CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 4430 2 11 173 27 516 682 220 993 23 1783 7.90 0 0 4 1 12 15 5 22 1 40
2 Apple 3309 1 52 193 37 497 435 785 565 16 728 7.10 0 2 6 1 15 13 24 17 0 22
3 Oracle 3289 2 74 159 292 975 646 365 288 9 479 6.20 0 2 5 9 30 20 11 9 0 15
4 IBM 2758 2 45 135 282 713 493 266 446 23 353 6.30 0 2 5 10 26 18 10 16 1 13
5 Cisco 2549 1 2 30 30 451 570 355 808 31 271 7.00 0 0 1 1 18 22 14 32 1 11
6 Adobe 1800 18 3 127 113 51 107 1 1380 9.10 0 0 1 0 7 6 3 6 0 77
7 Google 1665 3 12 4 189 293 181 592 6 385 7.60 0 0 1 0 11 18 11 36 0 23
8 Mozilla 1653 5 72 8 312 294 190 228 1 543 7.40 0 0 4 0 19 18 11 14 0 33
9 SUN 1631 3 26 106 45 312 283 119 422 4 311 6.80 0 2 6 3 19 17 7 26 0 19
10 Linux 1435 1 84 226 39 495 124 135 290 4 37 5.50 0 6 16 3 34 9 9 20 0 3
11 HP 1305 1 9 50 24 246 169 105 332 21 348 7.30 0 1 4 2 19 13 8 25 2 27
12 Redhat 1092 40 124 54 222 213 132 227 5 75 6.00 0 4 11 5 20 20 12 21 0 7
13 Novell 886 1 14 38 35 155 217 95 164 167 6.80 0 2 4 4 17 24 11 19 0 19
14 Apache 692 5 34 15 198 229 72 99 1 39 6.10 0 1 5 2 29 33 10 14 0 6
15 Debian 640 12 54 29 118 127 89 150 4 57 6.40 0 2 8 5 18 20 14 23 1 9
16 PHP 471 21 6 58 142 65 138 41 6.80 0 0 4 1 12 30 14 29 0 9
17 Symantec 421 3 19 11 76 78 46 102 10 76 7.00 0 1 5 3 18 19 11 24 2 18
18 Canonical 418 13 14 12 105 78 63 87 2 44 6.50 0 3 3 3 25 19 15 21 0 11
19 GNU 394 1 9 36 26 59 98 46 89 30 6.20 0 2 9 7 15 25 12 23 0 8
20 Wireshark 386 24 32 138 143 7 20 3 19 5.60 0 0 6 8 36 37 2 5 1 5
21 Freebsd 330 7 42 9 55 60 25 107 25 6.30 0 2 13 3 17 18 8 32 0 8
22 Joomla 321 1 2 46 44 41 177 10 7.20 0 0 0 1 14 14 13 55 0 3
23 Moodle 304 5 25 139 67 43 18 7 5.70 0 0 2 8 46 22 14 6 0 2
24 Drupal 300 13 49 88 58 43 41 3 5 5.80 0 0 4 16 29 19 14 14 1 2
25 EMC 296 1 15 16 61 44 35 53 14 57 6.90 0 0 5 5 21 15 12 18 5 19
26 SAP 294 2 3 52 97 26 76 1 37 6.90 0 0 1 1 18 33 9 26 0 13
27 Suse 266 2 34 4 31 39 24 92 40 6.80 0 1 13 2 12 15 9 35 0 15
28 Mysql 260 3 20 25 115 34 24 25 3 11 5.60 0 1 8 10 44 13 9 10 1 4
29 Wordpress 254 10 7 98 49 35 43 1 11 6.10 0 0 4 3 39 19 14 17 0 4
30 SGI 253 2 25 4 20 55 11 96 40 7.00 0 1 10 2 8 22 4 38 0 16
31 Openbsd 235 4 18 6 32 64 14 65 2 30 6.70 0 2 8 3 14 27 6 28 1 13
32 Opera 234 4 73 83 21 8 45 6.60 0 0 2 0 31 35 9 3 0 19
33 Vmware 231 3 10 10 38 34 40 50 5 41 6.90 0 1 4 4 16 15 17 22 2 18
34 Ffmpeg 220 1 2 26 11 61 42 77 7.90 0 0 1 0 12 5 28 19 0 35
35 CA 208 1 7 1 37 32 13 49 1 67 7.50 0 0 3 0 18 15 6 24 0 32
36 Realnetworks 205 1 5 10 31 6 29 123 8.60 0 0 2 0 5 15 3 14 0 60
37 Mcafee 195 2 15 12 52 30 26 41 4 13 6.20 0 1 8 6 27 15 13 21 2 7
38 Typo3 185 4 18 57 26 14 60 1 5 6.30 0 0 2 10 31 14 8 32 1 3
39 XEN 185 17 23 6 65 27 20 25 2 5.30 0 9 12 3 35 15 11 14 1 0
40 Fedoraproject 179 5 14 7 41 48 27 21 1 15 6.10 0 3 8 4 23 27 15 12 1 8
41 Siemens 174 3 7 5 35 33 20 39 8 24 6.80 0 2 4 3 20 19 11 22 5 14
42 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
43 Phpmyadmin 170 7 28 51 42 18 20 1 3 5.70 0 0 4 16 30 25 11 12 1 2
44 Gentoo 167 5 22 2 9 34 18 45 32 6.80 0 3 13 1 5 20 11 27 0 19
45 Openssl 158 2 7 37 72 11 20 9 6.10 0 1 4 0 23 46 7 13 0 6
46 Openstack 156 3 17 18 55 42 13 7 1 5.20 0 2 11 12 35 27 8 4 0 1
47 Netbsd 155 4 28 3 27 24 10 43 16 6.20 0 3 18 2 17 15 6 28 0 10
48 Citrix 153 4 8 1 25 39 18 28 30 6.80 0 3 5 1 16 25 12 18 0 20
49 Juniper 148 4 4 38 33 8 45 1 15 6.70 0 0 3 3 26 22 5 30 1 10
50 KDE 146 1 10 29 30 18 48 10 6.60 0 1 7 0 20 21 12 33 0 7

Vendor(s) with highest weighted average (9.10): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.