month report
November 2019
Data as of Jun 4, 2026, 13:25 UTCSnapshot v1 Sources NVD+CISA KEV+EPSS+Nuclei templates Methodology →
November 2019 closed with 1,802 published CVEs. 210 criticals, сообщество свободного программного обеспечения led volume, mostly via debian gnu/linux. Biggest breakout: fedoraproject at ×36.3 their 12-month median. Top weakness class — CWE-79 (182 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
1,802
— MoM— YoY
Severity mix
210 / 673
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
2.8%
51 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
2304.9
n=51
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
925
n=9
Detection gap
KEV pressure, no Nuclei coverage
November 2019 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 4microsoft73 CVE
- KEV 4microsoft corp73 CVE
- KEV 2google138 CVE
- KEV 2google inc98 CVE
- KEV 1novell inc.141 CVE
- KEV 1ао «ивк»106 CVE
- KEV 1opensuse88 CVE
- KEV 1cisco33 CVE
Weakness × Vendor
What's spreading where in November 2019
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
79XSS20Improper Input Validation787Out-of-bounds Write200Information Exposure401CWE-401732Incorrect Permissions125Out-of-bounds Read416Use After Free89SQL Injection400Resource Consumptionсообщество свободного программного обеспечения41230350892714debian9221215955325ао «концерн вниинс»929317762312ооо «русбитех-астра»162939782213novell inc.82322062232google12321582741red hat inc.28182882172redhat9165986122fedoraproject3106132146115packagist30569ао «ивк»12173284171google inc82415324
Breakout vendors
CVE count ≥3× their own 12-period median.
- 36.3×fedoraproject109 CVE
- 27.0×intel corp.54 CVE
- 17.7×ао «ивк»106 CVE
- 17.5×samsung35 CVE
- 14.0×ао «концерн вниинс»154 CVE
- 14.0×netapp28 CVE
- 13.3×linux80 CVE
- 11.8×fedora project47 CVE
- 9.8×opensuse88 CVE
- 7.7×intel54 CVE
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #18adobe systems incorporated64 CVE
- #19magento64 CVE
- #31asus28 CVE
- #34typo328 CVE
- #40gitlab19 CVE
- #41cryptocat project17 CVE
- #43mi15 CVE
- #44cloudera14 CVE
- #45lavamobiles14 CVE
- #50nvidia12 CVE
Top vendors
Ranked by distinct CVE count this period.
- 239 CVE14 critCVSS 6.7KEV 2Nuclei 2PoC 39debian gnu/linux (166) · linux (82) · portainer (6)
- 188 CVE27 critCVSS 7.0Nuclei 6PoC 41debian linux (188) · icoutils (3) · advanced package tool (1)
- 154 CVE9 critCVSS 6.7×14.0KEV 2Nuclei 1PoC 25ос он «стрелец» (154)
- 152 CVE12 critCVSS 7.0KEV 2Nuclei 1PoC 26astra linux special edition (136) · astra linux special edition для «эльбрус» (49) · astra linux common edition (23)
- 141 CVE8 critCVSS 6.7×7.4KEV 1PoC 17opensuse leap (134) · suse package hub for suse linux enterprise (84) · suse linux enterprise server (14)
- 138 CVE11 critCVSS 6.8KEV 2PoC 4chrome (109) · android (24) · blink (12)
- 118 CVE6 critCVSS 6.9×5.4PoC 8red hat enterprise linux (106) · red hat enterprise mrg (9) · red hat openstack platform (5)
- 114 CVE12 critCVSS 6.9Nuclei 1PoC 25enterprise linux (61) · enterprise linux server aus (8) · enterprise linux server tus (8)
- 109 CVE15 critCVSS 6.7×36.3Nuclei 2PoC 22fedora (107) · 389 directory server (2)
- 107 CVE15 critCVSS 7.1×5.3Nuclei 4PoC 64magento/community-edition (57) · typo3/cms (10) · symfony/symfony (6)
- 106 CVE7 critCVSS 6.7×17.7KEV 1PoC 13альт 8 сп (103) · альт 8 сп сервер (3) · альт линукс спт (2)
- 98 CVE4 critCVSS 6.6×4.1KEV 2PoC 3google chrome (96) · android (2)
- 88 CVE6 critCVSS 6.1×9.8KEV 1PoC 17leap (56) · backports sle (19) · opensuse (14)
- 84 CVE8 critCVSS 6.6PoC 18ubuntu linux (83) · cloud-init (1)
- 80 CVE8 critCVSS 6.6×13.3PoC 20linux kernel (78) · kernel (2) · dhcp6c (1)
- 73 CVE5 critCVSS 7.2KEV 4PoC 2windows (51) · windows server (51) · windows 10 (47)
- 73 CVE5 critCVSS 7.3KEV 4PoC 3windows server 2019 (46) · windows 10 1803 (45) · windows 10 1809 (45)
- 64 CVE6 critCVSS 6.9NEWPoC 53magento 2 (52) · magento 1 (8) · magento 1 & 2 (3)
- 64 CVE6 critCVSS 6.9NEWPoC 53magento (64)
- 54 CVE2 critCVSS 6.7×7.7PoC 3baseboard management controller firmware (13) · ethernet controller 710-bm1 firmware (11) · ethernet 700 series software (11)
- 54 CVE2 critCVSS 6.6×27.0PoC 3intel baseboard management controller (13) · ethernet controller x710-bm2 (11) · ethernet controller xxv710-am2 (11)
- 54 CVE24 critCVSS 8.5×3.9qcs605 firmware (42) · msm8996au firmware (41) · sdm660 firmware (40)
- 54 CVE24 critCVSS 8.3×3.9snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (11) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (5) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (3)
- 48 CVE5 critCVSS 7.0PoC 12ubuntu (48)
- 47 CVE7 critCVSS 7.0×11.8Nuclei 2PoC 17fedora (46) · 389 directory server (1)
- 35 CVECVSS 7.6×17.5galaxy j7 neo firmware (4) · galaxy xcover4 firmware (3) · galaxy s7 firmware (3)
- 33 CVE1 critCVSS 6.5KEV 1PoC 30firepower threat defense (4) · secure firewall management center (4) · firepower services software for asa (4)
- 32 CVECVSS 7.1×3.2p30 firmware (9) · p30 pro firmware (4) · p20 firmware (3)
- 32 CVE4 critCVSS 7.1Nuclei 6PoC 5org.jenkins-ci.plugins:google-compute-engine (3) · org.jenkins-ci.main:jenkins-core (2) · org.apache.cxf:cxf (2)
- 31 CVE1 critCVSS 6.6KEV 1PoC 29cisco webex meetings (3) · cisco firepower management center (3) · firepower threat defense (3)
- 28 CVE2 critCVSS 7.7NEWzenfone 4 selfie firmware (5) · zenfone ar firmware (3) · zenfone 5q firmware (3)
- 28 CVE2 critCVSS 6.7×14.0PoC 8steelstore cloud integrated storage (21) · data availability services (20) · active iq unified manager (17)
- 28 CVE3 critCVSS 7.3×4.0PoC 6ansible (3) · pyarrow (2) · ipa (2)
- 28 CVE2 critCVSS 6.4NEWtypo3 (28)
- 23 CVECVSS 5.7smartcloud analytics log analysis (4) · qradar (4) · qradar security information and event manager (4)
- 22 CVE1 critCVSS 6.9×4.4PoC 7осон основа оnyx (22)
- 21 CVE2 critCVSS 7.0PoC 5brocade fabric operating system firmware (8) · brocade sannav (6) · fabric operating system (4)
- 21 CVE2 critCVSS 7.0×7.0big-ip access policy manager (16) · big-ip advanced firewall manager (16) · big-ip application security manager (15)
- 21 CVE5 critCVSS 7.1×5.3PoC 7kernel (5) · ipa (2) · ansible (2)
- 19 CVECVSS 5.4NEWgitlab (19)
- 17 CVE5 critCVSS 7.5NEWPoC 1cryptocat (17)
- 16 CVE3 critCVSS 7.9Nuclei 3PoC 4nifi (3) · cxf (2) · arrow (2)
- 15 CVECVSS 4.5NEW×3.8a2 lite firmware (3) · mix 2s firmware (2) · mix firmware (1)
- 14 CVECVSS 7.2NEWcdh (7) · cloudera manager (6) · data science workbench (1)
- 14 CVECVSS 4.2NEWiris 88 firmware (3) · z92 firmware (2) · z60s firmware (2)
- 14 CVE2 critCVSS 6.8Nuclei 1PoC 4angular (1) · chartkick (1) · cookie-signature (1)
- 14 CVE1 critCVSS 6.2×7.0PoC 5sd-wan edge (3) · retail order broker (3) · flexcube private banking (3)
- 13 CVECVSS 7.1huawei ws5100-10 (2) · huawei hirouter-cd30-11 (2) · huawei hirouter-h1-10 (2)
- 13 CVE1 critCVSS 6.9Nuclei 3jenkins (4) · google compute engine (3) · support core (2)
- 12 CVECVSS 6.7NEW×3.0PoC 1gpu driver (6) · nvidia gpu display driver (5) · geforce experience (3)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | сообщество свободного программного обеспечения | 239 | 14 | 2 | 2 | KEV 2Nuclei 2PoC 39 | debian gnu/linux (166) · linux (82) · portainer (6) | — | |
| 2 | debian | 188 | 27 | · | 6 | Nuclei 6PoC 41 | debian linux (188) · icoutils (3) · advanced package tool (1) | — | |
| 3 | ао «концерн вниинс» | 154 | 9 | 2 | 1 | ×14.0KEV 2Nuclei 1PoC 25 | ос он «стрелец» (154) | — | |
| 4 | ооо «русбитех-астра» | 152 | 12 | 2 | 1 | KEV 2Nuclei 1PoC 26 | astra linux special edition (136) · astra linux special edition для «эльбрус» (49) · astra linux common edition (23) | — | |
| 5 | novell inc. | 141 | 8 | 1 | · | ×7.4KEV 1PoC 17 | opensuse leap (134) · suse package hub for suse linux enterprise (84) · suse linux enterprise server (14) | — | |
| 6 | 138 | 11 | 2 | · | KEV 2PoC 4 | chrome (109) · android (24) · blink (12) | — | ||
| 7 | red hat inc. | 118 | 6 | · | · | ×5.4PoC 8 | red hat enterprise linux (106) · red hat enterprise mrg (9) · red hat openstack platform (5) | — | |
| 8 | redhat | 114 | 12 | · | 1 | Nuclei 1PoC 25 | enterprise linux (61) · enterprise linux server aus (8) · enterprise linux server tus (8) | — | |
| 9 | fedoraproject | 109 | 15 | · | 2 | ×36.3Nuclei 2PoC 22 | fedora (107) · 389 directory server (2) | — | |
| 10 | packagist | 107 | 15 | · | 4 | ×5.3Nuclei 4PoC 64 | magento/community-edition (57) · typo3/cms (10) · symfony/symfony (6) | — | |
| 11 | ао «ивк» | 106 | 7 | 1 | · | ×17.7KEV 1PoC 13 | альт 8 сп (103) · альт 8 сп сервер (3) · альт линукс спт (2) | — | |
| 12 | google inc | 98 | 4 | 2 | · | ×4.1KEV 2PoC 3 | google chrome (96) · android (2) | — | |
| 13 | opensuse | 88 | 6 | 1 | · | ×9.8KEV 1PoC 17 | leap (56) · backports sle (19) · opensuse (14) | — | |
| 14 | canonical | 84 | 8 | · | · | PoC 18 | ubuntu linux (83) · cloud-init (1) | — | |
| 15 | linux | 80 | 8 | · | · | ×13.3PoC 20 | linux kernel (78) · kernel (2) · dhcp6c (1) | — | |
| 16 | microsoft | 73 | 5 | 4 | · | KEV 4PoC 2 | windows (51) · windows server (51) · windows 10 (47) | — | |
| 17 | microsoft corp | 73 | 5 | 4 | · | KEV 4PoC 3 | windows server 2019 (46) · windows 10 1803 (45) · windows 10 1809 (45) | — | |
| 18 | adobe systems incorporated | 64 | 6 | · | · | NEWPoC 53 | magento 2 (52) · magento 1 (8) · magento 1 & 2 (3) | — | |
| 19 | magento | 64 | 6 | · | · | NEWPoC 53 | magento (64) | — | |
| 20 | intel | 54 | 2 | · | · | ×7.7PoC 3 | baseboard management controller firmware (13) · ethernet controller 710-bm1 firmware (11) · ethernet 700 series software (11) | — | |
| 21 | intel corp. | 54 | 2 | · | · | ×27.0PoC 3 | intel baseboard management controller (13) · ethernet controller x710-bm2 (11) · ethernet controller xxv710-am2 (11) | — | |
| 22 | qualcomm | 54 | 24 | · | · | ×3.9 | qcs605 firmware (42) · msm8996au firmware (41) · sdm660 firmware (40) | — | |
| 23 | qualcomm, inc. | 54 | 24 | · | · | ×3.9 | snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (11) · snapdragon auto, snapdragon compute, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wearables (5) · snapdragon auto, snapdragon compute, snapdragon connectivity, snapdragon consumer iot, snapdragon industrial iot, snapdragon mobile, snapdragon voice & music, snapdragon wired infrastructure and networking (3) | — | |
| 24 | canonical ltd. | 48 | 5 | · | · | PoC 12 | ubuntu (48) | — | |
| 25 | fedora project | 47 | 7 | · | 2 | ×11.8Nuclei 2PoC 17 | fedora (46) · 389 directory server (1) | — | |
| 26 | samsung | 35 | · | · | · | ×17.5 | galaxy j7 neo firmware (4) · galaxy xcover4 firmware (3) · galaxy s7 firmware (3) | — | |
| 27 | cisco | 33 | 1 | 1 | · | KEV 1PoC 30 | firepower threat defense (4) · secure firewall management center (4) · firepower services software for asa (4) | — | |
| 28 | huawei | 32 | · | · | · | ×3.2 | p30 firmware (9) · p30 pro firmware (4) · p20 firmware (3) | — | |
| 29 | maven | 32 | 4 | · | 6 | Nuclei 6PoC 5 | org.jenkins-ci.plugins:google-compute-engine (3) · org.jenkins-ci.main:jenkins-core (2) · org.apache.cxf:cxf (2) | — | |
| 30 | cisco systems inc. | 31 | 1 | 1 | · | KEV 1PoC 29 | cisco webex meetings (3) · cisco firepower management center (3) · firepower threat defense (3) | — | |
| 31 | asus | 28 | 2 | · | · | NEW | zenfone 4 selfie firmware (5) · zenfone ar firmware (3) · zenfone 5q firmware (3) | — | |
| 32 | netapp | 28 | 2 | · | · | ×14.0PoC 8 | steelstore cloud integrated storage (21) · data availability services (20) · active iq unified manager (17) | — | |
| 33 | pypi | 28 | 3 | · | · | ×4.0PoC 6 | ansible (3) · pyarrow (2) · ipa (2) | — | |
| 34 | typo3 | 28 | 2 | · | · | NEW | typo3 (28) | — | |
| 35 | ibm | 23 | · | · | · | smartcloud analytics log analysis (4) · qradar (4) · qradar security information and event manager (4) | — | ||
| 36 | ао "нппкт" | 22 | 1 | · | · | ×4.4PoC 7 | осон основа оnyx (22) | — | |
| 37 | broadcom | 21 | 2 | · | · | PoC 5 | brocade fabric operating system firmware (8) · brocade sannav (6) · fabric operating system (4) | — | |
| 38 | f5 | 21 | 2 | · | · | ×7.0 | big-ip access policy manager (16) · big-ip advanced firewall manager (16) · big-ip application security manager (15) | — | |
| 39 | red hat | 21 | 5 | · | · | ×5.3PoC 7 | kernel (5) · ipa (2) · ansible (2) | — | |
| 40 | gitlab | 19 | · | · | · | NEW | gitlab (19) | — | |
| 41 | cryptocat project | 17 | 5 | · | · | NEWPoC 1 | cryptocat (17) | — | |
| 42 | apache | 16 | 3 | · | 3 | Nuclei 3PoC 4 | nifi (3) · cxf (2) · arrow (2) | — | |
| 43 | mi | 15 | · | · | · | NEW×3.8 | a2 lite firmware (3) · mix 2s firmware (2) · mix firmware (1) | — | |
| 44 | cloudera | 14 | · | · | · | NEW | cdh (7) · cloudera manager (6) · data science workbench (1) | — | |
| 45 | lavamobiles | 14 | · | · | · | NEW | iris 88 firmware (3) · z92 firmware (2) · z60s firmware (2) | — | |
| 46 | npm | 14 | 2 | · | 1 | Nuclei 1PoC 4 | angular (1) · chartkick (1) · cookie-signature (1) | — | |
| 47 | oracle | 14 | 1 | · | · | ×7.0PoC 5 | sd-wan edge (3) · retail order broker (3) · flexcube private banking (3) | — | |
| 48 | huawei technologies co., ltd. | 13 | · | · | · | huawei ws5100-10 (2) · huawei hirouter-cd30-11 (2) · huawei hirouter-h1-10 (2) | — | ||
| 49 | jenkins | 13 | 1 | · | 3 | Nuclei 3 | jenkins (4) · google compute engine (3) · support core (2) | — | |
| 50 | nvidia | 12 | · | · | · | NEW×3.0PoC 1 | gpu driver (6) · nvidia gpu display driver (5) · geforce experience (3) | — |