See Resources

Top 10 Vulnerabilities

The Top 10 External and Top 10 Internal Vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world. Based on the Laws of Vulnerabilities, this information is computed anonymously from over 2 billion IP audits per year. The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems. The Top 10 Internal Vulnerabilities show this information for systems and networks inside the firewall.

The two Top 10 lists exclude vulnerabilities that do not have patches, even if workarounds are available, because these lists are tools to help prioritize remediation.

Top 10 Internal Vulnerabilities: February 2016

TitleQualysIDExt. Reference
Oracle Java SE Critical Patch Update - October 2015
124169 Oracle Java SE CPU October 2015
Microsoft Windows Remote Code Execution Vulnerability (MS15-115)
91112 MS15-115
Microsoft Schannel Spoofing Vulnerability (MS15-121)
91107 MS15-121
Microsoft Windows Winsock Privilege Escalation Vulnerability (MS15-119)
91110 MS15-119
Microsoft Windows Graphics Component Remote Code Execution Vulnerability (MS15-128)
91140 MS15-128
Adobe Flash Player and AIR Security Update (APSB15-28)
124208 APSB15-28
Microsoft Windows NDIS Privilege of Elevation Vulnerability (MS15-117)
91104 MS15-117
Microsoft Internet Explorer Cumulative Security Update (MS15-124)
100269 MS15-124
Microsoft Office Remote Code Execution Vulnerabilities (MS15-116)
110261 MS15-116
Microsoft Windows Kernel-Mode Drivers Privilege Escalation Vulnerabilities (MS15-135)
91133 MS15-135

Top 10 External Vulnerabilities: February 2016

TitleQualysIDExt. Reference
Cisco IOS Malformed IPV4 Packet Denial of Service Vulnerability
43051 No Reference
OpenSSL Multiple Remote Security Vulnerabilities
38602 OpenSSL Security Advisory [05 Jun 2014]
SSL/TLS Server Factoring RSA Export Keys (FREAK) vulnerability
38605 No Reference
SSL Server Allows Anonymous Authentication Vulnerability
38142 No Reference
Apache HTTP Server Multiple Cross-Site Scripting Vulnerabilities
12260 RHSA-2008-0004
OpenSSH Signal Handling Vulnerability
38560 No Reference
OpenSSL Weak RSA Key Exchange Vulnerability
123407 OpenSSL Security Advisory [19 March 2015]
SSH Protocol Version 1 Supported
38304 No Reference
Microsoft Windows HTTP.sys Remote Code Execution Vulnerability (MS15-034)
91041 MS15-034
EOL/Obsolete Software: PHP 5.3.x Detected
105578 PHP 5.3.29

Previous Top 10 Vulnerability Lists

Contact sales or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Free Trial & Tools