informa
/
Announcements
Event
Beyond Passwords: New Thinking and Strategies for Authentication | January 27 Webinar | <REGISTER NOW>
Event
Securing Your APIs: What You Need to Know | January 25 Webinar | <REGISTER NOW>
Event
Beyond Spam and Phishing: Emerging Email-based Threats | January 18 Webinar | <REGISTER NOW>
PreviousNext
Vulnerabilities/Threats
Slideshow

The 10 Worst Vulnerabilities of The Last 10 Years

From the thousands of vulns that software vendors disclosed over the past 10 years, a few stand out for being a lot scarier than the rest.
Jai Vijayan
Contributing Writer
May 06, 2016
OpenSSL Heartbleed Vulnerability (CVE-2014-0160)
DNS Cache Poisoning Issue: Kaminsky Bug (CVE-2008-1447)
GNU Bash Remote Code Execution Vulnerability: Shellshock (CVE-2014-6271)
Stagefright Vulnerabilities: CVE-2015-1538,CVE-2015-1539,CVE-2015-3824,CVE-2015-3826,CVE-2015-3827,CVE-2015-3828
SSL 3.0 Protocol Vulnerability and POODLE Attack (CVE-2014-3566)
Remote Code Execution Vulnerability in Microsoft Server Service (CVE-2008-4250)
Java Serialization Bug
glibc: getaddrinfo stack-based buffer overflow (CVE-2015-7547)
Bad USB
VENOM Vulnerability (CVE-2015-3456)
1/10

Security vulnerabilities are a fact of life in modern software.

Nearly every product from every vendor has vulnerabilities, and some of them more so than others.

Take Microsoft for instance. CVE Details, a site that chronicles publicly disclosed vulnerabilities shows that in the 10 years starting with 2006 the company has disclosed an astonishing 3,157 security flaws in its products at the rate of more than one vulnerability every two days.

Some 50 percent of them involved errors that allowed malicious code execution. Exploits were created for a total of 192 of those flaws.

But Microsoft is in no way alone. In second place behind it is Oracle with a tally of over 3,100 disclosed vulnerabilities in the last 10 years of which more than 10 percent were announced in 2015. Apple’s products, generally perceived as being more secure than Microsoft’s software, rang up over 2,600 vulnerabilities in the last ten years, a staggering 689 or 26 percent of them in just the last year. Others with a relatively high number of vulnerabilities include IBM, Cisco and Adobe.

Choosing 10 of most egregious flaws from this massive compendium of software errors is not easy given the sheer number of vulnerabilities and range of products involved. Fortunately, only a relatively tiny number of the reported vulnerabilities were of the kind that posed a major threat to users. And only an even smaller number of them rose to the level of a threat with implications for a broad section of users. In some cases, bugs that were dangerous were not easy to exploit. In others, bugs that were easy to exploit did not pose a real threat to security.

Adobe Flash was especially noteworthy for the sheer number of flaws reported in the product in recent years. Though none of them made the Top 10 list, Flash Player vulnerabilities have proved to be a huge headache for everyone. A vulnerability analysis by Recorded Future last year showed that 8 of the top 10 vulnerabilities leveraged by exploit kit makers in 2015 involved Flash Player.

In the following pages (and in no particular order) are 10 vulnerabilities that stood out from the rest over the last 10 years.

 
Next slide
Application SecurityAttacks/BreachesRiskVulnerability ManagementAdvanced Threats
Recommended Reading:
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports
Editors' Choice
Microsoft RDP Bug Enables Data Theft, Smart-Card Hijacking
Jai Vijayan, Contributing Writer
Fighting Back Against Pegasus, Other Advanced Mobile Malware
Costin Raiu, Global Director, Kaspersky GReAT
New Vulnerabilities Highlight Risks of Trust in Public Cloud
Robert Lemos, Contributing Writer
Redefining the CISO-CIO Relationship
Alex Cunningham, Senior Vice President and Chief Information Security Officer, Advisor360°
Webinars
More Webinars
White Papers
More White Papers
Events
More Events
More Insights
White Papers
More White Papers
Webinars
More Webinars
Reports
More Reports