Search

See Resources

Top 10 Vulnerabilities

The Top 10 External and Top 10 Internal Vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world. Based on the Laws of Vulnerabilities, this information is computed anonymously from over 2 billion IP audits per year. The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems. The Top 10 Internal Vulnerabilities show this information for systems and networks inside the firewall.

The two Top 10 lists exclude vulnerabilities that do not have patches, even if workarounds are available, because these lists are tools to help prioritize remediation.

Top 10 Internal Vulnerabilities Published February 2011

  1. Microsoft WordPad and Office Text Converters Remote Code Execution Vulnerability (MS09-073)

    Qualys ID:
    90572
    Vendor Reference:
    MS09-073
    CVE Reference:
  2. Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerability (MS10-076)

    Qualys ID:
    90648
    Vendor Reference:
    MS10-076
    CVE Reference:
  3. Microsoft Windows Media Player Remote Code Execution Vulnerability (MS10-082)

    Qualys ID:
    90655
    Vendor Reference:
    MS10-082
    CVE Reference:
  4. Microsoft Internet Explorer Remote Code Execution Vulnerability (MS10-090)

    Qualys ID:
    100094
    Vendor Reference:
    MS10-090
    CVE Reference:
  5. Microsoft Office PowerPoint Could Allow Remote Code Execution (MS09-017)

    Qualys ID:
    110094
    Vendor Reference:
    MS09-017
    CVE Reference:
  6. Microsoft Windows Indeo Codec Could Allow Remote Code Execution (KB954157)

    Qualys ID:
    116751
    Vendor Reference:
    MS Security Advisory 954157, MS Security Advisory 955759
    CVE Reference:
  7. Adobe Shockwave Player Remote Code Execution Vulnerabilities (APSB10-20)

    Qualys ID:
    118432
    Vendor Reference:
    APSB10-20
    CVE Reference:
  8. Oracle Java SE Critical Patch Update - October 2010

    Qualys ID:
    118597
    Vendor Reference:
    Java Critical Patch Update Oct 2010
    CVE Reference:
  9. Adobe Flash Player Unspecified Code Execution Vulnerability (APSB10-26)

    Qualys ID:
    118667
    Vendor Reference:
    APSB10-26
    CVE Reference:
  10. Adobe Reader and Acrobat Unspecified Code Execution And Memory Corruption Vulnerability (APSA10-05, APSB10-28)

    Qualys ID:
    118670
    Vendor Reference:
    APSA10-05, APSB10-28
    CVE Reference:

Top 10 External Vulnerabilities Published February 2011

  1. Apache HTTP Server Multiple Cross-Site Scripting Vulnerabilities

    Qualys ID:
    12260
    Vendor Reference:
    RHSA-2008:0004, RHSA-2008:0005, RHSA-2008:0006, RHSA-2008:0007, RHSA-2008:0008
    CVE Reference:
  2. SSH Protocol Version 1 Supported

    Qualys ID:
    38304
    Vendor Reference:
    No Vendor Reference
    CVE Reference:
  3. OpenSSH Signal Handling Vulnerability

    Qualys ID:
    38560
    Vendor Reference:
    No Vendor Reference
    CVE Reference:
  4. OpenSSL Multiple Vulnerabilities

    Qualys ID:
    38561
    Vendor Reference:
    Advisory, FEDORA-2006-1004, FEDORA-2006-1373, USN-353-2
    CVE Reference:
  5. Null Session/Password NetBIOS Access

    Qualys ID:
    70003
    Vendor Reference:
    No Vendor Reference
    CVE Reference:
  6. Internet Information Services (IIS) Could Allow Elevation of Privilege (MS09-020)

    Qualys ID:
    86837
    Vendor Reference:
    MS09-020
    CVE Reference:
  7. Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067) and Shadow Brokers (ECLIPSEDWING)

    Qualys ID:
    90464
    Vendor Reference:
    MS08-067
    CVE Reference:
  8. Microsoft SMB Remote Code Execution Vulnerability (MS09-001)

    Qualys ID:
    90477
    Vendor Reference:
    MS09-001
    CVE Reference:
  9. EOL/Obsolete Operating System: Microsoft Windows 2000 Detected

    Qualys ID:
    105359
    Vendor Reference:
    Windows 2000 End of Life
  10. PHP Multiple Buffer Overflow Vulnerabilities

    Qualys ID:
    116063
    Vendor Reference:
    PHP 4.4.9, PHP 5.2.8
    CVE Reference:

Archive of Top 10 Vulnerabilities

Email or call us at +1 800 745 4355 or try our Global Contacts
Subscription Packages
Qualys Solutions
Qualys Community
Company
Free Trial & Tools
Popular Topics