Top 10 Vulnerabilities

The Top 20 external and internal vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world. Based on the "Laws of Vulnerabilities", this information is computed anonymously from over 200 million IP audits per year. The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems. The Top 10 Internal Vulnerabilities show this information for systems and networks inside organization's firewalls.

The Top 20 excludes vulnerabilities that do not have patches. Although such vulnerabilities may have a workaround they were excluded as there is no fix from the vendor.

Top 10 Internal Vulnerabilities: November 2011

Title	QualysID	CVE Reference	Ext. Reference
Microsoft Internet Explorer Cumulative Security Update (MS11-057)	100105	View CVEs CVE-2011-1257 CVE-2011-2383 CVE-2011-1960 CVE-2011-1961 CVE-2011-1962 CVE-2011-1963 CVE-2011-1964	MS11-057
Oracle Java SE Critical Patch Update - June 2011	119319	View CVEs CVE-2011-0862 CVE-2011-0873 CVE-2011-0815 CVE-2011-0817 CVE-2011-0863 CVE-2011-0864 CVE-2011-0802 CVE-2011-0814 CVE-2011-0871 CVE-2011-0786 CVE-2011-0788 CVE-2011-0866 CVE-2011-0868 CVE-2011-0872 CVE-2011-0867 CVE-2011-0865 CVE-2011-0869	Oracle JAVA CPU JUN201
Microsoft Windows Fax Cover Page Editor Remote Code Execution Vulnerability (MS11-024))	90675	View CVEs CVE-2010-4701 CVE-2010-3974	MS11-024
Microsoft Windows SMB Client Remote Code Execution (MS11-043)	90707	View CVEs CVE-2011-1268	MS11-043
Microsoft OLE Automation Remote Code Execution Vulnerability (MS11-038)	90709	View CVEs CVE-2011-0658	MS11-038
Microsoft Windows Kernel Mode Drivers Elevation of Privilege (MS11-054)	90718	View CVEs CVE-2011-1874 CVE-2011-1875 CVE-2011-1876 CVE-2011-1877 CVE-2011-1878 CVE-2011-1879 CVE-2011-1880 CVE-2011-1881 CVE-2011-1882 CVE-2011-1883 CVE-2011-1884 CVE-2011-1885 CVE-2011-1886 CVE-2011-1887 CVE-2011-1888	MS11-054
Microsoft Windows Client/Server Run-time Subsystem Elevation of Privilege Vulnerability (MS11-063)	90721	View CVEs CVE-2011-1967	MS11-063
Microsoft Windows Kernel Elevation of Privilege Vulnerabilities (MS11-011)	90659	View CVEs CVE-2010-4398 CVE-2011-0045	MS11-011
Microsoft Distributed File System Remote Code Execution Vulnerability (MS11-042)	90706	View CVEs CVE-2011-1868 CVE-2011-1869	MS11-042
Microsoft MHTML Information Disclosure Vulnerability (MS11-037)	90713	View CVEs CVE-2011-1894	MS11-037

Top 10 External Vulnerabilities: November 2011

Title	QualysID	CVE Reference	Ext. Reference
SSL Server Allows Anonymous Authentication Vulnerability	38142	View CVEs N/A	N/A
EOL/Obsolete Operating System : Microsoft Windows 2000 Detected	105359	View CVEs N/A	N/A
PHP "spl_object_storage_attach" Use-After-Free Vulnerability	12378	View CVEs CVE-2010-2225	N/A
SSH Protocol Version 1 Supported	38304	View CVEs CVE-2001-1473	N/A
Internet Information Services (IIS) Could Allow Elevation of Privilege (MS09-020)	86837	View CVEs CVE-2009-1535 CVE-2009-1122	MS09-020
Cisco IOS Telnet Service Remote Denial of Service Vulnerability	38308	View CVEs CVE-2004-1464	cisco-sa-20040827-telnet
Microsoft SMB Remote Code Execution Vulnerability (MS09-001)	90477	View CVEs CVE-2008-4834 CVE-2008-4835 CVE-2008-4114	MS09-001
Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067)	90464	View CVEs CVE-2008-4250	MS08-06
JBoss Application Server Web Console and JMX Management Console Authentication Bypass Vulnerability	86882	View CVEs CVE-2010-1428 CVE-2010-0738	N/A
Remote User List Disclosure Using NetBIOS	45003	View CVEs CVE-2000-1200	N/A

QualysGuard Trials

Free Tools

Top 10 Vulnerabilities

Top 10 Internal Vulnerabilities: November 2011

Top 10 External Vulnerabilities: November 2011

FREE Scan of the Top 10 External Vulnerabilities

Previous Top 10 Vulnerability Lists

Stay Connected:

Free Services and Trials:

Other Links: