month report
December 2007
Data as of Jun 11, 2026, 06:04 UTCSnapshot v1 Sources CVEList V5+NVD+GHSA+CSAF+FSTEC BDU+CISA KEV+EPSS+Nuclei templates Methodology →
December 2007 closed with 449 published CVEs. 71 criticals, apple led volume, mostly via mac os x. Top weakness class — CWE-119 (69 CVE). 10 vendors cracked the top-100 for the first time.
Total CVEs
449
— MoM— YoY
Severity mix
71 / 114
critical / high
KEV added
0
0 ransomware-linked
Nuclei coverage
0.4%
2 CVEs with templates
Time to exploit
How fast the community ships detection after a CVE drops.
Days → Nuclei (median)
6658.3
n=2
Within 7 days
0.0%
Within 30 days
0.0%
Days → KEV (median)
—
n=0
Weakness × Vendor
What's spreading where in December 2007
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
119Memory Buffer Bounds79XSS89SQL Injection264CWE-26422Path Traversal20Improper Input Validation94Code Injection200Information Exposure189CWE-189399CWE-399apple523133microsoft711223sun41hp3111ibm3431hosting controller1811сообщество свободного программного обеспечения411gentoo foundation inc.11111linux111211oracle11runcms111adobe1121
Most discussed CVEs — December 2007
No CVE mentions in the news this month yet.
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #16mit5 CVE
- #18wireshark5 CVE
- #21bcoos4 CVE
- #23real time logic4 CVE
- #24aertherwide3 CVE
- #25badblue3 CVE
- #31falcon3 CVE
- #32flac3 CVE
- #33flat php3 CVE
- #34gadu-gadu3 CVE
Top vendors
Ranked by distinct CVE count this period.
- 26 CVE9 critCVSS 7.4PoC 3mac os x (20) · mac os x server (3) · quicktime (3)
- 17 CVE7 critCVSS 7.7PoC 5internet explorer (5) · ie (4) · windows vista (2)
- 13 CVE2 critCVSS 5.6java system web proxy server (4) · java system web server (4) · solaris (4)
- 12 CVE7 critCVSS 7.9PoC 6quick launch button (3) · info center (3) · openview network node manager (2)
- 12 CVE3 critCVSS 6.4PoC 1hardware management console (3) · lotus notes (2) · tivoli netcool security manager (2)
- 11 CVE1 critCVSS 6.4PoC 11hosting controller (11)
- 8 CVE1 critCVSS 5.2enterprise linux (4) · red hat enterprise linux (4) · enterprise linux desktop (3)
- 7 CVE2 critCVSS 6.6PoC 2gentoo linux (7)
- 7 CVE3 critCVSS 7.2PoC 2debian gnu/linux (7)
- 6 CVECVSS 5.6linux kernel (6)
- 6 CVECVSS 5.0PoC 1mysql (3) · http server (1) · linux (1)
- 6 CVECVSS 6.7PoC 5runcms (6)
- 5 CVE1 critCVSS 6.1flash player (5)
- 5 CVE1 critCVSS 6.3PoC 1clamav (5)
- 5 CVECVSS 6.0org.mortbay.jetty:jetty (3) · org.apache.tomcat:tomcat-juli (1) · net.sf.robocode:robocode.core (1)
- 5 CVE3 critCVSS 8.4NEWkerberos 5 (5)
- 5 CVE1 critCVSS 6.8PoC 1opera browser (5)
- 5 CVECVSS 4.7NEWwireshark (5)
- 5 CVECVSS 5.9PoC 1absolute news manager.net (4) · absolute banner manager.net (1)
- 4 CVECVSS 4.8PoC 1http server (3) · tomcat (1)
- 4 CVECVSS 5.9NEWPoC 2bcoos (3) · event calendar (1)
- 4 CVE1 critCVSS 7.5PoC 1ciscoworks server (1) · firewall services module (1) · ip phone 7940 (1)
- 4 CVECVSS 4.7NEWPoC 2barracudadrive web server (4) · barracudadrive web server home server (4)
- 3 CVE2 critCVSS 8.3NEWexiftags (3)
- 3 CVECVSS 6.7NEWPoC 2badblue (3)
- 3 CVECVSS 5.8PoC 2aqualogic interaction (2) · weblogic mobility server (1)
- 3 CVECVSS 6.2PoC 2bitweaver (3)
- 3 CVECVSS 4.6ubuntu linux (3)
- 3 CVECVSS 3.9debian linux (3)
- 3 CVECVSS 5.4drupal (1) · feature module (1) · shoutbox (1)
- 3 CVECVSS 6.2NEWPoC 3series one cms (3)
- 3 CVE3 critCVSS 9.3NEWlibflac (3)
- 3 CVECVSS 5.0NEWPoC 3board (3)
- 3 CVECVSS 4.3NEWgadu-gadu instant messenger (3)
- 3 CVECVSS 5.2NEWPoC 3gf 3xplorer (3)
- 3 CVECVSS 5.4NEWPoC 1kml (1) · toolbar (1) · web toolkit (1)
- 3 CVECVSS 5.6NEWjetty (3)
- 3 CVECVSS 6.0PoC 2mysql (2) · community server (1) · mysql enterprise server (1)
- 3 CVECVSS 4.8NEWPoC 2openbiblio (3)
- 3 CVE1 critCVSS 7.5NEWPoC 1phprpg (3)
- 3 CVECVSS 4.0linux enterprise desktop (2) · linux enterprise server (2) · linux enterprise software development kit (1)
- 3 CVE1 critCVSS 6.4NEWPoC 1tikiwiki cms\/groupware (3)
- 3 CVECVSS 7.1NEWPoC 3xzero community classifieds (3)
- 2 CVECVSS 7.0NEWPoC 21024 cms (2)
- 2 CVE2 critCVSS 9.3NEWPoC 1mpeg-4 codec (2)
- 2 CVECVSS 7.5NEWPoC 2adultscript (2)
- 2 CVECVSS 5.5NEWPoC 1anon proxy server (2)
- 2 CVECVSS 7.5NEWbeehive forum (2)
- 2 CVECVSS 2.6PoC 1edgesight for endpoints (1) · edgesight for netscaler (1) · edgesight for presentation server (1)
- 2 CVECVSS 4.5NEWPoC 2dokeos (1) · open source learning and knowledge management (1) · open source learning and knowledge management tool (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | apple | 26 | 9 | · | · | PoC 3 | mac os x (20) · mac os x server (3) · quicktime (3) | — | |
| 2 | microsoft | 17 | 7 | · | · | PoC 5 | internet explorer (5) · ie (4) · windows vista (2) | — | |
| 3 | sun | 13 | 2 | · | · | java system web proxy server (4) · java system web server (4) · solaris (4) | — | ||
| 4 | hp | 12 | 7 | · | · | PoC 6 | quick launch button (3) · info center (3) · openview network node manager (2) | — | |
| 5 | ibm | 12 | 3 | · | · | PoC 1 | hardware management console (3) · lotus notes (2) · tivoli netcool security manager (2) | — | |
| 6 | hosting controller | 11 | 1 | · | · | PoC 11 | hosting controller (11) | — | |
| 7 | redhat | 8 | 1 | · | · | enterprise linux (4) · red hat enterprise linux (4) · enterprise linux desktop (3) | — | ||
| 8 | gentoo foundation inc. | 7 | 2 | · | · | PoC 2 | gentoo linux (7) | — | |
| 9 | сообщество свободного программного обеспечения | 7 | 3 | · | · | PoC 2 | debian gnu/linux (7) | — | |
| 10 | linux | 6 | · | · | · | linux kernel (6) | — | ||
| 11 | oracle | 6 | · | · | · | PoC 1 | mysql (3) · http server (1) · linux (1) | — | |
| 12 | runcms | 6 | · | · | · | PoC 5 | runcms (6) | — | |
| 13 | adobe | 5 | 1 | · | · | flash player (5) | — | ||
| 14 | clam anti-virus | 5 | 1 | · | · | PoC 1 | clamav (5) | — | |
| 15 | maven | 5 | · | · | · | org.mortbay.jetty:jetty (3) · org.apache.tomcat:tomcat-juli (1) · net.sf.robocode:robocode.core (1) | — | ||
| 16 | mit | 5 | 3 | · | · | NEW | kerberos 5 (5) | — | |
| 17 | opera | 5 | 1 | · | · | PoC 1 | opera browser (5) | — | |
| 18 | wireshark | 5 | · | · | · | NEW | wireshark (5) | — | |
| 19 | xigla | 5 | · | · | · | PoC 1 | absolute news manager.net (4) · absolute banner manager.net (1) | — | |
| 20 | apache | 4 | · | · | · | PoC 1 | http server (3) · tomcat (1) | — | |
| 21 | bcoos | 4 | · | · | · | NEWPoC 2 | bcoos (3) · event calendar (1) | — | |
| 22 | cisco | 4 | 1 | · | · | PoC 1 | ciscoworks server (1) · firewall services module (1) · ip phone 7940 (1) | — | |
| 23 | real time logic | 4 | · | · | · | NEWPoC 2 | barracudadrive web server (4) · barracudadrive web server home server (4) | — | |
| 24 | aertherwide | 3 | 2 | · | · | NEW | exiftags (3) | — | |
| 25 | badblue | 3 | · | · | · | NEWPoC 2 | badblue (3) | — | |
| 26 | bea | 3 | · | · | · | PoC 2 | aqualogic interaction (2) · weblogic mobility server (1) | — | |
| 27 | bitweaver | 3 | · | · | · | PoC 2 | bitweaver (3) | — | |
| 28 | canonical | 3 | · | · | · | ubuntu linux (3) | — | ||
| 29 | debian | 3 | · | · | · | debian linux (3) | — | ||
| 30 | drupal | 3 | · | · | · | drupal (1) · feature module (1) · shoutbox (1) | — | ||
| 31 | falcon | 3 | · | · | · | NEWPoC 3 | series one cms (3) | — | |
| 32 | flac | 3 | 3 | · | · | NEW | libflac (3) | — | |
| 33 | flat php | 3 | · | · | · | NEWPoC 3 | board (3) | — | |
| 34 | gadu-gadu | 3 | · | · | · | NEW | gadu-gadu instant messenger (3) | — | |
| 35 | gf 3xplorer | 3 | · | · | · | NEWPoC 3 | gf 3xplorer (3) | — | |
| 36 | 3 | · | · | · | NEWPoC 1 | kml (1) · toolbar (1) · web toolkit (1) | — | ||
| 37 | mortbay jetty | 3 | · | · | · | NEW | jetty (3) | — | |
| 38 | mysql | 3 | · | · | · | PoC 2 | mysql (2) · community server (1) · mysql enterprise server (1) | — | |
| 39 | openbiblio | 3 | · | · | · | NEWPoC 2 | openbiblio (3) | — | |
| 40 | phprpg | 3 | 1 | · | · | NEWPoC 1 | phprpg (3) | — | |
| 41 | suse | 3 | · | · | · | linux enterprise desktop (2) · linux enterprise server (2) · linux enterprise software development kit (1) | — | ||
| 42 | tiki | 3 | 1 | · | · | NEWPoC 1 | tikiwiki cms\/groupware (3) | — | |
| 43 | xzero scripts | 3 | · | · | · | NEWPoC 3 | xzero community classifieds (3) | — | |
| 44 | 1024 cms | 2 | · | · | · | NEWPoC 2 | 1024 cms (2) | — | |
| 45 | 3ivx | 2 | 2 | · | · | NEWPoC 1 | mpeg-4 codec (2) | — | |
| 46 | adultscript | 2 | · | · | · | NEWPoC 2 | adultscript (2) | — | |
| 47 | anon proxy server | 2 | · | · | · | NEWPoC 1 | anon proxy server (2) | — | |
| 48 | beehive forum | 2 | · | · | · | NEW | beehive forum (2) | — | |
| 49 | citrix | 2 | · | · | · | PoC 1 | edgesight for endpoints (1) · edgesight for netscaler (1) · edgesight for presentation server (1) | — | |
| 50 | dokeos | 2 | · | · | · | NEWPoC 2 | dokeos (1) · open source learning and knowledge management (1) · open source learning and knowledge management tool (1) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Web & CMS Plugins100 CVE7 crit63 vendorsCVSS 7.4runcms (6) · bcoos (3) · bitweaver (3)
- Operating Systems67 CVE27 crit23 vendorsCVSS 7.7debian gnu/linux (7) · gentoo linux (7) · linux kernel (6)
- Enterprise Software62 CVE21 crit22 vendorsCVSS 9.3hardware management console (3) · info center (3) · quick launch button (3)
- Consumer Software32 CVE12 crit20 vendorsCVSS 9.8imesh (2) · mpeg-4 codec (2) · realplayer (2)
- Mobile Apps29 CVE10 crit2 vendorsCVSS 7.4mac os x (20) · mac os x server (3) · quicktime (3)
- OSS Libraries29 CVE4 crit18 vendorsCVSS 6.4libflac (3) · jfreechart (2) · libexif (2)
- Security Products19 CVE3 crit9 vendorsCVSS 7.5clamav (5) · avast antivirus home (1) · avast antivirus professional (1)
- Communications17 CVE1 crit13 vendorsCVSS 10.0atmail webmail system (1) · open newsletter (1) · qk smtp server 3 (1)
- 2 crit12 vendorsCVSS 7.5admin (1) · n95 (1) · shttpd (1)
- Databases8 CVE3 vendorsCVSS 5.4mysql (5) · community server (1) · database server (1)
- Cloud & SaaS6 CVE5 vendorsCVSS 7.2edgesight for endpoints (1) · edgesight for netscaler (1) · edgesight for presentation server (1)
- ICS / OT / IoT1 CVE1 crit1 vendorsCVSS 9.0deluxebb (1)
- DevTools & CI1 CVE1 vendorsCVSS 7.8p4web (1)
- Hardware Firmware1 CVE1 vendorsCVSS 5.0pro wireless 3945abg (1) · wireless wifi link 4965agn (1)
- Unclassified43 CVE7 crit34 vendorsCVSS 6.9gf 3xplorer (3) · xzero community classifieds (3) · 1024 cms (2)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Web & CMS Plugins▸ 6 | 100 | 7 | · | 63 | 72 | 7.4 | runcms (6) · bcoos (3) · bitweaver (3) |
| Operating Systems▸ 3 | 67 | 27 | · | 23 | 57 | 7.7 | debian gnu/linux (7) · gentoo linux (7) · linux kernel (6) |
| Enterprise Software▸ 5 | 62 | 21 | · | 22 | 46 | 9.3 | hardware management console (3) · info center (3) · quick launch button (3) |
| Consumer Software▸ 5 | 32 | 12 | · | 20 | 22 | 9.8 | imesh (2) · mpeg-4 codec (2) · realplayer (2) |
| Mobile Apps▸ 2 | 29 | 10 | · | 2 | 7 | 7.4 | mac os x (20) · mac os x server (3) · quicktime (3) |
| OSS Libraries▸ 3 | 29 | 4 | · | 18 | 19 | 6.4 | libflac (3) · jfreechart (2) · libexif (2) |
| Security Products▸ 5 | 19 | 3 | · | 9 | 17 | 7.5 | clamav (5) · avast antivirus home (1) · avast antivirus professional (1) |
| Communications▸ 4 | 17 | 1 | · | 13 | 14 | 10.0 | atmail webmail system (1) · open newsletter (1) · qk smtp server 3 (1) |
| Networking Infrastructure▸ 5 | 16 | 2 | · | 12 | 15 | 7.5 | admin (1) · n95 (1) · shttpd (1) |
| Databases▸ 1 | 8 | · | · | 3 | 8 | 5.4 | mysql (5) · community server (1) · database server (1) |
| Cloud & SaaS▸ 2 | 6 | · | · | 5 | 8 | 7.2 | edgesight for endpoints (1) · edgesight for netscaler (1) · edgesight for presentation server (1) |
| ICS / OT / IoT▸ 1 | 1 | 1 | · | 1 | 1 | 9.0 | deluxebb (1) |
| DevTools & CI▸ 1 | 1 | · | · | 1 | 1 | 7.8 | p4web (1) |
| Hardware Firmware▸ 1 | 1 | · | · | 1 | 2 | 5.0 | pro wireless 3945abg (1) · wireless wifi link 4965agn (1) |
| Unclassified | 43 | 7 | · | 34 | 34 | 6.9 | gf 3xplorer (3) · xzero community classifieds (3) · 1024 cms (2) |
Weakness × Sector
Which weaknesses hit which solution categories in December 2007
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.
119Memory Buffer Bounds79XSS89SQL Injection264CWE-26422Path Traversal20Improper Input Validation94Code Injection200Information Exposure189CWE-189399CWE-399Web & CMS Plugins2203841741221Operating Systems1828132585Enterprise Software6128113326Consumer Software14613273335OSS Libraries4643452111Networking Infrastructure710313222Communications531112Security Products4211122Databases1211Hardware Firmware1211