April 2003
April 2003 closed with 397 published CVEs — +3870.0% YoY . 39 criticals, microsoft led volume, mostly via internet explorer. Biggest breakout: microsoft at ×61.0 their 12-month median. Top weakness class — CWE-119 (3 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
April 2003 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 1microsoft61 CVE
What's spreading where in April 2003
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — April 2003
Breakout vendors
CVE count ≥3× their own 12-period median.
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #19pypi5 CVE
- #20squid5 CVE
- #24acme labs3 CVE
- #25aprelium technologies3 CVE
- #26bzip3 CVE
- #34ca2 CVE
- #36cray2 CVE
- #37efingerd2 CVE
- #38emumail2 CVE
- #40fraunhofer fit2 CVE
Top vendors
Ranked by distinct CVE count this period.
- 61 CVE4 critCVSS 6.9×61.0KEV 1PoC 3internet explorer (11) · internet information services (11) · internet information server (11)
- 31 CVE3 critCVSS 6.0×15.5PoC 5red hat enterprise linux (23) · linux (12) · docbook stylesheets (1)
- 18 CVE2 critCVSS 5.7×18.0irix (15) · irisconsole (1) · fam (1)
- 15 CVE1 critCVSS 5.6PoC 2freebsd (14) · heimdal (1) · point-to-point protocol daemon (1)
- 13 CVE1 critCVSS 6.8ios (3) · secure access control server (3) · catos (2)
- 13 CVE3 critCVSS 7.1PoC 3openbsd (8) · openssh (6)
- 13 CVE6 critCVSS 8.5PoC 2sunos (11) · solaris (10) · jre (2)
- 11 CVE3 critCVSS 7.4×11.0PoC 1unixware (6) · openunix (5) · openserver (2)
- 11 CVE4 critCVSS 8.3PoC 1hp-ux (6) · cifs-9000 server (2) · advancestack 10base-t switching hub j3210a (1)
- 11 CVECVSS 5.3PoC 1bugzilla (10) · mozilla (1)
- 10 CVE1 critCVSS 7.0PoC 2debian gnu/linux (10)
- 9 CVE1 critCVSS 7.3PoC 1oracle9i (5) · application server (4) · database server (3)
- 8 CVECVSS 6.3PoC 1http server (4) · tomcat (3) · mod python (1)
- 7 CVECVSS 6.3debian linux (6) · mime-support (1)
- 6 CVE4 critCVSS 9.1PoC 1tru64 (6)
- 6 CVECVSS 4.3×6.0emacs (1) · fileutils (1) · findutils (1)
- 6 CVE2 critCVSS 7.4jrun (3) · flash (1) · flash player (1)
- 5 CVE1 critCVSS 7.5PoC 1mac os x (4) · mac os x server (2) · quicktime (1)
- 5 CVECVSS 6.5NEWzope (5)
- 5 CVECVSS 6.5NEWsquid (5)
- 5 CVECVSS 7.4suse linux (5)
- 5 CVECVSS 6.5zope (5)
- 4 CVECVSS 6.9enterprise firewall (3) · gateway security (1) · norton internet security (1)
- 3 CVECVSS 5.8NEWthttpd (2) · acme server (1)
- 3 CVECVSS 5.0NEWabyss web server (3)
- 3 CVECVSS 2.8NEWbzip2 (3)
- 3 CVECVSS 5.8ethereal (3)
- 3 CVE1 critCVSS 6.4×3.0aix (3)
- 3 CVECVSS 5.8org.apache.tomcat:tomcat (3)
- 3 CVECVSS 6.2PoC 1netbsd (3)
- 3 CVE1 critCVSS 7.8PoC 1sendmail (3) · sendmail switch (1)
- 2 CVECVSS 7.5simpleserver shout (1) · simpleserver www (1)
- 2 CVE1 critCVSS 8.2arcserve backup (2) · arcserve backup 2000 (2)
- 2 CVE1 critCVSS 8.2NEWarcserve backup 2000 (2)
- 2 CVECVSS 5.9linux (2)
- 2 CVECVSS 6.7NEWunicos (2)
- 2 CVE1 critCVSS 7.3NEWefingerd (2)
- 2 CVECVSS 6.1NEWemumail (2) · emumail red hat linux (2) · emumail unix (2)
- 2 CVECVSS 3.5fetchmail (2)
- 2 CVECVSS 7.5NEWPoC 1bscw (2)
- 2 CVECVSS 6.3NEWgkrellm newsticker (2)
- 2 CVECVSS 7.0NEWPoC 1hosting controller (2)
- 2 CVECVSS 6.3hylafax (2)
- 2 CVE1 critCVSS 8.8PoC 1imail (2)
- 2 CVECVSS 7.5NEWPoC 2personal firewall 2 (2)
- 2 CVECVSS 6.3NEWl2tpd (2)
- 2 CVECVSS 5.5linux kernel (2)
- 2 CVECVSS 5.9mandrake linux (2) · mandrake linux corporate server (1) · mandrake single network firewall (1)
- 2 CVECVSS 3.5PoC 1communicator (1) · navigator (1)
- 2 CVECVSS 6.3emframe (1) · groupwise (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | microsoft | 61 | 4 | 1 | · | ×61.0KEV 1PoC 3 | internet explorer (11) · internet information services (11) · internet information server (11) | — | |
| 2 | redhat | 31 | 3 | · | · | ×15.5PoC 5 | red hat enterprise linux (23) · linux (12) · docbook stylesheets (1) | — | |
| 3 | sgi | 18 | 2 | · | · | ×18.0 | irix (15) · irisconsole (1) · fam (1) | — | |
| 4 | freebsd | 15 | 1 | · | · | PoC 2 | freebsd (14) · heimdal (1) · point-to-point protocol daemon (1) | — | |
| 5 | cisco | 13 | 1 | · | · | ios (3) · secure access control server (3) · catos (2) | — | ||
| 6 | openbsd | 13 | 3 | · | · | PoC 3 | openbsd (8) · openssh (6) | — | |
| 7 | sun | 13 | 6 | · | · | PoC 2 | sunos (11) · solaris (10) · jre (2) | — | |
| 8 | caldera | 11 | 3 | · | · | ×11.0PoC 1 | unixware (6) · openunix (5) · openserver (2) | — | |
| 9 | hp | 11 | 4 | · | · | PoC 1 | hp-ux (6) · cifs-9000 server (2) · advancestack 10base-t switching hub j3210a (1) | — | |
| 10 | mozilla | 11 | · | · | · | PoC 1 | bugzilla (10) · mozilla (1) | — | |
| 11 | сообщество свободного программного обеспечения | 10 | 1 | · | · | PoC 2 | debian gnu/linux (10) | — | |
| 12 | oracle | 9 | 1 | · | · | PoC 1 | oracle9i (5) · application server (4) · database server (3) | — | |
| 13 | apache | 8 | · | · | · | PoC 1 | http server (4) · tomcat (3) · mod python (1) | — | |
| 14 | debian | 7 | · | · | · | debian linux (6) · mime-support (1) | — | ||
| 15 | compaq | 6 | 4 | · | · | PoC 1 | tru64 (6) | — | |
| 16 | gnu | 6 | · | · | · | ×6.0 | emacs (1) · fileutils (1) · findutils (1) | — | |
| 17 | macromedia | 6 | 2 | · | · | jrun (3) · flash (1) · flash player (1) | — | ||
| 18 | apple | 5 | 1 | · | · | PoC 1 | mac os x (4) · mac os x server (2) · quicktime (1) | — | |
| 19 | pypi | 5 | · | · | · | NEW | zope (5) | — | |
| 20 | squid | 5 | · | · | · | NEW | squid (5) | — | |
| 21 | suse | 5 | · | · | · | suse linux (5) | — | ||
| 22 | zope | 5 | · | · | · | zope (5) | — | ||
| 23 | symantec | 4 | · | · | · | enterprise firewall (3) · gateway security (1) · norton internet security (1) | — | ||
| 24 | acme labs | 3 | · | · | · | NEW | thttpd (2) · acme server (1) | — | |
| 25 | aprelium technologies | 3 | · | · | · | NEW | abyss web server (3) | — | |
| 26 | bzip | 3 | · | · | · | NEW | bzip2 (3) | — | |
| 27 | ethereal group | 3 | · | · | · | ethereal (3) | — | ||
| 28 | ibm | 3 | 1 | · | · | ×3.0 | aix (3) | — | |
| 29 | maven | 3 | · | · | · | org.apache.tomcat:tomcat (3) | — | ||
| 30 | netbsd | 3 | · | · | · | PoC 1 | netbsd (3) | — | |
| 31 | sendmail | 3 | 1 | · | · | PoC 1 | sendmail (3) · sendmail switch (1) | — | |
| 32 | analogx | 2 | · | · | · | simpleserver shout (1) · simpleserver www (1) | — | ||
| 33 | broadcom | 2 | 1 | · | · | arcserve backup (2) · arcserve backup 2000 (2) | — | ||
| 34 | ca | 2 | 1 | · | · | NEW | arcserve backup 2000 (2) | — | |
| 35 | conectiva | 2 | · | · | · | linux (2) | — | ||
| 36 | cray | 2 | · | · | · | NEW | unicos (2) | — | |
| 37 | efingerd | 2 | 1 | · | · | NEW | efingerd (2) | — | |
| 38 | emumail | 2 | · | · | · | NEW | emumail (2) · emumail red hat linux (2) · emumail unix (2) | — | |
| 39 | fetchmail | 2 | · | · | · | fetchmail (2) | — | ||
| 40 | fraunhofer fit | 2 | · | · | · | NEWPoC 1 | bscw (2) | — | |
| 41 | gkrellm newsticker | 2 | · | · | · | NEW | gkrellm newsticker (2) | — | |
| 42 | hosting controller | 2 | · | · | · | NEWPoC 1 | hosting controller (2) | — | |
| 43 | hylafax | 2 | · | · | · | hylafax (2) | — | ||
| 44 | ipswitch | 2 | 1 | · | · | PoC 1 | imail (2) | — | |
| 45 | kerio | 2 | · | · | · | NEWPoC 2 | personal firewall 2 (2) | — | |
| 46 | l2tpd | 2 | · | · | · | NEW | l2tpd (2) | — | |
| 47 | linux | 2 | · | · | · | linux kernel (2) | — | ||
| 48 | mandrakesoft | 2 | · | · | · | mandrake linux (2) · mandrake linux corporate server (1) · mandrake single network firewall (1) | — | ||
| 49 | netscape | 2 | · | · | · | PoC 1 | communicator (1) · navigator (1) | — | |
| 50 | novell | 2 | · | · | · | emframe (1) · groupwise (1) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Operating Systems178 CVE41 crit2 KEV27 vendorsCVSS 7.1irix (15) · freebsd (14) · sunos (11)
- 7 crit27 vendorsCVSS 7.2ios (3) · secure access control server (3) · catos (2)
- OSS Libraries31 CVE1 crit13 vendorsCVSS 6.5bzip2 (3) · php (2) · digest-md5 (1)
- Communications31 CVE6 crit23 vendorsCVSS 7.4sendmail (3) · emumail (2) · emumail red hat linux (2)
- Web & CMS Plugins30 CVE3 crit20 vendorsCVSS 8.8http server (4) · abyss web server (3) · tomcat (3)
- Consumer Software28 CVE2 crit12 vendorsCVSS 7.4bugzilla (10) · communicator (1) · galeon browser (1)
- Enterprise Software23 CVE12 crit10 vendorsCVSS 8.1hp-ux (6) · aix (3) · arcserve backup 2000 (2)
- Security Products22 CVE2 crit16 vendorsCVSS 7.5ethereal (3) · ettercap (1) · fscan (1)
- Databases11 CVE3 crit4 vendorsCVSS 7.3oracle9i (5) · application server (4) · database server (3)
- Mobile Apps6 CVE1 crit2 vendorsCVSS 7.5mac os x (4) · mac os x server (2) · quicktime (1)
- Cloud & SaaS6 CVE2 crit4 vendorsCVSS 7.3arcserve backup (2) · arcserve backup 2000 (2) · gsx server (1)
- DevTools & CI3 CVE3 vendorsCVSS 5.6expect (1) · labview (1) · pmake (1)
- Hardware Firmware2 CVE1 vendorsCVSS 4.8qpopper (2)
- Unclassified27 CVE3 crit25 vendorsCVSS 6.6devwex (2) · dextop (2) · betsie (1)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Operating Systems▸ 3 | 178 | 41 | 2 | 27 | 81 | 7.1 | irix (15) · freebsd (14) · sunos (11) |
| Networking Infrastructure▸ 6 | 50 | 7 | · | 27 | 50 | 7.2 | ios (3) · secure access control server (3) · catos (2) |
| OSS Libraries▸ 4 | 31 | 1 | · | 13 | 18 | 6.5 | bzip2 (3) · php (2) · digest-md5 (1) |
| Communications▸ 3 | 31 | 6 | · | 23 | 28 | 7.4 | sendmail (3) · emumail (2) · emumail red hat linux (2) |
| Web & CMS Plugins▸ 4 | 30 | 3 | · | 20 | 22 | 8.8 | http server (4) · abyss web server (3) · tomcat (3) |
| Consumer Software▸ 5 | 28 | 2 | · | 12 | 20 | 7.4 | bugzilla (10) · communicator (1) · galeon browser (1) |
| Enterprise Software▸ 5 | 23 | 12 | · | 10 | 25 | 8.1 | hp-ux (6) · aix (3) · arcserve backup 2000 (2) |
| Security Products▸ 6 | 22 | 2 | · | 16 | 25 | 7.5 | ethereal (3) · ettercap (1) · fscan (1) |
| Databases▸ 1 | 11 | 3 | · | 4 | 8 | 7.3 | oracle9i (5) · application server (4) · database server (3) |
| Mobile Apps▸ 1 | 6 | 1 | · | 2 | 4 | 7.5 | mac os x (4) · mac os x server (2) · quicktime (1) |
| Cloud & SaaS▸ 2 | 6 | 2 | · | 4 | 6 | 7.3 | arcserve backup (2) · arcserve backup 2000 (2) · gsx server (1) |
| DevTools & CI▸ 1 | 3 | · | · | 3 | 3 | 5.6 | expect (1) · labview (1) · pmake (1) |
| Hardware Firmware▸ 1 | 2 | · | · | 1 | 1 | 4.8 | qpopper (2) |
| Unclassified | 27 | 3 | · | 25 | 25 | 6.6 | devwex (2) · dextop (2) · betsie (1) |
Which weaknesses hit which solution categories in April 2003
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.