February 2008
February 2008 closed with 539 published CVEs — -14.8% YoY . 79 criticals, joomla led volume, mostly via joomla. Biggest breakout: joomla at ×13.0 their 12-month median. Top weakness class — CWE-89 (121 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
February 2008 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 2adobe10 CVE
What's spreading where in February 2008
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — February 2008
Breakout vendors
CVE count ≥3× their own 12-period median.
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #6bea systems12 CVE
- #15double-take software7 CVE
- #21shoppingtree6 CVE
- #25cacti4 CVE
- #26dmsguestbook project4 CVE
- #29itechscripts4 CVE
- #36caroline3 CVE
- #43radio toolbox3 CVE
- #44spyce3 CVE
- #45tintin3 CVE
Top vendors
Ranked by distinct CVE count this period.
- 39 CVECVSS 7.5×13.0PoC 29joomla (3) · com astatspro (2) · com downloads (2)
- 23 CVECVSS 7.5×7.7PoC 17mambo (3) · com downloads (2) · com detail (1)
- 20 CVE4 critCVSS 6.8aix (6) · db2 (5) · websphere application server (2)
- 18 CVE13 critCVSS 8.9PoC 2office (7) · works (3) · internet explorer (3)
- 14 CVE4 critCVSS 6.2firefox (13) · seamonkey (11) · thunderbird (8)
- 12 CVECVSS 5.4NEWweblogic portal (5) · weblogic server (3) · aqualogic interaction (2)
- 11 CVE2 critCVSS 6.6PoC 3mac os x (5) · iphoto (2) · quicktime (1)
- 10 CVE5 critCVSS 8.5×3.3KEV 2acrobat reader (6) · acrobat (5) · connect enterprise server (3)
- 10 CVECVSS 5.4weblogic server (9) · weblogic workshop (2)
- 10 CVECVSS 6.4Nuclei 10PoC 6sniplets plugin (3) · wordspew (1) · dean logan wp-people plugin (1)
- 10 CVECVSS 6.5PoC 6xoops (3) · tiny event module (1) · xm-memberstats (1)
- 8 CVE1 critCVSS 6.6PoC 1solaris (6) · jdk (2) · jre (2)
- 8 CVE4 critCVSS 7.3PoC 2scan engine (2) · backup exec for windows server (2) · symantec antivirus filtering domino mpe (2)
- 7 CVE4 critCVSS 8.8session initiation protocol \(sip\) firmware (6) · skinny client control protocol \(sccp\) firmware (6) · unified callmanager (1)
- 7 CVECVSS 5.4NEWdouble-take (7)
- 7 CVE2 critCVSS 6.6project issue tracking module (2) · secure site module (1) · userpoints module (1)
- 7 CVE1 critCVSS 7.2storageworks double-take (3) · storage essentials srm standard (1) · virtual rooms (1)
- 6 CVECVSS 4.0×3.0liferay enterprise portal (6)
- 6 CVE3 critCVSS 6.7client (2) · challenge response client (1) · groupwise (1)
- 6 CVECVSS 7.1PoC 5book (1) · easycontent module (1) · kose yazilari module (1)
- 6 CVECVSS 6.5NEWPoC 5candypress store (6)
- 5 CVECVSS 4.9PoC 1tomcat (3) · mod jk (1) · geronimo (1)
- 5 CVECVSS 4.6PoC 4linux kernel (5)
- 5 CVE1 critCVSS 5.9PoC 1debian gnu/linux (5)
- 4 CVECVSS 5.3NEW×4.0PoC 1cacti (4)
- 4 CVECVSS 4.8NEWNuclei 4PoC 3dmsguestbook (4)
- 4 CVE1 critCVSS 7.9PoC 2gentoo linux (4)
- 4 CVECVSS 4.5PoC 2instant messaging (3) · imserver (2) · ws ftp (1)
- 4 CVECVSS 6.7NEWPoC 2itechbids (2) · itechclassifieds (2)
- 4 CVECVSS 4.8PoC 1org.apache.tomcat:tomcat (3) · org.opencms:opencms-core (1)
- 4 CVE1 critCVSS 7.0PoC 1mplayer (4)
- 4 CVECVSS 5.5weblogic portal (4)
- 4 CVECVSS 7.5PoC 4inhalt module (1) · manuales (1) · nukec module (1)
- 4 CVECVSS 6.5enterprise linux (2) · red hat enterprise linux (2) · enterprise linux desktop (1)
- 3 CVECVSS 6.4×3.0PoC 2aeries student information system (3)
- 3 CVE1 critCVSS 7.3NEWcaroline (3)
- 3 CVE1 critCVSS 8.1×3.0kerio mailserver (3) · avg plugin (1)
- 3 CVECVSS 4.5PoC 1moinmoin (3)
- 3 CVECVSS 7.0surgemail (2) · webmail (1) · surgeftp (1)
- 3 CVECVSS 6.6PoC 1openbsd (3)
- 3 CVECVSS 6.0opera browser (3)
- 3 CVECVSS 4.5PoC 1moin (3)
- 3 CVE1 critCVSS 6.7NEWPoC 1steamcast (3)
- 3 CVECVSS 5.5NEWPoC 1spyce (3)
- 3 CVE1 critCVSS 7.5NEWtintin\+\+ (3) · wintin\+\+ (3)
- 3 CVECVSS 4.7wireshark (3)
- 3 CVECVSS 4.3PoC 3music jukebox (3)
- 2 CVECVSS 5.9PoC 2a-blog (2)
- 2 CVECVSS 7.2NEWPoC 2all club cms (2)
- 2 CVECVSS 4.3PoC 1artmedic weblog (2)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | joomla | 39 | · | · | · | ×13.0PoC 29 | joomla (3) · com astatspro (2) · com downloads (2) | — | |
| 2 | mambo | 23 | · | · | · | ×7.7PoC 17 | mambo (3) · com downloads (2) · com detail (1) | — | |
| 3 | ibm | 20 | 4 | · | · | aix (6) · db2 (5) · websphere application server (2) | — | ||
| 4 | microsoft | 18 | 13 | · | · | PoC 2 | office (7) · works (3) · internet explorer (3) | — | |
| 5 | mozilla | 14 | 4 | · | · | firefox (13) · seamonkey (11) · thunderbird (8) | — | ||
| 6 | bea systems | 12 | · | · | · | NEW | weblogic portal (5) · weblogic server (3) · aqualogic interaction (2) | — | |
| 7 | apple | 11 | 2 | · | · | PoC 3 | mac os x (5) · iphoto (2) · quicktime (1) | — | |
| 8 | adobe | 10 | 5 | 2 | · | ×3.3KEV 2 | acrobat reader (6) · acrobat (5) · connect enterprise server (3) | — | |
| 9 | bea | 10 | · | · | · | weblogic server (9) · weblogic workshop (2) | — | ||
| 10 | wordpress | 10 | · | · | 10 | Nuclei 10PoC 6 | sniplets plugin (3) · wordspew (1) · dean logan wp-people plugin (1) | — | |
| 11 | xoops | 10 | · | · | · | PoC 6 | xoops (3) · tiny event module (1) · xm-memberstats (1) | — | |
| 12 | sun | 8 | 1 | · | · | PoC 1 | solaris (6) · jdk (2) · jre (2) | — | |
| 13 | symantec | 8 | 4 | · | · | PoC 2 | scan engine (2) · backup exec for windows server (2) · symantec antivirus filtering domino mpe (2) | — | |
| 14 | cisco | 7 | 4 | · | · | session initiation protocol \(sip\) firmware (6) · skinny client control protocol \(sccp\) firmware (6) · unified callmanager (1) | — | ||
| 15 | double-take software | 7 | · | · | · | NEW | double-take (7) | — | |
| 16 | drupal | 7 | 2 | · | · | project issue tracking module (2) · secure site module (1) · userpoints module (1) | — | ||
| 17 | hp | 7 | 1 | · | · | storageworks double-take (3) · storage essentials srm standard (1) · virtual rooms (1) | — | ||
| 18 | liferay | 6 | · | · | · | ×3.0 | liferay enterprise portal (6) | — | |
| 19 | novell | 6 | 3 | · | · | client (2) · challenge response client (1) · groupwise (1) | — | ||
| 20 | phpnuke | 6 | · | · | · | PoC 5 | book (1) · easycontent module (1) · kose yazilari module (1) | — | |
| 21 | shoppingtree | 6 | · | · | · | NEWPoC 5 | candypress store (6) | — | |
| 22 | apache | 5 | · | · | · | PoC 1 | tomcat (3) · mod jk (1) · geronimo (1) | — | |
| 23 | linux | 5 | · | · | · | PoC 4 | linux kernel (5) | — | |
| 24 | сообщество свободного программного обеспечения | 5 | 1 | · | · | PoC 1 | debian gnu/linux (5) | — | |
| 25 | cacti | 4 | · | · | · | NEW×4.0PoC 1 | cacti (4) | — | |
| 26 | dmsguestbook project | 4 | · | · | 4 | NEWNuclei 4PoC 3 | dmsguestbook (4) | — | |
| 27 | gentoo foundation inc. | 4 | 1 | · | · | PoC 2 | gentoo linux (4) | — | |
| 28 | ipswitch | 4 | · | · | · | PoC 2 | instant messaging (3) · imserver (2) · ws ftp (1) | — | |
| 29 | itechscripts | 4 | · | · | · | NEWPoC 2 | itechbids (2) · itechclassifieds (2) | — | |
| 30 | maven | 4 | · | · | · | PoC 1 | org.apache.tomcat:tomcat (3) · org.opencms:opencms-core (1) | — | |
| 31 | mplayer | 4 | 1 | · | · | PoC 1 | mplayer (4) | — | |
| 32 | oracle | 4 | · | · | · | weblogic portal (4) | — | ||
| 33 | php-nuke | 4 | · | · | · | PoC 4 | inhalt module (1) · manuales (1) · nukec module (1) | — | |
| 34 | redhat | 4 | · | · | · | enterprise linux (2) · red hat enterprise linux (2) · enterprise linux desktop (1) | — | ||
| 35 | aeries | 3 | · | · | · | ×3.0PoC 2 | aeries student information system (3) | — | |
| 36 | caroline | 3 | 1 | · | · | NEW | caroline (3) | — | |
| 37 | kerio | 3 | 1 | · | · | ×3.0 | kerio mailserver (3) · avg plugin (1) | — | |
| 38 | moinmoin | 3 | · | · | · | PoC 1 | moinmoin (3) | — | |
| 39 | netwin | 3 | · | · | · | surgemail (2) · webmail (1) · surgeftp (1) | — | ||
| 40 | openbsd | 3 | · | · | · | PoC 1 | openbsd (3) | — | |
| 41 | opera | 3 | · | · | · | opera browser (3) | — | ||
| 42 | pypi | 3 | · | · | · | PoC 1 | moin (3) | — | |
| 43 | radio toolbox | 3 | 1 | · | · | NEWPoC 1 | steamcast (3) | — | |
| 44 | spyce | 3 | · | · | · | NEWPoC 1 | spyce (3) | — | |
| 45 | tintin | 3 | 1 | · | · | NEW | tintin\+\+ (3) · wintin\+\+ (3) | — | |
| 46 | wireshark | 3 | · | · | · | wireshark (3) | — | ||
| 47 | yahoo | 3 | · | · | · | PoC 3 | music jukebox (3) | — | |
| 48 | a-blog | 2 | · | · | · | PoC 2 | a-blog (2) | — | |
| 49 | all club cms | 2 | · | · | · | NEWPoC 2 | all club cms (2) | — | |
| 50 | artmedic webdesign | 2 | · | · | · | PoC 1 | artmedic weblog (2) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Web & CMS Plugins189 CVE9 crit85 vendorsCVSS 6.8liferay enterprise portal (6) · com downloads (4) · joomla (4)
- Enterprise Software74 CVE14 crit22 vendorsCVSS 8.6aix (6) · db2 (5) · cacti (4)
- Operating Systems57 CVE31 crit18 vendorsCVSS 8.9debian gnu/linux (5) · linux kernel (5) · gentoo linux (4)
- Consumer Software47 CVE35 crit4 KEV19 vendorsCVSS 10.0firefox (13) · seamonkey (11) · thunderbird (8)
- Security Products32 CVE8 crit17 vendorsCVSS 7.5backup exec for windows server (2) · clamav (2) · f-secure anti-virus (2)
- Communications19 CVE3 crit14 vendorsCVSS 5.8music jukebox (3) · skype (2) · crafty syntax live help (1)
- 10 crit9 vendorsCVSS 8.7session initiation protocol \(sip\) firmware (6) · skinny client control protocol \(sccp\) firmware (6) · routeros (1)
- OSS Libraries16 CVE11 vendorsCVSS 7.0bubbling library (1) · dbus (1) · domphp (1)
- Mobile Apps11 CVE2 crit1 vendorsCVSS 6.6mac os x (5) · iphoto (2) · mail (1)
- Databases7 CVE2 crit3 vendorsCVSS 6.5weblogic portal (4) · mobilink (1) · mysql (1)
- Hardware Firmware5 CVE6 crit4 vendorsCVSS 10.0cyanprintip basic (2) · cyanprintip easy opi (2) · cyanprintip professional (2)
- Cloud & SaaS2 CVE2 crit2 vendorsCVSS 10.0h-sphere (1) · sitestudio (1)
- DevTools & CI1 CVE1 vendorsCVSS 4.3usermin (1) · webmin (1)
- Unclassified66 CVE5 crit43 vendorsCVSS 5.8weblogic portal (5) · dmsguestbook (4) · caroline (3)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Web & CMS Plugins▸ 5 | 189 | 9 | · | 85 | 156 | 6.8 | liferay enterprise portal (6) · com downloads (4) · joomla (4) |
| Enterprise Software▸ 6 | 74 | 14 | · | 22 | 46 | 8.6 | aix (6) · db2 (5) · cacti (4) |
| Operating Systems▸ 3 | 57 | 31 | · | 18 | 44 | 8.9 | debian gnu/linux (5) · linux kernel (5) · gentoo linux (4) |
| Consumer Software▸ 5 | 47 | 35 | 4 | 19 | 29 | 10.0 | firefox (13) · seamonkey (11) · thunderbird (8) |
| Security Products▸ 6 | 32 | 8 | · | 17 | 50 | 7.5 | backup exec for windows server (2) · clamav (2) · f-secure anti-virus (2) |
| Communications▸ 3 | 19 | 3 | · | 14 | 19 | 5.8 | music jukebox (3) · skype (2) · crafty syntax live help (1) |
| Networking Infrastructure▸ 5 | 17 | 10 | · | 9 | 14 | 8.7 | session initiation protocol \(sip\) firmware (6) · skinny client control protocol \(sccp\) firmware (6) · routeros (1) |
| OSS Libraries▸ 3 | 16 | · | · | 11 | 12 | 7.0 | bubbling library (1) · dbus (1) · domphp (1) |
| Mobile Apps▸ 1 | 11 | 2 | · | 1 | 6 | 6.6 | mac os x (5) · iphoto (2) · mail (1) |
| Databases▸ 1 | 7 | 2 | · | 3 | 5 | 6.5 | weblogic portal (4) · mobilink (1) · mysql (1) |
| Hardware Firmware▸ 2 | 5 | 6 | · | 4 | 25 | 10.0 | cyanprintip basic (2) · cyanprintip easy opi (2) · cyanprintip professional (2) |
| Cloud & SaaS▸ 2 | 2 | 2 | · | 2 | 7 | 10.0 | h-sphere (1) · sitestudio (1) |
| DevTools & CI▸ 1 | 1 | · | · | 1 | 2 | 4.3 | usermin (1) · webmin (1) |
| Unclassified | 66 | 5 | · | 43 | 60 | 5.8 | weblogic portal (5) · dmsguestbook (4) · caroline (3) |
Which weaknesses hit which solution categories in February 2008
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.