month report
September 1999
Data as of Jun 11, 2026, 06:03 UTCSnapshot v1 Sources CVEList V5+NVD+GHSA+CSAF+FSTEC BDU+CISA KEV+EPSS+Nuclei templates Methodology →
September 1999 closed with 321 published CVEs. 34 criticals, sun led volume, mostly via sunos. Top weakness class — CWE-119 (5 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
321
— MoM— YoY
Severity mix
34 / 141
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
0.0%
0 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
—
n=0
Within 7 days
—%
Within 30 days
—%
Days → KEV (median)
—
n=0
Weakness × Vendor
What's spreading where in September 1999
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — September 1999
No CVE mentions in the news this month yet.
Top vendors
Ranked by distinct CVE count this period.
- 68 CVE9 critCVSS 6.9NEWPoC 1sunos (64) · solaris (38) · nfs (2)
- 47 CVE10 critCVSS 7.2NEWPoC 1aix (47) · sng (2)
- 39 CVE1 critCVSS 5.7NEWwindows nt (22) · internet information server (10) · windows 2000 (5)
- 36 CVE5 critCVSS 7.2NEWPoC 1irix (35) · license oeo (1) · freeware (1)
- 32 CVE5 critCVSS 6.5NEWhp-ux (29) · vvos (2) · openmail (1)
- 22 CVE2 critCVSS 6.9NEWfreebsd (22)
- 20 CVE7 critCVSS 7.8NEWPoC 1bsd os (20)
- 18 CVE2 critCVSS 5.7NEWnetbsd (17) · umapfs (1)
- 17 CVE6 critCVSS 7.5NEWPoC 1linux (17)
- 13 CVE2 critCVSS 6.2NEWopenserver (12) · open desktop (8) · unixware (8)
- 12 CVECVSS 5.4NEWios (10) · pix firewall software (2) · catalyst 5xxx supervisor software (1)
- 12 CVE2 critCVSS 6.1NEWenterprise server (5) · communicator (3) · fasttrack server (3)
- 10 CVECVSS 4.4NEWopenbsd (10)
- 9 CVE6 critCVSS 8.8NEWPoC 1openlinux (8) · network desktop (1)
- 9 CVE3 critCVSS 7.7NEWdebian linux (8) · netkit (1)
- 9 CVE4 critCVSS 7.9NEWasl ux 4800 (8) · ews-ux v (5) · up-ux v (5)
- 8 CVE2 critCVSS 7.4NEWosf 1 (5) · ultrix (2) · unix (2)
- 8 CVE4 critCVSS 8.3NEWsendmail (7) · vacation (1)
- 8 CVECVSS 5.6NEWlinux kernel (8)
- 7 CVECVSS 6.3NEWinet (3) · fingerd (2) · finger service (1)
- 7 CVE3 critCVSS 7.4NEWbind (5) · inn (2)
- 6 CVE1 critCVSS 7.1NEWhttp server (6)
- 6 CVE1 critCVSS 6.9NEWdg ux (6)
- 6 CVE2 critCVSS 7.8NEWslackware linux (6)
- 5 CVE2 critCVSS 7.5NEWwu-ftpd (5)
- 4 CVECVSS 5.9NEWsuse linux (4)
- 3 CVE1 critCVSS 7.6NEWftp (2) · ftp pasv (1)
- 3 CVE1 critCVSS 8.1NEWncsa httpd (2) · campas (1) · servers (1)
- 3 CVECVSS 6.7NEWphp (2) · php fi (1)
- 3 CVE2 critCVSS 9.4NEWimap (2) · pop (1) · wu-ftpd (1)
- 2 CVECVSS 7.2NEWcde (2)
- 2 CVE1 critCVSS 8.3NEWunicos (2) · unicos max (1)
- 2 CVECVSS 3.5NEWl0phtcrack (2)
- 2 CVECVSS 5.0NEWascend tnt router (1) · ascend max router (1) · ascend pipeline router (1)
- 2 CVECVSS 6.3NEWformmail (2)
- 2 CVE1 critCVSS 8.6NEWnextstep (2)
- 2 CVECVSS 5.0NEWweb server (1) · netware (1)
- 2 CVECVSS 7.5NEWoreilly website (1) · website (1)
- 2 CVECVSS 5.0NEWwebramp 200i (1) · webramp (1) · webramp m3 (1)
- 2 CVECVSS 7.5NEWfaxsurvey (1) · jj (1)
- 2 CVECVSS 8.0NEWssh (2)
- 2 CVECVSS 6.3NEWwebgais (2)
- 2 CVECVSS 5.9NEWx11r6 (1) · xfree86 (1)
- 1 CVECVSS 7.5NEWtigris (1)
- 1 CVECVSS 2.1NEWframemaker (1)
- 1 CVECVSS 7.5NEWghostscript (1)
- 1 CVECVSS 2.1NEWrsync (1)
- 1 CVECVSS 7.2NEWa ux (1)
- 1 CVECVSS 5.0NEWbisonware ftp server (1)
- 1 CVECVSS 5.0NEWcontrolit (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | sun | 68 | 9 | · | · | NEWPoC 1 | sunos (64) · solaris (38) · nfs (2) | — | |
| 2 | ibm | 47 | 10 | · | · | NEWPoC 1 | aix (47) · sng (2) | — | |
| 3 | microsoft | 39 | 1 | · | · | NEW | windows nt (22) · internet information server (10) · windows 2000 (5) | — | |
| 4 | sgi | 36 | 5 | · | · | NEWPoC 1 | irix (35) · license oeo (1) · freeware (1) | — | |
| 5 | hp | 32 | 5 | · | · | NEW | hp-ux (29) · vvos (2) · openmail (1) | — | |
| 6 | freebsd | 22 | 2 | · | · | NEW | freebsd (22) | — | |
| 7 | bsdi | 20 | 7 | · | · | NEWPoC 1 | bsd os (20) | — | |
| 8 | netbsd | 18 | 2 | · | · | NEW | netbsd (17) · umapfs (1) | — | |
| 9 | redhat | 17 | 6 | · | · | NEWPoC 1 | linux (17) | — | |
| 10 | sco | 13 | 2 | · | · | NEW | openserver (12) · open desktop (8) · unixware (8) | — | |
| 11 | cisco | 12 | · | · | · | NEW | ios (10) · pix firewall software (2) · catalyst 5xxx supervisor software (1) | — | |
| 12 | netscape | 12 | 2 | · | · | NEW | enterprise server (5) · communicator (3) · fasttrack server (3) | — | |
| 13 | openbsd | 10 | · | · | · | NEW | openbsd (10) | — | |
| 14 | caldera | 9 | 6 | · | · | NEWPoC 1 | openlinux (8) · network desktop (1) | — | |
| 15 | debian | 9 | 3 | · | · | NEW | debian linux (8) · netkit (1) | — | |
| 16 | nec | 9 | 4 | · | · | NEW | asl ux 4800 (8) · ews-ux v (5) · up-ux v (5) | — | |
| 17 | digital | 8 | 2 | · | · | NEW | osf 1 (5) · ultrix (2) · unix (2) | — | |
| 18 | eric allman | 8 | 4 | · | · | NEW | sendmail (7) · vacation (1) | — | |
| 19 | linux | 8 | · | · | · | NEW | linux kernel (8) | — | |
| 20 | gnu | 7 | · | · | · | NEW | inet (3) · fingerd (2) · finger service (1) | — | |
| 21 | isc | 7 | 3 | · | · | NEW | bind (5) · inn (2) | — | |
| 22 | apache | 6 | 1 | · | · | NEW | http server (6) | — | |
| 23 | data general | 6 | 1 | · | · | NEW | dg ux (6) | — | |
| 24 | slackware | 6 | 2 | · | · | NEW | slackware linux (6) | — | |
| 25 | washington university | 5 | 2 | · | · | NEW | wu-ftpd (5) | — | |
| 26 | suse | 4 | · | · | · | NEW | suse linux (4) | — | |
| 27 | ftp | 3 | 1 | · | · | NEW | ftp (2) · ftp pasv (1) | — | |
| 28 | ncsa | 3 | 1 | · | · | NEW | ncsa httpd (2) · campas (1) · servers (1) | — | |
| 29 | php | 3 | · | · | · | NEW | php (2) · php fi (1) | — | |
| 30 | university of washington | 3 | 2 | · | · | NEW | imap (2) · pop (1) · wu-ftpd (1) | — | |
| 31 | cde | 2 | · | · | · | NEW | cde (2) | — | |
| 32 | cray | 2 | 1 | · | · | NEW | unicos (2) · unicos max (1) | — | |
| 33 | l0pht | 2 | · | · | · | NEW | l0phtcrack (2) | — | |
| 34 | lucent | 2 | · | · | · | NEW | ascend tnt router (1) · ascend max router (1) · ascend pipeline router (1) | — | |
| 35 | matt wright | 2 | · | · | · | NEW | formmail (2) | — | |
| 36 | next | 2 | 1 | · | · | NEW | nextstep (2) | — | |
| 37 | novell | 2 | · | · | · | NEW | web server (1) · netware (1) | — | |
| 38 | oreilly | 2 | · | · | · | NEW | oreilly website (1) · website (1) | — | |
| 39 | ramp networks | 2 | · | · | · | NEW | webramp 200i (1) · webramp (1) · webramp m3 (1) | — | |
| 40 | renaud deraison | 2 | · | · | · | NEW | faxsurvey (1) · jj (1) | — | |
| 41 | ssh | 2 | · | · | · | NEW | ssh (2) | — | |
| 42 | webgais development team | 2 | · | · | · | NEW | webgais (2) | — | |
| 43 | xfree86 project | 2 | · | · | · | NEW | x11r6 (1) · xfree86 (1) | — | |
| 44 | acc | 1 | · | · | · | NEW | tigris (1) | — | |
| 45 | adobe | 1 | · | · | · | NEW | framemaker (1) | — | |
| 46 | aladdin enterprises | 1 | · | · | · | NEW | ghostscript (1) | — | |
| 47 | andrew tridgell | 1 | · | · | · | NEW | rsync (1) | — | |
| 48 | apple | 1 | · | · | · | NEW | a ux (1) | — | |
| 49 | bisonware | 1 | · | · | · | NEW | bisonware ftp server (1) | — | |
| 50 | broadcom | 1 | · | · | · | NEW | controlit (1) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Operating Systems209 CVE60 crit25 vendorsCVSS 7.0sunos (64) · solaris (38) · irix (35)
- Enterprise Software76 CVE16 crit7 vendorsCVSS 7.5aix (47) · hp-ux (29) · sng (2)
- 18 crit17 vendorsCVSS 7.5ios (10) · asl ux 4800 (8) · ews-ux v (5)
- Communications18 CVE7 crit9 vendorsCVSS 8.1sendmail (9) · imap (2) · ews (1)
- Consumer Software17 CVE2 crit6 vendorsCVSS 5.9enterprise server (5) · communicator (3) · fasttrack server (3)
- OSS Libraries15 CVE1 crit6 vendorsCVSS 8.6inet (3) · fingerd (2) · php (2)
- Web & CMS Plugins13 CVE1 crit6 vendorsCVSS 7.5http server (6) · formmail (2) · cgi guestbook (1)
- Security Products2 CVE1 vendorsCVSS 3.5l0phtcrack (2)
- Hardware Firmware2 CVE1 crit2 vendorsCVSS 9.8qpopper (1)
- DevTools & CI2 CVE2 vendorsCVSS 7.5clearcase (1)
- Databases1 CVE1 crit1 vendorsCVSS 10.0solaris (1)
- Cloud & SaaS1 CVE1 vendorsCVSS 5.0controlit (1)
- Mobile Apps1 CVE1 vendorsCVSS 7.2a ux (1)
- Unclassified18 CVE3 crit16 vendorsCVSS 6.9cde (2) · webgais (2) · anyform (1)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Operating Systems▸ 3 | 209 | 60 | · | 25 | 62 | 7.0 | sunos (64) · solaris (38) · irix (35) |
| Enterprise Software▸ 2 | 76 | 16 | · | 7 | 13 | 7.5 | aix (47) · hp-ux (29) · sng (2) |
| Networking Infrastructure▸ 5 | 51 | 18 | · | 17 | 34 | 7.5 | ios (10) · asl ux 4800 (8) · ews-ux v (5) |
| Communications▸ 2 | 18 | 7 | · | 9 | 11 | 8.1 | sendmail (9) · imap (2) · ews (1) |
| Consumer Software▸ 3 | 17 | 2 | · | 6 | 17 | 5.9 | enterprise server (5) · communicator (3) · fasttrack server (3) |
| OSS Libraries▸ 2 | 15 | 1 | · | 6 | 11 | 8.6 | inet (3) · fingerd (2) · php (2) |
| Web & CMS Plugins▸ 3 | 13 | 1 | · | 6 | 7 | 7.5 | http server (6) · formmail (2) · cgi guestbook (1) |
| Security Products▸ 1 | 2 | · | · | 1 | 1 | 3.5 | l0phtcrack (2) |
| Hardware Firmware▸ 2 | 2 | 1 | · | 2 | 2 | 9.8 | qpopper (1) |
| DevTools & CI▸ 2 | 2 | · | · | 2 | 3 | 7.5 | clearcase (1) |
| Databases▸ 1 | 1 | 1 | · | 1 | 1 | 10.0 | solaris (1) |
| Cloud & SaaS▸ 1 | 1 | · | · | 1 | 1 | 5.0 | controlit (1) |
| Mobile Apps▸ 1 | 1 | · | · | 1 | 1 | 7.2 | a ux (1) |
| Unclassified | 18 | 3 | · | 16 | 19 | 6.9 | cde (2) · webgais (2) · anyform (1) |
Weakness × Sector
Which weaknesses hit which solution categories in September 1999
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.
119Memory Buffer Bounds200Information Exposure120Buffer Overflow125Out-of-bounds Read264CWE-26478OS Command Injection1067CWE-106717CWE-17178CWE-17820Improper Input ValidationOperating Systems323231111Networking Infrastructure1121Communications1Consumer Software111OSS Libraries1Enterprise Software11Web & CMS PluginsHardware Firmware1DevTools & CISecurity Products