CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

CVSS Score Distribution For Top 50 Vendors By Total Number Of "Distinct" Vulnerabilities

Vendor Name Number of Total Vulnerabilities # Of Vulnerabilities Weighted Average % Of Total
0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+ 0-1 1-2 2-3 3-4 4-5 5-6 6-7 7-8 8-9 9+
1 Microsoft 3370 2 5 143 16 384 636 169 819 19 1177 7.70 0 0 4 0 11 19 5 24 1 35
2 Oracle 2257 2 40 113 175 615 472 210 225 8 397 6.40 0 2 5 8 27 21 9 10 0 18
3 Apple 2214 1 27 129 24 342 306 441 400 9 535 7.10 0 1 6 1 15 14 20 18 0 24
4 IBM 1971 2 32 81 134 488 345 194 372 14 309 6.50 0 2 4 7 25 18 10 19 1 16
5 Cisco 1699 1 2 28 19 226 369 183 620 24 227 7.20 0 0 2 1 13 22 11 36 1 13
6 SUN 1581 3 25 103 35 295 276 115 415 3 311 6.90 0 2 7 2 19 17 7 26 0 20
7 Mozilla 1303 4 67 6 235 250 111 162 1 467 7.40 0 0 5 0 18 19 9 12 0 36
8 Linux 1179 1 78 196 35 390 102 110 239 3 25 5.40 0 7 17 3 33 9 9 20 0 2
9 HP 1103 1 8 44 17 207 150 82 281 14 299 7.30 0 1 4 2 19 14 7 25 1 27
10 Google 1062 3 8 1 115 208 121 405 1 200 7.50 0 0 1 0 11 20 11 38 0 19
11 Adobe 995 18 2 97 60 35 53 730 8.90 0 0 2 0 10 6 4 5 0 73
12 Redhat 849 35 105 35 160 157 92 194 4 67 6.10 0 4 12 4 19 18 11 23 0 8
13 Novell 524 1 7 23 5 92 132 39 105 120 7.00 0 1 4 1 18 25 7 20 0 23
14 Apache 519 5 29 13 135 182 51 74 30 6.10 0 1 6 3 26 35 10 14 0 6
15 PHP 377 20 4 49 118 54 101 31 6.70 0 0 5 1 13 31 14 27 0 8
16 Symantec 357 3 13 9 65 67 36 89 3 72 7.10 0 1 4 3 18 19 10 25 1 20
17 GNU 323 1 8 33 18 50 84 36 73 20 6.10 0 2 10 6 15 26 11 23 0 6
18 Freebsd 306 7 39 9 49 53 24 101 24 6.40 0 2 13 3 16 17 8 33 0 8
19 Joomla 298 1 2 41 41 39 164 10 7.20 0 0 0 1 14 14 13 55 0 3
20 Debian 285 7 42 11 39 46 28 81 1 30 6.30 0 2 15 4 14 16 10 28 0 11
21 Wireshark 265 24 32 64 103 7 14 3 18 5.70 0 0 9 12 24 39 3 5 1 7
22 SGI 252 2 25 4 20 54 11 96 40 7.00 0 1 10 2 8 21 4 38 0 16
23 Drupal 250 12 34 76 47 35 39 2 5 5.80 0 0 5 14 30 19 14 16 1 2
24 Mysql 238 3 18 24 105 33 20 22 2 11 5.60 0 1 8 10 44 14 8 9 1 5
25 Opera 232 5 70 83 21 8 45 6.60 0 0 2 0 30 36 9 3 0 19
26 Wordpress 225 9 6 85 45 29 39 1 11 6.10 0 0 4 3 38 20 13 17 0 5
27 Moodle 221 4 12 95 55 33 15 7 5.80 0 0 2 5 43 25 15 7 0 3
28 Suse 221 2 30 22 38 13 85 31 6.80 0 1 14 0 10 17 6 38 0 14
29 Openbsd 213 3 17 6 28 59 9 60 1 30 6.70 0 1 8 3 13 28 4 28 0 14
30 Vmware 202 3 10 6 33 28 33 47 5 37 7.00 0 1 5 3 16 14 16 23 2 18
31 Realnetworks 201 1 5 10 31 6 28 120 8.60 0 0 2 0 5 15 3 14 0 60
32 CA 192 1 7 32 31 6 48 1 66 7.60 0 1 4 0 17 16 3 25 1 34
33 BEA 172 2 14 2 30 61 18 38 7 6.20 0 1 8 1 17 35 10 22 0 4
34 Ffmpeg 168 1 2 23 10 45 9 78 8.00 0 1 1 0 14 6 27 5 0 46
35 EMC 166 1 9 6 32 24 17 34 5 38 7.10 0 1 5 4 19 14 10 20 3 23
36 Typo3 164 3 12 51 22 11 59 1 5 6.40 0 0 2 7 31 13 7 36 1 3
37 Gentoo 161 5 22 2 9 32 16 45 30 6.80 0 3 14 1 6 20 10 28 0 19
38 SAP 158 31 47 12 41 27 7.10 0 0 0 0 20 30 8 26 0 17
39 Netbsd 150 4 28 3 27 20 10 42 16 6.20 0 3 19 2 18 13 7 28 0 11
40 Mandrakesoft 140 13 23 1 9 25 3 54 1 11 6.20 0 9 16 1 6 18 2 39 1 8
41 KDE 139 1 10 25 29 17 47 10 6.70 0 1 7 0 18 21 12 34 0 7
42 Mcafee 139 2 5 4 42 21 16 34 3 12 6.50 0 1 4 3 30 15 12 24 2 9
43 Phpmyadmin 132 7 11 44 30 16 20 1 3 5.90 0 0 5 8 33 23 12 15 1 2
44 SCO 127 3 10 3 20 21 3 53 14 6.80 0 2 8 2 16 17 2 42 0 11
45 Gnome 120 3 12 6 19 21 24 26 9 6.30 0 3 10 5 16 18 20 22 0 8
46 Netscape 119 11 3 8 47 4 32 14 6.60 0 0 9 3 7 39 3 27 0 12
47 Siemens 119 1 1 3 24 20 12 32 8 18 7.10 0 1 1 3 20 17 10 27 7 15
48 Macromedia 118 5 1 8 42 2 26 34 7.40 0 0 4 1 7 36 2 22 0 29
49 Citrix 118 4 8 1 15 30 14 23 23 6.80 0 3 7 1 13 25 12 19 0 19
50 ISC 117 5 2 15 35 8 33 1 18 7.00 0 0 4 2 13 30 7 28 1 15

Vendor(s) with highest weighted average (8.90): Adobe  

Weighted average = SUM((Cvss Range (e.g: 2 for range 1-2 )) * (Number of vulnerabilities in that range)) / (Total number of vulnerabilities)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.