Top 10 Vulnerabilities
The Top 10 External and Top 10 Internal Vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world. Based on the Laws of Vulnerabilities, this information is computed anonymously from over 200 million IP audits per year. The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems. The Top 10 Internal Vulnerabilities show this information for systems and networks inside the firewall.
The two Top 10 lists exclude vulnerabilities that do not have patches, even if workarounds are available, because these lists are tools to help prioritize remediation.
Top 10 Internal Vulnerabilities: February 2013
| Title | QualysID | Ext. Reference |
|---|---|---|
| Oracle Java SE Critical Patch Update - October 2012 CVE-2012-5083, CVE-2012-1531, CVE-2012-5086, CVE-2012-5087, CVE-2012-1533, CVE-2012-1532, CVE-2012-5076, CVE-2012-3143, CVE-2012-5088, CVE-2012-5078, CVE-2012-5089, CVE-2012-5084, CVE-2012-5080, CVE-2012-3159, CVE-2012-5068, CVE-2012-4416, CVE-2012-5074, CVE-2012-5071, CVE-2012-5069, CVE-2012-5067, CVE-2012-5070, CVE-2012-5075, CVE-2012-5073, CVE-2012-5079, CVE-2012-5072, CVE-2012-5081, CVE-2012-5082, CVE-2012-3216, CVE-2012-5077, CVE-2012-5085
|
120604 | Oracle Java SE CPU October 2012 |
| Adobe Flash Player and AIR Multiple Vulnerabilities (APSB12-19) |
120433 | APSB12-19 |
| EOL/Obsolete Software: Microsoft XML Core Services 4.0 Service Pack 2 Detected N/A
|
105458 | KB973685, MSXML 4.0 SP2 |
| EOL/Obsolete Software SNMP Version Detected N/A
|
105459 | N/A |
| Adobe Acrobat and Reader Multiple Vulnerabilities (APSB12-08) |
120103 | APSB12-08 |
| Microsoft Internet Explorer Remote Code Execution Vulnerability (MS13-008 and KB2794220) |
100134 | KB2794220, MS13-008 |
| Microsoft Combined Security Update for Microsoft Office, Windows, .NET Framework and Silverlight (MS12-034) |
90803 | MS12-034 |
| Microsoft Word Remote Code Execution Vulnerability (MS12-064) |
110192 | MS12-064 |
| Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (MS12-020) |
90783 | MS12-020 |
| Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (KB2718704) N/A
|
90805 | KB2718704 |
Top 10 External Vulnerabilities: February 2013
| Title | QualysID | Ext. Reference |
|---|---|---|
| Apache Chunked-Encoding Memory Corruption Vulnerability |
86352 | N/A |
| EOL/Obsolete Software: Microsoft Internet Information Services (IIS) 5.x Detected N/A
|
105456 | N/A |
| EOL/Obsolete Operating System : Microsoft Windows 2000 Detected N/A
|
105359 | Windows 2000 End of Life |
| EOL/Obsolete Operating System : Solaris 8 Detected N/A
|
105462 | Solaris 8 EOL |
| Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (MS12-020) |
90783 | MS12-020 |
| EOL/Obsolete Software: Apache HTTP Server 1.3.X Detected N/A
|
105442 | Announcement1.3 |
| Microsoft SMB Remote Code Execution Vulnerability (MS09-001) |
90477 | MS09-001 |
| Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067) |
90464 | MS08-067 |
| EOL/Obsolete Software SNMP Version Detected N/A
|
105459 | N/A |
| Vulnerability in Server Service Could Allow Remote Code Execution (MS06-040) |
90336 | MS06-040 |
