)	—
17	fedoraproject	29	2	·	·	×4.8PoC 11	fedora (28) · sssd (1)	—
18	infovista	26	·	·	·	NEWPoC 26	vistaportal (26)	—
19	siemens ag	24	3	·	·	×12.0PoC 1	sinumerik 808d (7) · sinumerik 840d sl (7) · sinumerik 828d (7)	—
20	libraw	21	·	·	·	PoC 4	libraw (21)	—
21	siemens	21	4	·	·	×4.2	sinumerik 840d sl v4.7 firmware (9) · sinumerik 828d v4.7 firmware (9) · sinumerik 840d sl v4.8 firmware (9)	—
22	ао "нппкт"	21	1	·	·	×7.0PoC 4	осон основа оnyx (21)	—
23	red hat inc.	20	2	1	1	×10.0KEV 1Nuclei 1PoC 3	red hat enterprise linux (16) · openshift container platform (3) · red hat software collections (2)	—
24	libraw llc	19	·	·	·	NEWPoC 4	libraw (19)	—
25	packagist	19	·	·	·	PoC 14	phpmyadmin/phpmyadmin (3) · evolutioncms/evolution (2) · craftcms/cms (2)	—
26	audiocoding	18	·	·	·	PoC 6	freeware advanced audio decoder 2 (12) · freeware advanced audio coder (6)	—
27	qualcomm, inc.	16	2	·	·		android for msm, firefox os for msm, qrd android (15) · snapdragon mobile, snapdragon wear (1)	—
28	asustor	15	1	·	·	NEWPoC 10	data master (15)	—
29	drobo	14	6	·	·	NEWPoC 7	5n2 firmware (14)	—
30	facebook	14	4	·	·	PoC 1	hhvm (5) · proxygen (3) · whatsapp for windows phone (1)	—
31	amazon	13	·	·	·	NEW×13.0PoC 5	amazon web services freertos (13) · freertos (11)	—
32	schneider-electric	13	2	·	·	PoC 2	modicom premium firmware (3) · evlink parking firmware (3) · modicom quantum firmware (3)	—
33	schneider electric se	13	2	·	·	PoC 2	iiot monitor 3.1.38 (3) · evlink parking v3.2.0-12_v1 and earlier (3) · embedded web servers in all modicon m340, premium, quantum plcs and bmxnor0200 (3)	—
34	d-link corp.	12	8	·	·	PoC 1	dcs-825l (3) · dcm-704 (2) · dcm-604 (2)	—
35	douco	12	·	·	·	NEWPoC 5	douphp (12)	—
36	gitlab	12	2	·	·	NEWPoC 2	gitlab (12)	—
37	gnu	12	·	·	·	PoC 3	binutils (5) · libextractor (2) · gnutls (1)	—
38	schneider electric	12	2	·	·	PoC 2	iiot monitor (3) · modicon bmxnor0200 (3) · modicon premium (3)	—
39	fabrice bellard	11	·	·	·		qemu (11)	—
40	fedora project	11	·	·	·	PoC 2	fedora (11)	—
41	hewlett packard enterprise	11	2	·	·	NEW	aruba clearpass policy manager (5) · hpe intelligent management center (imc) (3) · hpe integrated lights-out 5 (ilo 5) for hpe gen10 servers (1)	—
42	mcafee	11	2	·	·	PoC 3	agent (5) · true key (3) · mcafee agent (ma) for linux (3)	—
43	netapp	11	5	·	·	×3.7PoC 1	e-series santricity os controller (4) · snapcenter (4) · snap creator framework (4)	—
44	qemu	11	·	·	·		qemu (11)	—
45	technicolor	11	10	·	·	NEWPoC 3	dpc3928sl firmware (3) · cga0111 firmware (2) · tc7200.d1i firmware (2)	—
46	f5	10	·	·	·		big-ip access policy manager (7) · big-ip local traffic manager (5) · big-ip application acceleration manager (5)	—
47	kibokolabs	10	·	·	10	NEWNuclei 10PoC 10	arigato autoresponder and newsletter (10)	—
48	kiboko labs https://calendarscripts.info/	10	·	·	10	NEWNuclei 10PoC 10	arigato autoresponder and newsletter (10)	—
49	[unknown]	10	·	·	·	NEW	golang (3) · qemu: (2) · pdns-recursor (1)	—
50	ао «нтц ит роса»	10	·	·	·	×3.3PoC 4	роса кобальт (5) · rosa virtualization 3.0 (3) · rosa virtualization (2)	—