November 2008
November 2008 closed with 433 published CVEs — -10.9% YoY . 92 criticals, debian led volume, mostly via debian linux. Biggest breakout: debian at ×9.5 their 12-month median. Top weakness class — CWE-59 (85 CVE). 10 vendors cracked the top-100 for the first time.
Time to exploit
How fast the community ships detection after a CVE drops.
KEV pressure, no Nuclei coverage
November 2008 · vendors with active exploitation listed by CISA but no public detection template.
- KEV 1adobe17 CVE
- KEV 1novell inc.3 CVE
What's spreading where in November 2008
Cells shaded by share of vendor's hottest weakness. Click any cell to open the CWE history.
Most discussed CVEs — November 2008
Breakout vendors
CVE count ≥3× their own 12-period median.
First time in top-100
Vendors never in top-100 in the prior 24 periods.
- #4xine16 CVE
- #13yourfreeworld8 CVE
- #15easysitenetwork5 CVE
- #18mw6 technologies4 CVE
- #19ocean12 technologies4 CVE
- #20planetluc4 CVE
- #24clientsoftware3 CVE
- #29otmanager3 CVE
- #32typosphere3 CVE
- #34castillocentral2 CVE
Top vendors
Ranked by distinct CVE count this period.
- 19 CVE5 critCVSS 7.5×9.5PoC 4debian linux (12) · dpkg-cross (1) · initramfs-tools (1)
- 19 CVE7 critCVSS 7.7PoC 2debian gnu/linux (19)
- 17 CVE5 critCVSS 7.3×4.9KEV 1PoC 1acrobat (7) · flash player (7) · acrobat reader (7)
- 16 CVE7 critCVSS 6.9NEWxine-lib (12) · xine (4)
- 14 CVE7 critCVSS 8.1×5.6PoC 1firefox (14) · seamonkey (12) · thunderbird (9)
- 14 CVE2 critCVSS 5.4java system identity manager (5) · solaris (3) · opensolaris (3)
- 13 CVE3 critCVSS 5.9PoC 2iphone os (8) · safari (6) · cups (2)
- 13 CVE3 critCVSS 6.3PoC 3office communicator (3) · windows vista (3) · windows 2000 (3)
- 11 CVE5 critCVSS 8.1×5.5PoC 1ubuntu linux (11)
- 11 CVE8 critCVSS 8.0×4.4edirectory (5) · iprint (3) · identity manager roles based provisioning module (1)
- 9 CVE1 critCVSS 7.3PoC 1linux kernel (9)
- 8 CVE8 critCVSS 10.0×4.0serverprotect (8)
- 8 CVECVSS 7.5NEWPoC 8blog blaster script (1) · autoresponder hosting script (1) · classifieds blaster script (1)
- 7 CVE3 critCVSS 8.1gentoo linux (7)
- 5 CVECVSS 7.5NEWPoC 5cheats complete website (1) · drinks complete website (1) · jokes complete website (1)
- 5 CVECVSS 3.9hardware management console (1) · lotus (1) · metrica service assurance framework (1)
- 4 CVE2 critCVSS 8.1openvms (1) · service manager (1) · system management homepage (1)
- 4 CVE4 critCVSS 9.0NEWPoC 41d barcode decoder activex (1) · aztec activex (1) · datamatrix activex (1)
- 4 CVECVSS 5.0NEWPoC 1calendar manager (1) · contact manager (1) · membership manager pro (1)
- 4 CVECVSS 4.9NEWrateme (2) · mygallery (1) · signme (1)
- 4 CVE1 critCVSS 6.9PoC 1red hat enterprise linux (3) · enterprise linux desktop (2) · enterprise linux (2)
- 3 CVECVSS 7.5PoC 3aj article (1) · aj auction (1) · zeuscart (1)
- 3 CVECVSS 7.0PoC 2ios (2) · vpn client (1) · catos (1)
- 3 CVE2 critCVSS 8.9NEWPoC 1wincome mpd total (2) · wincom mpd total (1)
- 3 CVE1 critCVSS 8.3PoC 3com datsogallery (1) · com rssreader (1) · com xewebtv (1)
- 3 CVECVSS 5.6mybb (3)
- 3 CVECVSS 7.6KEV 1PoC 1suse linux enterprise (2) · opensuse (1)
- 3 CVE1 critCVSS 7.6PoC 1opensuse (3)
- 3 CVE1 critCVSS 7.3NEWPoC 3otmanager cms (2) · otmanager (1)
- 3 CVECVSS 7.5PoC 3the kroax module (1) · freshlinks module (1) · php-fusion (1)
- 3 CVE1 critCVSS 8.0linux enterprise server (2) · linux enterprise (1) · linux enterprise debuginfo (1)
- 3 CVECVSS 5.9NEWtypo (3)
- 2 CVECVSS 5.9triolive (2)
- 2 CVECVSS 6.8NEWPoC 2ccleague (2)
- 2 CVECVSS 6.8NEWinteract (2)
- 2 CVECVSS 3.7PoC 1desktop server (1) · deterministic network enhancer (1) · presentation server (1)
- 2 CVECVSS 5.9NEWPoC 2clanlite (2)
- 2 CVECVSS 6.9NEWPoC 1flamethrower (1) · systemimager-server (1)
- 2 CVECVSS 7.2NEWPoC 1vmbuilder (2)
- 2 CVECVSS 7.5NEWPoC 2membership system (1) · news and article system (1)
- 2 CVE1 critCVSS 7.6fedora (2)
- 2 CVECVSS 7.0freebsd (1) · freebsd-sendpr (1)
- 2 CVECVSS 6.3NEWgeshi (2)
- 2 CVECVSS 7.2NEWPoC 1anti-keylogger elite (1) · anti-trojan elite (1)
- 2 CVE1 critCVSS 7.5NEWsami ftp server (2)
- 2 CVECVSS 4.3NEWPoC 1kmita catalogue (1) · kmita gallery (1)
- 2 CVECVSS 5.5NEWPoC 1logz (2)
- 2 CVECVSS 7.5NEWPoC 2php shop (2)
- 2 CVE1 critCVSS 7.2NEWPoC 2modernbill (2)
- 2 CVECVSS 7.5NEWPoC 2pizza script (1) · rental script (1)
| # | Vendor | CVEs | Crit | KEV | Nuclei | Signals | Top products | Δ | |
|---|---|---|---|---|---|---|---|---|---|
| 1 | debian | 19 | 5 | · | · | ×9.5PoC 4 | debian linux (12) · dpkg-cross (1) · initramfs-tools (1) | — | |
| 2 | сообщество свободного программного обеспечения | 19 | 7 | · | · | PoC 2 | debian gnu/linux (19) | — | |
| 3 | adobe | 17 | 5 | 1 | · | ×4.9KEV 1PoC 1 | acrobat (7) · flash player (7) · acrobat reader (7) | — | |
| 4 | xine | 16 | 7 | · | · | NEW | xine-lib (12) · xine (4) | — | |
| 5 | mozilla | 14 | 7 | · | · | ×5.6PoC 1 | firefox (14) · seamonkey (12) · thunderbird (9) | — | |
| 6 | sun | 14 | 2 | · | · | java system identity manager (5) · solaris (3) · opensolaris (3) | — | ||
| 7 | apple | 13 | 3 | · | · | PoC 2 | iphone os (8) · safari (6) · cups (2) | — | |
| 8 | microsoft | 13 | 3 | · | · | PoC 3 | office communicator (3) · windows vista (3) · windows 2000 (3) | — | |
| 9 | canonical | 11 | 5 | · | · | ×5.5PoC 1 | ubuntu linux (11) | — | |
| 10 | novell | 11 | 8 | · | · | ×4.4 | edirectory (5) · iprint (3) · identity manager roles based provisioning module (1) | — | |
| 11 | linux | 9 | 1 | · | · | PoC 1 | linux kernel (9) | — | |
| 12 | trendmicro | 8 | 8 | · | · | ×4.0 | serverprotect (8) | — | |
| 13 | yourfreeworld | 8 | · | · | · | NEWPoC 8 | blog blaster script (1) · autoresponder hosting script (1) · classifieds blaster script (1) | — | |
| 14 | gentoo foundation inc. | 7 | 3 | · | · | gentoo linux (7) | — | ||
| 15 | easysitenetwork | 5 | · | · | · | NEWPoC 5 | cheats complete website (1) · drinks complete website (1) · jokes complete website (1) | — | |
| 16 | ibm | 5 | · | · | · | hardware management console (1) · lotus (1) · metrica service assurance framework (1) | — | ||
| 17 | hp | 4 | 2 | · | · | openvms (1) · service manager (1) · system management homepage (1) | — | ||
| 18 | mw6 technologies | 4 | 4 | · | · | NEWPoC 4 | 1d barcode decoder activex (1) · aztec activex (1) · datamatrix activex (1) | — | |
| 19 | ocean12 technologies | 4 | · | · | · | NEWPoC 1 | calendar manager (1) · contact manager (1) · membership manager pro (1) | — | |
| 20 | planetluc | 4 | · | · | · | NEW | rateme (2) · mygallery (1) · signme (1) | — | |
| 21 | redhat | 4 | 1 | · | · | PoC 1 | red hat enterprise linux (3) · enterprise linux desktop (2) · enterprise linux (2) | — | |
| 22 | aj square | 3 | · | · | · | PoC 3 | aj article (1) · aj auction (1) · zeuscart (1) | — | |
| 23 | cisco | 3 | · | · | · | PoC 2 | ios (2) · vpn client (1) · catos (1) | — | |
| 24 | clientsoftware | 3 | 2 | · | · | NEWPoC 1 | wincome mpd total (2) · wincom mpd total (1) | — | |
| 25 | joomla | 3 | 1 | · | · | PoC 3 | com datsogallery (1) · com rssreader (1) · com xewebtv (1) | — | |
| 26 | mybb | 3 | · | · | · | mybb (3) | — | ||
| 27 | novell inc. | 3 | · | 1 | · | KEV 1PoC 1 | suse linux enterprise (2) · opensuse (1) | — | |
| 28 | opensuse | 3 | 1 | · | · | PoC 1 | opensuse (3) | — | |
| 29 | otmanager | 3 | 1 | · | · | NEWPoC 3 | otmanager cms (2) · otmanager (1) | — | |
| 30 | php-fusion | 3 | · | · | · | PoC 3 | the kroax module (1) · freshlinks module (1) · php-fusion (1) | — | |
| 31 | suse | 3 | 1 | · | · | linux enterprise server (2) · linux enterprise (1) · linux enterprise debuginfo (1) | — | ||
| 32 | typosphere | 3 | · | · | · | NEW | typo (3) | — | |
| 33 | activecampaign | 2 | · | · | · | triolive (2) | — | ||
| 34 | castillocentral | 2 | · | · | · | NEWPoC 2 | ccleague (2) | — | |
| 35 | cce-interact | 2 | · | · | · | NEW | interact (2) | — | |
| 36 | citrix | 2 | · | · | · | PoC 1 | desktop server (1) · deterministic network enhancer (1) · presentation server (1) | — | |
| 37 | clanlite | 2 | · | · | · | NEWPoC 2 | clanlite (2) | — | |
| 38 | dann frazier | 2 | · | · | · | NEWPoC 1 | flamethrower (1) · systemimager-server (1) | — | |
| 39 | dcgrendel | 2 | · | · | · | NEWPoC 1 | vmbuilder (2) | — | |
| 40 | develop it easy | 2 | · | · | · | NEWPoC 2 | membership system (1) · news and article system (1) | — | |
| 41 | fedoraproject | 2 | 1 | · | · | fedora (2) | — | ||
| 42 | freebsd | 2 | · | · | · | freebsd (1) · freebsd-sendpr (1) | — | ||
| 43 | geshi | 2 | · | · | · | NEW | geshi (2) | — | |
| 44 | isecsoft | 2 | · | · | · | NEWPoC 1 | anti-keylogger elite (1) · anti-trojan elite (1) | — | |
| 45 | karjasoft | 2 | 1 | · | · | NEW | sami ftp server (2) | — | |
| 46 | kkeim | 2 | · | · | · | NEWPoC 1 | kmita catalogue (1) · kmita gallery (1) | — | |
| 47 | logz | 2 | · | · | · | NEWPoC 1 | logz (2) | — | |
| 48 | maran | 2 | · | · | · | NEWPoC 2 | php shop (2) | — | |
| 49 | modernbill | 2 | 1 | · | · | NEWPoC 2 | modernbill (2) | — | |
| 50 | mole group | 2 | · | · | · | NEWPoC 2 | pizza script (1) · rental script (1) | — |
Sectors
Solution categories ranked by distinct CVE count this period.
- Web & CMS Plugins95 CVE4 crit63 vendorsCVSS 7.5rateme (2) · syndeocms (2) · the rat cms (2)
- Operating Systems88 CVE49 crit1 KEV24 vendorsCVSS 7.7debian gnu/linux (19) · debian linux (12) · ubuntu linux (11)
- Consumer Software63 CVE44 crit4 KEV17 vendorsCVSS 9.3xine-lib (12) · xine (4) · vlc media player (2)
- Enterprise Software30 CVE6 crit16 vendorsCVSS 10.0monitor (2) · nagios (2) · netrisk (2)
- OSS Libraries22 CVE5 crit20 vendorsCVSS 7.6geshi (2) · libxml (2) · apertium (1)
- Security Products17 CVE10 crit8 vendorsCVSS 9.3serverprotect (8) · anti-keylogger elite (1) · anti-trojan elite (1)
- Mobile Apps13 CVE4 crit1 vendorsCVSS 5.9iphone os (8) · safari (6) · cups (2)
- 7 crit11 vendorsCVSS 7.4sami ftp server (2) · air marshal (1) · emerald (1)
- DevTools & CI8 CVE1 crit6 vendorsCVSS 7.3vmbuilder (2) · flamethrower (1) · gccxml (1)
- Communications6 CVE2 crit5 vendorsCVSS 7.5imap toolkit (2) · alpine (1) · dovecot (1)
- Cloud & SaaS5 CVE2 crit3 vendorsCVSS 6.9esx (2) · esxi (2) · ace (1)
- ICS / OT / IoT3 CVE1 crit1 vendorsCVSS 7.3otmanager cms (2) · otmanager (1)
- Databases2 CVE2 KEV2 vendorsCVSS 6.6solaris (2) · glassfish server (1)
- Hardware Firmware2 CVE2 vendorsCVSS 7.5docushare (1)
- Unclassified59 CVE10 crit46 vendorsCVSS 7.0typo (3) · article publisher pro (2) · ccleague (2)
| Sector | CVEs | Crit | KEV | Vendors | Products | Avg CVSS | Top products |
|---|---|---|---|---|---|---|---|
| Web & CMS Plugins▸ 5 | 95 | 4 | · | 63 | 85 | 7.5 | rateme (2) · syndeocms (2) · the rat cms (2) |
| Operating Systems▸ 3 | 88 | 49 | 1 | 24 | 77 | 7.7 | debian gnu/linux (19) · debian linux (12) · ubuntu linux (11) |
| Consumer Software▸ 5 | 63 | 44 | 4 | 17 | 27 | 9.3 | xine-lib (12) · xine (4) · vlc media player (2) |
| Enterprise Software▸ 6 | 30 | 6 | · | 16 | 26 | 10.0 | monitor (2) · nagios (2) · netrisk (2) |
| OSS Libraries▸ 4 | 22 | 5 | · | 20 | 21 | 7.6 | geshi (2) · libxml (2) · apertium (1) |
| Security Products▸ 4 | 17 | 10 | · | 8 | 10 | 9.3 | serverprotect (8) · anti-keylogger elite (1) · anti-trojan elite (1) |
| Mobile Apps▸ 1 | 13 | 4 | · | 1 | 5 | 5.9 | iphone os (8) · safari (6) · cups (2) |
| Networking Infrastructure▸ 4 | 13 | 7 | · | 11 | 20 | 7.4 | sami ftp server (2) · air marshal (1) · emerald (1) |
| DevTools & CI▸ 2 | 8 | 1 | · | 6 | 7 | 7.3 | vmbuilder (2) · flamethrower (1) · gccxml (1) |
| Communications▸ 2 | 6 | 2 | · | 5 | 6 | 7.5 | imap toolkit (2) · alpine (1) · dovecot (1) |
| Cloud & SaaS▸ 2 | 5 | 2 | · | 3 | 10 | 6.9 | esx (2) · esxi (2) · ace (1) |
| ICS / OT / IoT▸ 1 | 3 | 1 | · | 1 | 2 | 7.3 | otmanager cms (2) · otmanager (1) |
| Databases▸ 1 | 2 | · | 2 | 2 | 2 | 6.6 | solaris (2) · glassfish server (1) |
| Hardware Firmware▸ 2 | 2 | · | · | 2 | 2 | 7.5 | docushare (1) |
| Unclassified | 59 | 10 | · | 46 | 51 | 7.0 | typo (3) · article publisher pro (2) · ccleague (2) |
Which weaknesses hit which solution categories in November 2008
Cells shaded by share of the sector's hottest weakness. Click a row to open the sector history.