The 10 Worst Vulnerabilities of The Last 10 Years

From the thousands of vulns that software vendors disclosed over the past 10 years, a few stand out for being a lot scarier than the rest.
OpenSSL Heartbleed Vulnerability (CVE-2014-0160)
DNS Cache Poisoning Issue: Kaminsky Bug (CVE-2008-1447)
GNU Bash Remote Code Execution Vulnerability: Shellshock (CVE-2014-6271)
Stagefright Vulnerabilities: CVE-2015-1538,CVE-2015-1539,CVE-2015-3824,CVE-2015-3826,CVE-2015-3827,CVE-2015-3828
SSL 3.0 Protocol Vulnerability and POODLE Attack (CVE-2014-3566)
Remote Code Execution Vulnerability in Microsoft Server Service (CVE-2008-4250)
Java Serialization Bug
glibc: getaddrinfo stack-based buffer overflow (CVE-2015-7547)
VENOM Vulnerability (CVE-2015-3456)

Security vulnerabilities are a fact of life in modern software.

Nearly every product from every vendor has vulnerabilities, and some of them more so than others.

Take Microsoft for instance. CVE Details, a site that chronicles publicly disclosed vulnerabilities shows that in the 10 years starting with 2006 the company has disclosed an astonishing 3,157 security flaws in its products at the rate of more than one vulnerability every two days.

Some 50 percent of them involved errors that allowed malicious code execution. Exploits were created for a total of 192 of those flaws.

But Microsoft is in no way alone. In second place behind it is Oracle with a tally of over 3,100 disclosed vulnerabilities in the last 10 years of which more than 10 percent were announced in 2015. Apple’s products, generally perceived as being more secure than Microsoft’s software, rang up over 2,600 vulnerabilities in the last ten years, a staggering 689 or 26 percent of them in just the last year. Others with a relatively high number of vulnerabilities include IBM, Cisco and Adobe.

Choosing 10 of most egregious flaws from this massive compendium of software errors is not easy given the sheer number of vulnerabilities and range of products involved. Fortunately, only a relatively tiny number of the reported vulnerabilities were of the kind that posed a major threat to users. And only an even smaller number of them rose to the level of a threat with implications for a broad section of users. In some cases, bugs that were dangerous were not easy to exploit. In others, bugs that were easy to exploit did not pose a real threat to security.

Adobe Flash was especially noteworthy for the sheer number of flaws reported in the product in recent years. Though none of them made the Top 10 list, Flash Player vulnerabilities have proved to be a huge headache for everyone. A vulnerability analysis by Recorded Future last year showed that 8 of the top 10 vulnerabilities leveraged by exploit kit makers in 2015 involved Flash Player.

In the following pages (and in no particular order) are 10 vulnerabilities that stood out from the rest over the last 10 years.

Next slide
Recommended Reading: