The 25 Most Dangerous Software Vulnerabilities To Watch Out For

Mitre has released its rundown of the most widespread and critical vulnerabilities in software, many of which are easy to find and can be exploited by cyber criminals to take over systems, steal data or crash applications and even computers.

The 2021 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses details the most common and most impactful security issues.  

The list is based on published Common Vulnerabilities and Exposures (CVE) data, as well as data from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) and the Common Vulnerability Scoring System (CVSS) scores of the CVEs. 

Top of the list with the highest score by some margin is CWE-787: Out-of-bounds Write, a vulnerability where software writes past the end, or before the beginning, of the intended buffer. Like many of the vulnerabilities in the list this can lead to corruption of data and crashing systems, as well as the ability for attackers to execute code. 

"These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working," Mitre said in a blog post. 

Mitre Corporation is an US non-for-profit organisation behind the MITRE ATT&CK framework - a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. 

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)  

Second in the list is CWE-79: Improper Neutralization of Input During Web Page Generation, a cross-site scripting vulnerability which doesn't correctly neutralise inputs before being placed as outputs on a website. This can lead to attackers being able to inject malicious script and allow them to steal sensitive information and send other malicious requests, particularly if they able to gain administrator privileges. 

Third in the list is CWE-125: Out-of-bounds Read, a vulnerability which can allow attackers read sensitive information from other memory locations or cause a crash.

While many of the vulnerabilities are potentially very damaging if they're discovered and exploited by cyber criminals, the weaknesses can often be countered, particularly for those for which a security patch is available. Applying security patches to fix known vulnerabilities is one of the key things that organisations can do to help protect their networks from cyber attacks and intrusions. 

The 2021 CWE Top 25 uses NVD data from the years 2019 and 2020, which consists of approximately 32,500 CVEs that are associated with a weakness. The full list is available on the CWE website.

MORE ON CYBERSECURITY

RECENT NEWS

Reassessing AI Investments: What The Correction In US Megacap Tech Stocks Signals

The recent correction in US megacap tech stocks, including giants like Nvidia, Tesla, Meta, and Alphabet, has sent rippl... Read more

AI Hype Meets Reality: Assessing The Impact Of Stock Declines On Future Tech Investments

Recent declines in the stock prices of major tech companies such as Nvidia, Tesla, Meta, and Alphabet have highlighted a... Read more

Technology Sector Fuels U.S. Economic Growth In Q2

The technology sector played a pivotal role in accelerating America's economic growth in the second quarter of 2024.The ... Read more

Tech Start-Ups Advised To Guard Against Foreign Investment Risks

The US National Counterintelligence and Security Center (NCSC) has advised American tech start-ups to be wary of foreign... Read more

Global IT Outage Threatens To Cost Insurers Billions

Largest disruption since 2017’s NotPetya malware attack highlights vulnerabilities.A recent global IT outage has cause... Read more

Global IT Outage Disrupts Airlines, Financial Services, And Media Groups

On Friday morning, a major IT outage caused widespread disruption across various sectors, including airlines, financial ... Read more