CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4507 2 13 183 27 527 684 226 1010 23 1812 7.90 0 0 4 1 12 15 5 22 1 40
2 Oracle 3480 2 75 165 300 1025 685 383 311 14 520 6.20 0 2 5 9 29 20 11 9 0 15
3 Apple 3387 1 52 197 39 517 443 805 582 15 736 7.10 0 2 6 1 15 13 24 17 0 22
4 IBM 2826 2 46 142 290 732 507 279 450 24 354 6.30 0 2 5 10 26 18 10 16 1 13
5 Cisco 2620 1 2 30 30 465 587 376 822 31 276 7.00 0 0 1 1 18 22 14 31 1 11
6 Adobe 1933 18 3 130 116 66 115 1 1484 9.10 0 0 1 0 7 6 3 6 0 77
7 Google 1855 3 15 5 219 303 210 610 6 484 7.70 0 0 1 0 12 16 11 33 0 26
8 Mozilla 1667 5 72 8 317 295 195 230 1 544 7.40 0 0 4 0 19 18 12 14 0 33
9 SUN 1631 3 26 106 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
10 Linux 1475 1 85 232 39 499 130 137 304 4 44 5.50 0 6 16 3 34 9 9 21 0 3
11 HP 1342 1 9 52 24 249 182 111 343 22 349 7.30 0 1 4 2 19 14 8 26 2 26
12 Redhat 1261 42 129 66 254 238 151 261 6 114 6.20 0 3 10 5 20 19 12 21 0 9
13 Novell 1091 1 16 50 45 206 259 127 195 2 190 6.70 0 1 5 4 19 24 12 18 0 17
14 Debian 761 13 55 33 141 151 116 181 4 67 6.40 0 2 7 4 19 20 15 24 1 9
15 Apache 717 5 34 15 200 240 77 105 1 40 6.10 0 1 5 2 28 33 11 15 0 6
16 Canonical 612 18 33 19 157 115 95 116 3 56 6.30 0 3 5 3 26 19 16 19 0 9
17 PHP 506 21 6 60 147 70 160 1 41 6.80 0 0 4 1 12 29 14 32 0 8
18 Symantec 435 3 19 12 77 78 48 105 10 83 7.00 0 1 4 3 18 18 11 24 2 19
19 GNU 398 1 9 36 26 59 101 46 90 30 6.20 0 2 9 7 15 25 12 23 0 8
20 Wireshark 386 24 32 138 143 7 20 3 19 5.60 0 0 6 8 36 37 2 5 1 5
21 Freebsd 332 7 42 9 55 60 25 109 25 6.30 0 2 13 3 17 18 8 33 0 8
22 Joomla 321 1 2 46 44 41 177 10 7.20 0 0 0 1 14 14 13 55 0 3
23 Moodle 314 5 25 147 68 44 18 7 5.70 0 0 2 8 47 22 14 6 0 2
24 EMC 305 1 15 17 63 44 38 54 14 59 6.90 0 0 5 6 21 14 12 18 5 19
25 Drupal 300 13 49 88 58 43 41 3 5 5.80 0 0 4 16 29 19 14 14 1 2
26 Suse 299 3 34 4 33 41 43 93 48 6.90 0 1 11 1 11 14 14 31 0 16
27 SAP 294 2 3 52 97 26 76 1 37 6.90 0 0 1 1 18 33 9 26 0 13
28 Wordpress 270 10 8 105 57 35 43 1 11 6.10 0 0 4 3 39 21 13 16 0 4
29 Mysql 260 3 20 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
30 SGI 253 2 25 4 20 55 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
31 Fedoraproject 245 5 15 8 56 66 33 44 1 17 6.20 0 2 6 3 23 27 13 18 0 7
32 Vmware 236 3 10 10 42 34 41 50 5 41 6.90 0 1 4 4 18 14 17 21 2 17
33 Openbsd 235 4 18 6 32 64 14 65 2 30 6.70 0 2 8 3 14 27 6 28 1 13
34 Opera 235 4 73 83 21 8 46 6.60 0 0 2 0 31 35 9 3 0 20
35 Ffmpeg 221 1 2 26 11 62 42 77 7.90 0 0 1 0 12 5 28 19 0 35
36 CA 212 1 7 2 38 32 13 49 1 69 7.50 0 0 3 1 18 15 6 23 0 33
37 Realnetworks 205 1 5 10 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
38 Mcafee 195 2 15 12 52 30 26 41 4 13 6.20 0 1 8 6 27 15 13 21 2 7
39 XEN 189 18 24 6 66 27 21 25 2 5.20 0 10 13 3 35 14 11 13 1 0
40 Typo3 185 4 18 57 26 14 60 1 5 6.30 0 0 2 10 31 14 8 32 1 3
41 Phpmyadmin 185 7 28 59 47 18 22 1 3 5.70 0 0 4 15 32 25 10 12 1 2
42 Siemens 183 5 7 5 36 37 20 40 8 25 6.70 0 3 4 3 20 20 11 22 4 14
43 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
44 Gentoo 167 5 22 2 9 34 18 45 32 6.80 0 3 13 1 5 20 11 27 0 19
45 Openssl 160 3 8 37 72 11 20 9 6.10 0 2 5 0 23 45 7 13 0 6
46 Openstack 160 3 17 19 55 42 16 7 1 5.20 0 2 11 12 34 26 10 4 0 1
47 Citrix 158 4 9 1 26 41 18 29 30 6.80 0 3 6 1 16 26 11 18 0 19
48 Netbsd 156 4 28 3 28 24 10 43 16 6.20 0 3 18 2 18 15 6 28 0 10
49 Juniper 148 4 4 38 33 8 45 1 15 6.70 0 0 3 3 26 22 5 30 1 10
50 KDE 147 1 11 29 30 18 48 10 6.60 0 1 7 0 20 20 12 33 0 7

Vendor(s) with highest weighted average (9.10): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.