Top 10 Vulnerabilities

The Top 10 External and Top 10 Internal Vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world. Based on the Laws of Vulnerabilities, this information is computed anonymously from over 1 billion IP audits per year. The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems. The Top 10 Internal Vulnerabilities show this information for systems and networks inside the firewall.

The two Top 10 lists exclude vulnerabilities that do not have patches, even if workarounds are available, because these lists are tools to help prioritize remediation.

Top 10 Internal Vulnerabilities: July 2015

TitleQualysIDExt. Reference
Oracle Java SE Critical Patch Update - January 2015
123168 Oracle Java SE CPU January 2015
EOL/Obsolete Software: Microsoft XML Parser and Microsoft XML Core Services (MSXML) 4.0 Detected
No CVE
105576 Microsoft MSXML 4 EOL
EOL/Obsolete Software SNMP Version Detected
No CVE
105459 No Reference
Microsoft Internet Explorer Cumulative Security Update (MS15-032)
100229 MS15-032
Microsoft Windows HTTP.sys Remote Code Execution Vulnerability (MS15-034)
91041 MS15-034
Microsoft Graphics Component Remote Code Execution Vulnerability (MS15-035)
91038 MS15-035
EOL/Obsolete Software: Oracle Java SE/JRE/JDK 6/1.6 Detected
No CVE
105490 Oracle Java SE Support Roadmap
Adobe Flash Player Multiple Remote Code Execution Vulnerabilities (APSB15-06)
123524 APSB15-06
Microsoft Windows Shell Remote Code Execution Vulnerabilities (MS15-020)
91029 MS15-020
Microsoft Windows Journal Remote Code Execution Vulnerability (MS15-045)
91054 MS15-045

Top 10 External Vulnerabilities: July 2015

TitleQualysIDExt. Reference
Cisco IOS Malformed IPV4 Packet Denial of Service Vulnerability
43051 No Reference
Microsoft Windows HTTP.sys Remote Code Execution Vulnerability (MS15-034)
91041 MS15-034
EOL/Obsolete Software: PHP 5.3.x Detected
No CVE
105578 PHP 5.3.29
EOL/Obsolete Software: IBM HTTP Server 6.1 Detected
No CVE
105524 End of Life for IBM HTTP Server 6.1
EOL/Obsolete Software SNMP Version Detected
No CVE
105459 No Reference
EOL/Obsolete Operating System: Cisco IOS 12.3 Detected
No CVE
105505Cisco IOS 12.3 Lifecycle
EOL/Obsolete Software: Apache Tomcat 5.5.x Detected
No CVE
105470 EOL: Tomcat 5.5
EOL/Obsolete Operating System: Microsoft Windows XP Detected
No CVE
105543 Windows XP End of Life
EOL/Obsolete Software: Apache HTTP Server 1.3.X Detected
No CVE
105442 Announcement 1.3
Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (MS12-020)
90783 MS12-020

Previous Top 10 Vulnerability Lists

Qualys Solutions
Qualys Community
Free Trial & Tools
Free Trial

Nothing to install!

1 (800) 745 4355