Top 10 Vulnerabilities
The Top 20 external and internal vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world. Based on the "Laws of Vulnerabilities", this information is computed anonymously from over 200 million IP audits per year. The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems. The Top 10 Internal Vulnerabilities show this information for systems and networks inside organization's firewalls.
The Top 20 excludes vulnerabilities that do not have patches. Although such vulnerabilities may have a workaround they were excluded as there is no fix from the vendor.
Top 10 Internal Vulnerabilities: August 2011
| Title | QualysID | Ext. Reference |
|---|---|---|
| Oracle Java SE Critical Patch Update - June 2011 |
119319 | Oracle JAVA CPU JUN2011 |
| Adobe Reader and Acrobat Security Update (APSB11-03) CVE-2010-4091, CVE-2011-0562, CVE-2011-0563, CVE-2011-0564, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0568, CVE-2011-0570, CVE-2011-0585, CVE-2011-0586, CVE-2011-0587, CVE-2011-0588, CVE-2011-0589, CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0594, CVE-2011-0595, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0600, CVE-2011-0602, CVE-2011-0603, CVE-2011-0604, CVE-2011-0605, CVE-2011-0606
|
118956 | APSB11-03 |
| Adobe Flash Player Unspecified Code Execution Multiple Vulnerabilities (APSA10-01 and APSB10-14) CVE-2008-4546, CVE-2009-3793, CVE-2010-1297, CVE-2010-2160, CVE-2010-2161, CVE-2010-2162, CVE-2010-2163, CVE-2010-2164, CVE-2010-2165, CVE-2010-2166, CVE-2010-2167, CVE-2010-2169, CVE-2010-2170, CVE-2010-2171, CVE-2010-2172, CVE-2010-2173, CVE-2010-2174, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2179, CVE-2010-2180, CVE-2010-2181, CVE-2010-2182, CVE-2010-2183, CVE-2010-2184, CVE-2010-2185, CVE-2010-2186, CVE-2010-2187, CVE-2010-2188, CVE-2010-2189
|
118088 | APSA10-01 APSB10-14 |
| Writeable SNMP |
78031 | N/A |
| Microsoft JScript and VBScript Scripting Engines Remote Code Execution Vulnerability (MS11-031) |
90700 | MS11-031 |
| Microsoft .NET Common Language Runtime and Silverlight Remote Code Execution Vulnerabilities (MS10-060) |
90624 | MS10-060 |
| Microsoft Windows Kernel-Mode Drivers Privilege Elevation Vulnerability (MS10-048) |
90627 | MS10-048 |
| Microsoft Windows SMB Server Remote Code Execution Vulnerability (MS10-054) |
90626 | MS10-054 |
| Microsoft PowerPoint Remote Code Execution Vulnerability (MS11-036) |
110149 | MS11-036 |
| Microsoft SMB Server Remote Code Execution Vulnerability (MS11-020) |
90699 | MS11-020 |
Top 10 External Vulnerabilities: August 2011
| Title | QualysID | Ext. Reference |
|---|---|---|
| SSL Server Allows Anonymous Authentication Vulnerability |
38142 | N/A |
| Apache HTTP Server Multiple Cross-Site Scripting Vulnerabilities |
12260 | RHSA-2008-0004,RHSA-2008-0005,RHSA-2008-0006,RHSA-2008-0007,RHSA-2008-0008 |
| EOL/Obsolete Operating System : Microsoft Windows 2000 Detected |
105359 | N/A |
| OpenSSH Signal Handling Vulnerability |
38560 | N/A |
| Internet Information Services (IIS) Could Allow Elevation of Privilege (MS09-020) |
86837 | MS09-020 |
| PHP "spl_object_storage_attach" Use-After-Free Vulnerability |
12378 | N/A |
| Cisco IOS Telnet Service Remote Denial of Service Vulnerability |
38308 | cisco-sa-20040827-telnet |
| SSH Protocol Version 1 Supported |
38304 | N/A |
| Microsoft SMB Remote Code Execution Vulnerability (MS09-001) |
90477 | MS09-001 |
| Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067) |
90464 | MS08-067 |
