CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 3370 2 5 143 16 384 636 169 819 19 1177 7.70 0 0 4 0 11 19 5 24 1 35
2 Oracle 2257 2 40 113 175 615 472 210 225 8 397 6.40 0 2 5 8 27 21 9 10 0 18
3 Apple 2222 1 27 129 24 344 307 444 400 9 537 7.10 0 1 6 1 15 14 20 18 0 24
4 IBM 1973 2 32 81 135 488 346 194 372 14 309 6.50 0 2 4 7 25 18 10 19 1 16
5 Cisco 1717 1 2 28 19 232 375 189 620 24 227 7.20 0 0 2 1 14 22 11 36 1 13
6 SUN 1581 3 25 103 35 295 276 115 415 3 311 6.90 0 2 7 2 19 17 7 26 0 20
7 Mozilla 1304 4 67 6 236 250 111 162 1 467 7.40 0 0 5 0 18 19 9 12 0 36
8 Linux 1179 1 78 196 35 390 102 110 239 3 25 5.40 0 7 17 3 33 9 9 20 0 2
9 HP 1109 1 8 44 18 208 150 83 281 15 301 7.30 0 1 4 2 19 14 7 25 1 27
10 Google 1062 3 8 1 115 208 121 405 1 200 7.50 0 0 1 0 11 20 11 38 0 19
11 Adobe 995 18 2 97 60 35 53 730 8.90 0 0 2 0 10 6 4 5 0 73
12 Redhat 851 35 105 35 161 157 93 194 4 67 6.10 0 4 12 4 19 18 11 23 0 8
13 Novell 525 1 7 23 5 92 132 40 105 120 7.00 0 1 4 1 18 25 8 20 0 23
14 Apache 520 5 29 13 136 182 51 74 30 6.10 0 1 6 3 26 35 10 14 0 6
15 PHP 377 20 4 49 118 54 101 31 6.70 0 0 5 1 13 31 14 27 0 8
16 Symantec 357 3 13 9 65 67 36 89 3 72 7.10 0 1 4 3 18 19 10 25 1 20
17 GNU 323 1 8 33 18 50 84 36 73 20 6.10 0 2 10 6 15 26 11 23 0 6
18 Freebsd 306 7 39 9 49 53 24 101 24 6.40 0 2 13 3 16 17 8 33 0 8
19 Joomla 298 1 2 41 41 39 164 10 7.20 0 0 0 1 14 14 13 55 0 3
20 Debian 285 7 42 11 39 46 28 81 1 30 6.30 0 2 15 4 14 16 10 28 0 11
21 Wireshark 265 24 32 64 103 7 14 3 18 5.70 0 0 9 12 24 39 3 5 1 7
22 SGI 252 2 25 4 20 54 11 96 40 7.00 0 1 10 2 8 21 4 38 0 16
23 Drupal 250 12 34 76 47 35 39 2 5 5.80 0 0 5 14 30 19 14 16 1 2
24 Mysql 238 3 18 24 105 33 20 22 2 11 5.60 0 1 8 10 44 14 8 9 1 5
25 Opera 232 5 70 83 21 8 45 6.60 0 0 2 0 30 36 9 3 0 19
26 Wordpress 225 9 6 85 45 29 39 1 11 6.10 0 0 4 3 38 20 13 17 0 5
27 Suse 221 2 30 22 38 13 85 31 6.80 0 1 14 0 10 17 6 38 0 14
28 Moodle 221 4 12 95 55 33 15 7 5.80 0 0 2 5 43 25 15 7 0 3
29 Openbsd 213 3 17 6 28 59 9 60 1 30 6.70 0 1 8 3 13 28 4 28 0 14
30 Vmware 202 3 10 6 33 28 33 47 5 37 7.00 0 1 5 3 16 14 16 23 2 18
31 Realnetworks 201 1 5 10 31 6 28 120 8.60 0 0 2 0 5 15 3 14 0 60
32 CA 192 1 7 32 31 6 48 1 66 7.60 0 1 4 0 17 16 3 25 1 34
33 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
34 Ffmpeg 168 1 2 23 10 45 9 78 8.00 0 1 1 0 14 6 27 5 0 46
35 EMC 166 1 9 6 32 24 17 34 5 38 7.10 0 1 5 4 19 14 10 20 3 23
36 Typo3 164 3 12 51 22 11 59 1 5 6.40 0 0 2 7 31 13 7 36 1 3
37 Gentoo 161 5 22 2 9 32 16 45 30 6.80 0 3 14 1 6 20 10 28 0 19
38 SAP 158 31 47 12 41 27 7.10 0 0 0 0 20 30 8 26 0 17
39 Netbsd 150 4 28 3 27 20 10 42 16 6.20 0 3 19 2 18 13 7 28 0 11
40 Mandrakesoft 140 13 23 1 9 25 3 54 1 11 6.20 0 9 16 1 6 18 2 39 1 8
41 KDE 139 1 10 25 29 17 47 10 6.70 0 1 7 0 18 21 12 34 0 7
42 Mcafee 139 2 5 4 42 21 16 34 3 12 6.50 0 1 4 3 30 15 12 24 2 9
43 Phpmyadmin 132 7 11 44 30 16 20 1 3 5.90 0 0 5 8 33 23 12 15 1 2
44 SCO 127 3 10 3 20 21 3 53 14 6.80 0 2 8 2 16 17 2 42 0 11
45 Siemens 122 1 1 3 24 22 12 32 8 19 7.10 0 1 1 2 20 18 10 26 7 16
46 Gnome 120 3 12 6 19 21 24 26 9 6.30 0 3 10 5 16 18 20 22 0 8
47 Netscape 119 11 3 8 47 4 32 14 6.60 0 0 9 3 7 39 3 27 0 12
48 Macromedia 118 5 1 8 42 2 26 34 7.40 0 0 4 1 7 36 2 22 0 29
49 Citrix 118 4 8 1 15 30 14 23 23 6.80 0 3 7 1 13 25 12 19 0 19
50 ISC 117 5 2 15 35 8 33 1 18 7.00 0 0 4 2 13 30 7 28 1 15

Vendor(s) with highest weighted average (8.90): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.