CVE and CCE Statistics Query Page
(CCE support is under development)

This is a general purpose vulnerability statistics generation engine. Use it to graph and chart vulnerabilities discovered within a product or to graph and chart sets of vulnerabilities containing particular characteristics (e.g. remotely exploitable buffer overflows). These calculations may take up to several minutes to be generated depending on the complexity of the statistic requested.

Important Note: Linux distributions are often made up of a large collections of independently developed software and it is sometimes difficult to determine which software packages should be considered part of the operating system and which should be considered independent but merely included along with the operating system. In addition, some vulnerabilities occur within the Linux kernel and for those vulnerabilities we do not enumerate all of the hundreds of Linux distributions. Thus, the statistics related to Linux must be interpreted carefully. We will be working to provide better statistics for Linux distributions.

Vendor

A..B   C..E   F..H   I..K   L..N   O..Q   R..T   U..W   X..Z   All

Product

A..B   C..E   F..H   I..K   L..N   O..Q   R..T   U..W   X..Z   All

Version

^ --- Choose a Vendor or Product --- ^

Search start date:

Any Month January February March April May June July August September October November December Any Year 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990 1989 1988

Search end date:

Any Month January February March April May June July August September October November December Any Year 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999 1998 1997 1996 1995 1994 1993 1992 1991 1990 1989 1988

CVSS Version 2 Metrics:

Vulnerability Severity:

Any................ High (CVSS 7-10) High and Medium (CVSS 4-10) Medium(CVSS 4-6) Low (CVSS 0-3)

Access Vector:

Any................ Network Adjacent network (Local network) Local access only

Authentication:

Any................ None Single Multiple

Confidentiality:

Any................ None Partial Complete None or Partial Partial or Complete

Integrity:

Any................ None Partial Complete None or Partial Partial or Complete

Availability:

Any................ None Partial Complete None or Partial Partial or Complete

Access Complexity:

Any................ Low Medium High

Vulnerability Category:

Any................................................................... Authentication Issues Buffer Errors Code Injection Configuration Credentials Management Cross-Site Request Forgery (CSRF) Cross-Site Scripting (XSS) Cryptographic Issues Design Error Format String Vulnerability Information Leak / Disclosure Input Validation Insufficient Information Link Following Not in CWE Numeric Errors OS Command Injections Other Path Traversal Permissions, Privileges, and Access Control Race Conditions Resource Management Errors SQL Injection

Use only vulnerabilities that have the following associated resources:

Software Flaws (CVE)
Misconfigurations (CCE), under development

---

US-CERT Technical Alerts
US-CERT Vulnerability Notes
US-CERT Technical Alerts or Vulnerability Notes
OVAL Queries