Top 10 Vulnerabilities

The Top 10 External and Top 10 Internal Vulnerabilities are dynamic lists of the most prevalent and critical security vulnerabilities in the real world. Based on the Laws of Vulnerabilities, this information is computed anonymously from over 200 million IP audits per year. The Top 10 External Vulnerabilities are the most prevalent and critical vulnerabilities which have been identified on Internet facing systems. The Top 10 Internal Vulnerabilities show this information for systems and networks inside the firewall.

The two Top 10 lists exclude vulnerabilities that do not have patches, even if workarounds are available, because these lists are tools to help prioritize remediation.

Top 10 Internal Vulnerabilities: May 2012

Title	QualysID	Ext. Reference
Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (MS12-020) CVE-2012-0002, CVE-2012-0152	90783	MS12-020
Microsoft Internet Explorer Cumulative Security Update (MS12-023) CVE-2012-0168, CVE-2012-0169, CVE-2012-0170, CVE-2012-0171, CVE-2012-0172	100113	MS12-023
Microsoft Windows C Run-Time Library Remote Code Execution Vulnerability (MS12-013) CVE-2012-0150	90773	MS12-013
Microsoft .NET Framework Remote Code Execution Vulnerabilities (MS12-035) CVE-2012-0160, CVE-2012-0161	90801	MS12-035
Microsoft Windows Media Remote Code Execution Vulnerability (MS12-004) CVE-2012-0003, CVE-2012-0004	90767	MS12-004
Oracle Java SE Critical Patch Update - February 2012 CVE-2012-0497, CVE-2012-0498, CVE-2012-0499, CVE-2012-0500, CVE-2012-0501, CVE-2012-0502, CVE-2012-0503, CVE-2012-0504, CVE-2012-0505, CVE-2012-0506, CVE-2012-0507, CVE-2011-3563, CVE-2011-5035	119956	Oracle JAVA CPU FEB 2012
Java for OS X 2012-003 and Java for Mac OS X 10.6 Update 8 (APPLE-SA-2012-04-12-1) CVE-2011-1967	120216	APPLE-SA-2012-04-12-1
Adobe Flash Player Object Confusion Vulnerability (APSB12-09) CVE-2012-0779	120204	APSB12-09
Adobe Acrobat and Reader Multiple Vulnerabilities (APSB12-08) CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777	120103	APSB12-08
Microsoft Windows Common Controls Remote Code Execution Vulnerability (MS12-027) CVE-2012-0158	90793	MS12-027

Top 10 External Vulnerabilities: May 2012

Title	QualysID	Ext. Reference
SSL Server Allows Anonymous Authentication Vulnerability N/A	38142	N/A
EOL/Obsolete Operating System : Microsoft Windows 2000 Detected GENERIC-MAP-NOMATCH	105359	Windows 2000 End of Life
PHP apache_request_headers Buffer Overflow and PHP-CGI Query String Parameter Vulnerabilities CVE-2012-2311, CVE-2012-2329	12551	PHP Change Log
SSH Protocol Version 1 Supported CVE-2001-1473	38304	N/A
Samba Remote Code Execution Vulnerability CVE-2012-1182	70064	Samba Security Advisory
Cisco IOS Telnet Service Remote Denial of Service Vulnerability CVE-2004-1464	38308	cisco-sa-20040827-telnet
Microsoft SMB Remote Code Execution Vulnerability (MS09-001) CVE-2008-4834, CVE-2008-4835, CVE-2008-4114	90477	MS09-001
Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067) CVE-2008-4250	90464	MS08-06
JBoss Application Server Web Console and JMX Management Console Authentication Bypass Vulnerability CVE-2010-1428, CVE-2010-1429, CVE-2010-0738	86882	Bug 585899

Previous Top 10 Vulnerability Lists

Research
Top 10 Vulnerabilities

Top 10 Vulnerabilities

Top 10 Internal Vulnerabilities: May 2012

Top 10 External Vulnerabilities: May 2012

Previous Top 10 Vulnerability Lists

Stay Connected with Qualys

Free Services & Trials

Qualys Community

Other Links