month report
September 2004
Data as of Jun 11, 2026, 06:04 UTCSnapshot v1 Sources CVEList V5+NVD+GHSA+CSAF+FSTEC BDU+CISA KEV+EPSS+Nuclei templates Methodology →
September 2004 closed with 565 published CVEs. 41 criticals, microsoft led volume, mostly via windows xp. Biggest breakout: cisco at ×24.0 their 12-month median. Top weakness class — CWE-119 (5 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
565
— MoM— YoY
Severity mix
41 / 253
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
0.0%
0 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
—
n=0
Within 7 days
—%
Within 30 days
—%
Days → KEV (median)
—
n=0
Weakness × Vendor
What's spreading where in September 2004
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — September 2004
No CVE mentions in the news this month yet.
Breakout vendors
CVE count ≥3× their own 12-period median.
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #29paul l daniels7 CVE
- #45red-m4 CVE
- #51caldera3 CVE
- #52enlightenment3 CVE
- #55namazu3 CVE
- #56ncipher3 CVE
- #58rxvt3 CVE
- #60the cacti group3 CVE
- #61ubuntu3 CVE
- #62abuse2 CVE
Top vendors
Ranked by distinct CVE count this period.
- 73 CVE4 critCVSS 7.0×10.4PoC 8windows xp (18) · windows 2000 (17) · internet explorer (14)
- 70 CVE7 critCVSS 6.4×23.3PoC 14red hat enterprise linux (57) · enterprise linux desktop (11) · enterprise linux (11)
- 30 CVE3 critCVSS 6.5×7.5PoC 7debian gnu/linux (30)
- 26 CVE2 critCVSS 6.3×7.4PoC 5mac os x (16) · darwin streaming server (6) · mac os x server (6)
- 24 CVECVSS 5.8×24.0PoC 1vpn 3000 concentrator series software (8) · vpn client (6) · vpn 3002 hardware client (6)
- 23 CVE1 critCVSS 6.0×23.0PoC 1http server (17) · tomcat (5) · mod python (1)
- 21 CVE2 critCVSS 6.5×21.0PoC 2solaris (12) · sunos (11) · java desktop system (4)
- 19 CVE3 critCVSS 6.7×19.0PoC 3mozilla (12) · thunderbird (7) · bugzilla (5)
- 17 CVE1 critCVSS 6.0×11.3PoC 1irix (12) · propack (4) · freeware (1)
- 12 CVE1 critCVSS 5.3×4.0aix (6) · lotus domino (2) · lotus notes client (2)
- 12 CVECVSS 4.4×6.0PoC 3linux kernel (12)
- 12 CVECVSS 5.5×12.0PoC 1openbsd (11) · openssh (1)
- 12 CVE2 critCVSS 6.8×8.0PoC 1suse linux (12)
- 11 CVE2 critCVSS 7.4×5.5PoC 2mysql (5) · oracle9i (4) · oracle8i (3)
- 10 CVE4 critCVSS 7.7linux (10)
- 10 CVE1 critCVSS 6.7×4.0PoC 3debian linux (6) · fsp (2) · netkit (1)
- 10 CVECVSS 5.1×10.0freebsd (10)
- 10 CVE2 critCVSS 7.3×10.0PoC 3hp-ux (5) · secure os (3) · secure web server for tru64 (1)
- 9 CVECVSS 7.0×9.0PoC 2kde (8) · konqueror (4)
- 9 CVECVSS 5.9×9.0PoC 1mandrake linux (9) · mandrake linux corporate server (4)
- 9 CVE1 critCVSS 7.1×3.0PoC 1x11r6 (9)
- 8 CVECVSS 6.8×4.0internet gatekeeper (8) · f-secure anti-virus (1) · f-secure content scanner server (1)
- 7 CVECVSS 7.5×3.5mailsweeper (7)
- 7 CVECVSS 4.2PoC 1glibc (2) · radius (2) · libtool (1)
- 7 CVECVSS 6.1×7.0bind (5) · dhcpd (1) · inn (1)
- 7 CVE1 critCVSS 6.3×7.0kerberos 5 (7)
- 7 CVE1 critCVSS 5.1×7.0PoC 2netbsd (7)
- 7 CVECVSS 5.8×7.0PoC 1netware (6) · small business suite (2) · edirectory (1)
- 7 CVECVSS 7.5NEWripmime (7)
- 7 CVE1 critCVSS 6.7samba (6) · jitterbug (1)
- 6 CVE2 critCVSS 7.7×6.0PoC 5cups (6)
- 6 CVE1 critCVSS 5.5PoC 2linux (6)
- 6 CVECVSS 6.2×3.0gdkpixbuf (5) · gtk (4) · gnome-terminal (1)
- 6 CVECVSS 6.3PoC 1tcpdump (6)
- 6 CVE1 critCVSS 7.5PoC 2navigator (5) · directory server (1) · certificate server (1)
- 5 CVECVSS 6.5opensuse (5)
- 5 CVECVSS 7.5gaim (5)
- 5 CVECVSS 6.8gateway security (2) · raptor firewall (2) · velociraptor (2)
- 4 CVECVSS 6.1PoC 2s8100 (3) · ip600 media servers (3) · modular messaging message storage server (3)
- 4 CVECVSS 6.3PoC 1mantis (4)
- 4 CVECVSS 5.6×4.0org.apache.tomcat:tomcat (4)
- 4 CVECVSS 6.9php (4)
- 4 CVECVSS 6.7phpgedview (4)
- 4 CVECVSS 6.0xpressa (4)
- 4 CVE2 critCVSS 8.1NEWPoC 31050ap lan acess point (4)
- 4 CVECVSS 4.8PoC 2superscout email filter (4)
- 4 CVECVSS 5.5PoC 2secure linux (4)
- 4 CVECVSS 6.0PoC 1turbolinux desktop (3) · turbolinux server (3) · turbolinux workstation (2)
- 4 CVE4 critCVSS 10.0PoC 1firebox (2) · soho firewall (2)
- 3 CVECVSS 4.9PoC 1util-linux (2) · man (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | microsoft | 73 | 4 | · | · | ×10.4PoC 8 | windows xp (18) · windows 2000 (17) · internet explorer (14) | — | |
| 2 | redhat | 70 | 7 | · | · | ×23.3PoC 14 | red hat enterprise linux (57) · enterprise linux desktop (11) · enterprise linux (11) | — | |
| 3 | сообщество свободного программного обеспечения | 30 | 3 | · | · | ×7.5PoC 7 | debian gnu/linux (30) | — | |
| 4 | apple | 26 | 2 | · | · | ×7.4PoC 5 | mac os x (16) · darwin streaming server (6) · mac os x server (6) | — | |
| 5 | cisco | 24 | · | · | · | ×24.0PoC 1 | vpn 3000 concentrator series software (8) · vpn client (6) · vpn 3002 hardware client (6) | — | |
| 6 | apache | 23 | 1 | · | · | ×23.0PoC 1 | http server (17) · tomcat (5) · mod python (1) | — | |
| 7 | sun | 21 | 2 | · | · | ×21.0PoC 2 | solaris (12) · sunos (11) · java desktop system (4) | — | |
| 8 | mozilla | 19 | 3 | · | · | ×19.0PoC 3 | mozilla (12) · thunderbird (7) · bugzilla (5) | — | |
| 9 | sgi | 17 | 1 | · | · | ×11.3PoC 1 | irix (12) · propack (4) · freeware (1) | — | |
| 10 | ibm | 12 | 1 | · | · | ×4.0 | aix (6) · lotus domino (2) · lotus notes client (2) | — | |
| 11 | linux | 12 | · | · | · | ×6.0PoC 3 | linux kernel (12) | — | |
| 12 | openbsd | 12 | · | · | · | ×12.0PoC 1 | openbsd (11) · openssh (1) | — | |
| 13 | suse | 12 | 2 | · | · | ×8.0PoC 1 | suse linux (12) | — | |
| 14 | oracle | 11 | 2 | · | · | ×5.5PoC 2 | mysql (5) · oracle9i (4) · oracle8i (3) | — | |
| 15 | conectiva | 10 | 4 | · | · | linux (10) | — | ||
| 16 | debian | 10 | 1 | · | · | ×4.0PoC 3 | debian linux (6) · fsp (2) · netkit (1) | — | |
| 17 | freebsd | 10 | · | · | · | ×10.0 | freebsd (10) | — | |
| 18 | hp | 10 | 2 | · | · | ×10.0PoC 3 | hp-ux (5) · secure os (3) · secure web server for tru64 (1) | — | |
| 19 | kde | 9 | · | · | · | ×9.0PoC 2 | kde (8) · konqueror (4) | — | |
| 20 | mandrakesoft | 9 | · | · | · | ×9.0PoC 1 | mandrake linux (9) · mandrake linux corporate server (4) | — | |
| 21 | xfree86 project | 9 | 1 | · | · | ×3.0PoC 1 | x11r6 (9) | — | |
| 22 | f-secure | 8 | · | · | · | ×4.0 | internet gatekeeper (8) · f-secure anti-virus (1) · f-secure content scanner server (1) | — | |
| 23 | clearswift | 7 | · | · | · | ×3.5 | mailsweeper (7) | — | |
| 24 | gnu | 7 | · | · | · | PoC 1 | glibc (2) · radius (2) · libtool (1) | — | |
| 25 | isc | 7 | · | · | · | ×7.0 | bind (5) · dhcpd (1) · inn (1) | — | |
| 26 | mit | 7 | 1 | · | · | ×7.0 | kerberos 5 (7) | — | |
| 27 | netbsd | 7 | 1 | · | · | ×7.0PoC 2 | netbsd (7) | — | |
| 28 | novell | 7 | · | · | · | ×7.0PoC 1 | netware (6) · small business suite (2) · edirectory (1) | — | |
| 29 | paul l daniels | 7 | · | · | · | NEW | ripmime (7) | — | |
| 30 | samba | 7 | 1 | · | · | samba (6) · jitterbug (1) | — | ||
| 31 | easy software products | 6 | 2 | · | · | ×6.0PoC 5 | cups (6) | — | |
| 32 | gentoo | 6 | 1 | · | · | PoC 2 | linux (6) | — | |
| 33 | gnome | 6 | · | · | · | ×3.0 | gdkpixbuf (5) · gtk (4) · gnome-terminal (1) | — | |
| 34 | lbl | 6 | · | · | · | PoC 1 | tcpdump (6) | — | |
| 35 | netscape | 6 | 1 | · | · | PoC 2 | navigator (5) · directory server (1) · certificate server (1) | — | |
| 36 | novell inc. | 5 | · | · | · | opensuse (5) | — | ||
| 37 | rob flynn | 5 | · | · | · | gaim (5) | — | ||
| 38 | symantec | 5 | · | · | · | gateway security (2) · raptor firewall (2) · velociraptor (2) | — | ||
| 39 | avaya | 4 | · | · | · | PoC 2 | s8100 (3) · ip600 media servers (3) · modular messaging message storage server (3) | — | |
| 40 | mantis | 4 | · | · | · | PoC 1 | mantis (4) | — | |
| 41 | maven | 4 | · | · | · | ×4.0 | org.apache.tomcat:tomcat (4) | — | |
| 42 | php | 4 | · | · | · | php (4) | — | ||
| 43 | phpgedview | 4 | · | · | · | phpgedview (4) | — | ||
| 44 | pingtel | 4 | · | · | · | xpressa (4) | — | ||
| 45 | red-m | 4 | 2 | · | · | NEWPoC 3 | 1050ap lan acess point (4) | — | |
| 46 | surfcontrol | 4 | · | · | · | PoC 2 | superscout email filter (4) | — | |
| 47 | trustix | 4 | · | · | · | PoC 2 | secure linux (4) | — | |
| 48 | turbolinux | 4 | · | · | · | PoC 1 | turbolinux desktop (3) · turbolinux server (3) · turbolinux workstation (2) | — | |
| 49 | watchguard | 4 | 4 | · | · | PoC 1 | firebox (2) · soho firewall (2) | — | |
| 50 | andries brouwer | 3 | · | · | · | PoC 1 | util-linux (2) · man (1) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Operating Systems278 CVE78 crit37 vendorsCVSS 10.0red hat enterprise linux (57) · debian gnu/linux (30) · linux (25)
- 8 crit20 vendorsCVSS 9.2vpn 3000 concentrator series software (8) · vpn 3002 hardware client (6) · vpn client (6)
- Security Products53 CVE5 crit23 vendorsCVSS 8.8internet gatekeeper (8) · secure linux (4) · enterprise firewall (2)
- Enterprise Software50 CVE6 crit18 vendorsCVSS 7.5aix (6) · hp-ux (5) · mantis (4)
- Consumer Software50 CVE12 crit22 vendorsCVSS 8.2mozilla (12) · thunderbird (7) · bugzilla (5)
- Web & CMS Plugins47 CVE3 crit20 vendorsCVSS 7.5http server (17) · tomcat (5) · phpgedview (4)
- Communications43 CVE2 crit23 vendorsCVSS 7.2ripmime (7) · courier mta (2) · getmail (2)
- OSS Libraries38 CVE20 vendorsCVSS 5.6php (4) · imagemagick (3) · zlib (3)
- Mobile Apps27 CVE2 crit2 vendorsCVSS 6.3mac os x (16) · darwin streaming server (6) · mac os x server (6)
- Databases13 CVE4 crit3 vendorsCVSS 7.3mysql (5) · oracle9i (4) · oracle8i (3)
- DevTools & CI6 CVE1 crit5 vendorsCVSS 8.7openpkg (2)
- Hardware Firmware4 CVE1 crit4 vendorsCVSS 10.0foomatic-filters (1) · ipc at chip embedded-webserver (1)
- ICS / OT / IoT1 CVE1 vendorsCVSS 5.0xeneo web server (1)
- Unclassified34 CVE3 crit30 vendorsCVSS 6.0abuse (2) · canna (2) · hanterm-xf (2)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Operating Systems▸ 4 | 278 | 78 | · | 37 | 130 | 10.0 | red hat enterprise linux (57) · debian gnu/linux (30) · linux (25) |
| Networking Infrastructure▸ 6 | 63 | 8 | · | 20 | 40 | 9.2 | vpn 3000 concentrator series software (8) · vpn 3002 hardware client (6) · vpn client (6) |
| Security Products▸ 5 | 53 | 5 | · | 23 | 53 | 8.8 | internet gatekeeper (8) · secure linux (4) · enterprise firewall (2) |
| Enterprise Software▸ 4 | 50 | 6 | · | 18 | 32 | 7.5 | aix (6) · hp-ux (5) · mantis (4) |
| Consumer Software▸ 4 | 50 | 12 | · | 22 | 37 | 8.2 | mozilla (12) · thunderbird (7) · bugzilla (5) |
| Web & CMS Plugins▸ 4 | 47 | 3 | · | 20 | 22 | 7.5 | http server (17) · tomcat (5) · phpgedview (4) |
| Communications▸ 4 | 43 | 2 | · | 23 | 38 | 7.2 | ripmime (7) · courier mta (2) · getmail (2) |
| OSS Libraries▸ 3 | 38 | · | · | 20 | 24 | 5.6 | php (4) · imagemagick (3) · zlib (3) |
| Mobile Apps▸ 2 | 27 | 2 | · | 2 | 10 | 6.3 | mac os x (16) · darwin streaming server (6) · mac os x server (6) |
| Databases▸ 2 | 13 | 4 | · | 3 | 8 | 7.3 | mysql (5) · oracle9i (4) · oracle8i (3) |
| DevTools & CI▸ 3 | 6 | 1 | · | 5 | 4 | 8.7 | openpkg (2) |
| Hardware Firmware▸ 3 | 4 | 1 | · | 4 | 4 | 10.0 | foomatic-filters (1) · ipc at chip embedded-webserver (1) |
| ICS / OT / IoT▸ 1 | 1 | · | · | 1 | 1 | 5.0 | xeneo web server (1) |
| Unclassified | 34 | 3 | · | 30 | 31 | 6.0 | abuse (2) · canna (2) · hanterm-xf (2) |
Weakness × Sector
Which weaknesses hit which solution categories in September 2004
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.
119Memory Buffer Bounds415Double Free120Buffer Overflow193CWE-193264CWE-26420Improper Input Validation835Infinite Loop88CWE-88131Incorrect Buffer Size190Integer OverflowOperating Systems1411211Networking Infrastructure111Consumer Software1111Communications11OSS Libraries11Security Products1Web & CMS Plugins1Enterprise Software1Databases11DevTools & CI211