BleepingComputer reported today on an update to the Mitre list of top software attacks, bugs, and vulnerabilities. This list reports the “most common and dangerous weaknesses plaguing software throughout the previous two years”. The ranked list is based on scoring using Common Vulnerabilities and Exposures (CVE) data from 2019 and 2020 obtained from the National Vulnerability Database (NVD).
I found it interesting that OS command injection and path traversal both moved up the list into the top 10. Those are two simple weaknesses that have been around for a long time.
The BleepingComputer article also referenced the US Cybersecurity and Infrastructure Security Agency (CISA) publication (May 2020) of the top 10 routinely exploited security vulnerabilities between 2016 and 2019 (Note: Link is to a PDF). That CISA top 10 list is a valuable resource for information and network defenders as it calls out specific malware that you can then arrange your defenses (anti virus / malware, Firewall & IDS rules, SIEM reporting) around.