CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4051 2 10 162 21 465 669 208 875 23 1616 7.80 0 0 4 1 11 17 5 22 1 40
2 Oracle 2814 2 52 138 242 822 558 290 259 9 442 6.20 0 2 5 9 29 20 10 9 0 16
3 Apple 2800 1 50 160 30 420 369 634 486 10 640 7.10 0 2 6 1 15 13 23 17 0 23
4 IBM 2537 2 39 117 245 654 454 244 422 20 340 6.30 0 2 5 10 26 18 10 17 1 13
5 Cisco 2293 1 2 28 24 391 517 308 744 28 250 7.00 0 0 1 1 17 23 13 32 1 11
6 SUN 1617 3 26 106 36 311 280 119 422 3 311 6.90 0 2 7 2 19 17 7 26 0 19
7 Mozilla 1494 5 69 8 278 276 139 198 1 520 7.40 0 0 5 1 19 18 9 13 0 35
8 Adobe 1359 18 2 110 100 43 72 1 1013 9.00 0 0 1 0 8 7 3 5 0 75
9 Linux 1318 1 80 212 38 440 114 130 267 4 32 5.50 0 6 16 3 33 9 10 20 0 2
10 Google 1297 3 7 2 142 258 144 525 1 215 7.40 0 0 1 0 11 20 11 40 0 17
11 HP 1243 1 9 48 20 232 162 96 320 20 335 7.40 0 1 4 2 19 13 8 26 2 27
12 Redhat 993 38 119 45 197 187 117 212 5 73 6.10 0 4 12 5 20 19 12 21 1 7
13 Novell 656 1 12 28 12 115 163 54 131 140 6.90 0 2 4 2 18 25 8 20 0 21
14 Apache 618 5 31 14 168 222 60 86 32 6.10 0 1 5 2 27 36 10 14 0 5
15 PHP 429 21 6 57 132 59 123 31 6.70 0 0 5 1 13 31 14 29 0 7
16 Debian 401 8 47 18 68 63 54 108 2 33 6.30 0 2 12 4 17 16 13 27 0 8
17 Symantec 394 3 16 10 73 74 42 97 5 74 7.00 0 1 4 3 19 19 11 25 1 19
18 GNU 380 1 9 35 26 57 96 42 84 30 6.20 0 2 9 7 15 25 11 22 0 8
19 Freebsd 326 7 42 9 54 60 24 105 25 6.30 0 2 13 3 17 18 7 32 0 8
20 Wireshark 322 24 32 76 143 7 18 3 19 5.70 0 0 7 10 24 44 2 6 1 6
21 Joomla 309 1 2 45 42 40 169 10 7.20 0 0 0 1 15 14 13 55 0 3
22 Drupal 290 13 49 87 54 39 41 2 5 5.70 0 0 4 17 30 19 13 14 1 2
23 Moodle 281 5 23 123 64 42 17 7 5.70 0 0 2 8 44 23 15 6 0 2
24 Canonical 268 9 11 12 76 50 42 48 2 18 6.20 0 3 4 4 28 19 16 18 1 7
25 EMC 266 1 13 14 49 43 32 48 13 53 7.00 0 0 5 5 18 16 12 18 5 20
26 Mysql 260 3 20 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
27 SAP 258 2 3 47 88 21 64 33 6.90 0 0 1 1 18 34 8 25 0 13
28 SGI 253 2 25 4 20 55 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
29 Wordpress 247 10 7 94 48 34 42 1 11 6.10 0 0 4 3 38 19 14 17 0 4
30 Opera 234 4 73 83 21 8 45 6.60 0 0 2 0 31 35 9 3 0 19
31 Openbsd 230 4 18 6 31 62 13 64 2 30 6.70 0 2 8 3 13 27 6 28 1 13
32 Suse 227 2 30 23 38 14 87 33 6.90 0 1 13 0 10 17 6 38 0 15
33 Vmware 222 3 10 8 38 32 38 49 5 39 7.00 0 1 5 4 17 14 17 22 2 18
34 Realnetworks 205 1 5 10 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
35 CA 205 1 7 1 37 32 10 49 1 67 7.50 0 0 3 0 18 16 5 24 0 33
36 Ffmpeg 192 1 2 23 11 51 27 77 8.00 0 1 1 0 12 6 27 14 0 40
37 Mcafee 179 2 13 10 51 27 23 38 3 12 6.20 0 1 7 6 28 15 13 21 2 7
38 Typo3 178 4 13 55 26 14 60 1 5 6.40 0 0 2 7 31 15 8 34 1 3
39 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
40 Gentoo 166 5 22 2 9 33 18 45 32 6.80 0 3 13 1 5 20 11 27 0 19
41 Siemens 163 3 7 3 33 30 19 37 8 23 6.80 0 2 4 2 20 18 12 23 5 14
42 Netbsd 155 4 28 3 27 24 10 43 16 6.20 0 3 18 2 17 15 6 28 0 10
43 Phpmyadmin 154 7 23 50 32 18 20 1 3 5.70 0 0 5 15 32 21 12 13 1 2
44 XEN 152 14 15 5 54 25 18 19 2 5.30 0 9 10 3 36 16 12 13 1 0
45 KDE 146 1 10 29 30 18 48 10 6.60 0 1 7 0 20 21 12 33 0 7
46 Citrix 143 4 8 1 21 36 17 28 28 6.90 0 3 6 1 15 25 12 20 0 20
47 Mandrakesoft 140 13 23 1 9 25 3 54 1 11 6.20 0 9 16 1 6 18 2 39 1 8
48 Openstack 137 3 16 16 53 33 9 6 1 5.10 0 2 12 12 39 24 7 4 0 1
49 Openssl 135 1 5 32 64 10 18 5 6.10 0 1 4 0 24 47 7 13 0 4
50 Gnome 129 3 13 7 21 21 26 29 9 6.30 0 2 10 5 16 16 20 22 0 7

Vendor(s) with highest weighted average (9.00): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.