Top 15 Linux vulnerabilities exploited by hackers

Top 15 Linux vulnerabilities exploited by hackers

Cybersecurity experts from Trend Micro analyzed the threat landscape of Linux systems and highlighted the main threats and vulnerabilities affecting this operating system in the first half of 2021.


An analysis of about 15 million malware incidents involving Linux-based cloud environments revealed that crypto miners and ransomware accounted for 54% of all malware, while web shells accounted for 29%.


The researchers also compiled a list of 15 different vulnerabilities that were actively exploited by attackers in real attacks or had PoC code to exploit them:

  • CVE-2017-5638 (CVSS score: 10.0) - Apache Struts 2 Remote Code Execution (RCE) vulnerability.
  • CVE-2017-9805 (CVSS score: 8.1) - RCE vulnerability in REST plugin for Apache Struts 2, XStream RCE;
  • CVE-2018-7600 (CVSS score: 9.8) - RCE vulnerability in Drupal Core;
  • CVE-2020-14750 (CVSS score: 9.8) - RCE vulnerability in Oracle WebLogic Server;
  • CVE-2020-25213 (CVSS score: 10.0) - RCE vulnerability in WordPress File Manager plugin (wp-file-manager);
  • CVE-2020-17496 (CVSS score: 9.8) - RCE vulnerability of missing authorization check in vBulletin 'subwidgetConfig';
  • CVE-2020-11651 (CVSS score: 9.8) - SaltStack Salt Authorization Vulnerability.
  • CVE-2017-12611 (CVSS score: 9.8) - RCE vulnerability in OGNL expression in Apache Struts.
  • CVE-2017-7657 (CVSS score: 9.8) - Eclipse Jetty integer block length overflow vulnerability.
  • CVE-2021-29441 (CVSS score: 9.8) - Alibaba Nacos AuthFilter Authentication Bypass Vulnerability.
  • CVE-2020-14179 (CVSS Rating: 5.3) Atlassian Jira Information Disclosure Vulnerability.
  • CVE-2013-4547 (CVSS score: 8.0) - Nginx URI String Access Restriction Bypass Vulnerability.
  • CVE-2019-0230 (CVSS score: 9.8) - RCE vulnerability in Apache Struts 2;
  • CVE-2018-11776 (CVSS score: 8.1) - RCE vulnerability in OGNL expression in Apache Struts.
  • CVE-2020-7961 (CVSS Score: 9.8) - Liferay Portal Untrusted Deserialization Vulnerability.

In addition, the 15 most used Docker images in the official Docker Hub repository contain hundreds of vulnerabilities covering Python, Node, WordPress, Golang, Nginx, Postgres, InfluxDB, HTTPd, MySQL, Debian, Memcached, Redis, MongoDB, CentOS, and RabbitMQ, highlighting the need to protect containers from a wide range of potential threats at every stage of development.

Previous Post Next Post