Top 10 Vulnerabilities

The Top 10 External and Top 10 Internal Vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world. Based on the Laws of Vulnerabilities, this information is computed anonymously from over 200 million IP audits per year. The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems. The Top 10 Internal Vulnerabilities show this information for systems and networks inside the firewall.

The two Top 10 lists exclude vulnerabilities that do not have patches, even if workarounds are available, because these lists are tools to help prioritize remediation.

Top 10 Internal Vulnerabilities: November 2011

Title	QualysID	Ext. Reference
Microsoft Internet Explorer Cumulative Security Update (MS11-057) CVE-2011-1257, CVE-2011-2383, CVE-2011-1960, CVE-2011-1961, CVE-2011-1962, CVE-2011-1963, CVE-2011-1964	100105	MS11-057
Oracle Java SE Critical Patch Update - June 2011 CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0817, CVE-2011-0863, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0786, CVE-2011-0788, CVE-2011-0866, CVE-2011-0868, CVE-2011-0872, CVE-2011-0867, CVE-2011-0865, CVE-2011-0869	119319	Oracle JAVA CPU JUN201
Microsoft Windows Fax Cover Page Editor Remote Code Execution Vulnerability (MS11-024) CVE-2010-4701, CVE-2010-3974	90675	MS11-024
Microsoft Windows SMB Client Remote Code Execution (MS11-043) CVE-2011-1268	90707	MS11-043
Microsoft OLE Automation Remote Code Execution Vulnerability (MS11-038) CVE-2011-0658	90709	MS11-038
Microsoft Windows Kernel Mode Drivers Elevation of Privilege (MS11-054) CVE-2011-1874, CVE-2011-1875, CVE-2011-1876, CVE-2011-1877, CVE-2011-1878, CVE-2011-1879, CVE-2011-1880, CVE-2011-1881, CVE-2011-1882, CVE-2011-1883, CVE-2011-1884, CVE-2011-1885, CVE-2011-1886, CVE-2011-1887, CVE-2011-1888	90718	MS11-054
Microsoft Windows Client/Server Run-time Subsystem Elevation of Privilege Vulnerability (MS11-063) CVE-2011-1967	90721	MS11-063
Microsoft Windows Kernel Elevation of Privilege Vulnerabilities (MS11-011) CVE-2010-4398, CVE-2011-0045	90659	MS11-011
Microsoft Distributed File System Remote Code Execution Vulnerability (MS11-042) CVE-2011-1868, CVE-2011-1869	90706	MS11-042
Microsoft MHTML Information Disclosure Vulnerability (MS11-037) CVE-2011-1894	90713	MS11-037

Top 10 External Vulnerabilities: November 2011

Title	QualysID	Ext. Reference
SSL Server Allows Anonymous Authentication Vulnerability N/A	38142	N/A
EOL/Obsolete Operating System : Microsoft Windows 2000 Detected N/A	105359	N/A
PHP "spl_object_storage_attach" Use-After-Free Vulnerability CVE-2010-2225	12378	N/A
SSH Protocol Version 1 Supported CVE-2001-1473	38304	N/A
Internet Information Services (IIS) Could Allow Elevation of Privilege (MS09-020) CVE-2009-1535, CVE-2009-1122	86837	MS09-020
Cisco IOS Telnet Service Remote Denial of Service Vulnerability CVE-2004-1464	38308	cisco-sa-20040827-telnet
Microsoft SMB Remote Code Execution Vulnerability (MS09-001) CVE-2008-4834, CVE-2008-4835, CVE-2008-4114	90477	MS09-001
Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067) CVE-2008-4250	90464	MS08-06
JBoss Application Server Web Console and JMX Management Console Authentication Bypass Vulnerability CVE-2010-1428, CVE-2010-0738	86882	N/A
Remote User List Disclosure Using NetBIOS CVE-2000-1200	45003	N/A

Previous Top 10 Vulnerability Lists

Research
Top 10 Vulnerabilities

Top 10 Vulnerabilities

Top 10 Internal Vulnerabilities: November 2011

Top 10 External Vulnerabilities: November 2011

Previous Top 10 Vulnerability Lists

Stay Connected with Qualys

Free Services & Trials

Qualys Community

Other Links