Vulnerability Priority: Ranking from High to Low


When it comes to managing vulnerabilities in software systems, prioritization is crucial. Not all vulnerabilities are created equal, and understanding their potential impact is essential for effective risk management. In this article, we will discuss the concept of vulnerability prioritization and provide a list ranking vulnerabilities from high to low, based on their severity and potential risk.

Critical vulnerabilities:

These vulnerabilities pose the highest level of risk and can result in severe consequences if exploited. They often allow attackers to gain full control over the system, compromise sensitive data, or execute malicious code remotely. Critical vulnerabilities require immediate attention and remediation.

High-severity vulnerabilities:

These vulnerabilities have a significant potential for exploitation and can lead to substantial harm if left unaddressed. While they may not be as severe as critical vulnerabilities, they still pose a considerable risk and demand prompt action to mitigate the potential impact.

Medium-severity vulnerabilities:

Vulnerabilities in this category have a moderate level of risk associated with them. While they may not result in immediate critical damage, they can still be exploited to gain unauthorized access, compromise system integrity, or disclose sensitive information. It is important to address these vulnerabilities within a reasonable timeframe.

Low-severity vulnerabilities:

These vulnerabilities have a relatively lower risk and may have limited impact on the system’s security. They often require specific conditions or complex attacks to be exploited successfully. While they should not be ignored, they can be prioritized lower compared to higher-severity vulnerabilities.

Informational vulnerabilities:

This category includes vulnerabilities that do not pose an immediate threat to the system’s security. They provide informational insights or potential areas for improvement but do not require immediate action. While not a priority, it is still valuable to address them as part of an overall security enhancement strategy.


Vulnerability prioritization is a vital process in managing and mitigating risks effectively. By ranking vulnerabilities from high to low based on their severity and potential impact, organizations can allocate their resources and efforts efficiently to address the most critical issues first. However, it is important to note that the prioritization should be tailored to the specific context and environment of each organization. Regular assessments, proactive security measures, and timely patching are key elements in maintaining a secure system against potential threats.

upgrading php 5.4 to 5.6 on CentOS 7


  • First we need to check the current version of PHP. To check the version of PHP run following command:
# php -v
PHP 5.4.35 (cli) (built: Nov 14 2014 07:04:10)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
    with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2015, by Zend Technologies
  • To upgrade php, first you must include the Webtatic EL yum repository data relating to your CentOS/RHEL variant to yum:For those running on CentOS/RHEL 7:
    # rpm -Uvh
    # rpm -Uvh

    For those running on CentOS/RHEL 6:

    # rpm -Uvh
  • After installing Webtatic yum repository, you need to remove the old version of php-common package. It will also delete it dependencies packages.
    # yum remove php-common
  • Now we install PHP 5.6 using following command:
    # yum install -y php56w php56w-opcache php56w-xml php56w-mcrypt php56w-gd php56w-devel php56w-mysql php56w-intl php56w-mbstring
  • After installing PHP 5.6, we need to restart Apache service.
    # systemctl restart httpd.service
    # php -v
    PHP 5.6.33 (cli) (built: Apr 17 2015 22:49:36)
    Copyright (c) 1997-2015 The PHP Group
    Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
        with Zend OPcache v7.0.4-dev, Copyright (c) 1999-2015, by Zend Technologies


IP67 what does it mean

There is a lot of confusion regarding the rating systems for cases. In particular for those for Pocket PCs. A unit is described as meeting a particular standard depending on the IP number it belongs.

There are two systems to label a case, the IP system and the MIL-STD-810.

IP Ratings: (Ingress Protection or International Protection) – The Ingress Protection rating system is a classification system showing the degrees of protection from solids and liquids. The first number refers to the protection
against solid objects, normally dust in relation to testing cases. If the first number is 0, there is no protection provided. A number 5 refers to limited protection against dust. The number 6 is for total protection against dust.

The second number of the IP rating system refers to protection against liquids. A zero  indicates no protection, while a 7 refers to protection against immersion between 15 centimeters and 1 meter.

The following two tables give the protection descriptions.

IP First number – Protection against solid objects

0 No special protection
1 Protection against accidental touch by hands
2 Protection against objects such as fingers
3 Protection against tools and wires
4 Protection against tools, wires, small wires
5 Limited protection against dust
6 Protected from dust

IP Second number – Protection against liquids

0 No Protection
1 Protection against vertically dropping condensation
2 Protection against direct sprays of water up to 15 degrees from vert.
3 Protection against direct sprays of water up to 60 degrees from vert.
4 Protection from sprays of water in all directions. Limited water ingress permitted
5 Protection from low pressure jets of water in all directions. Limited water ingress permitted
6 Nearly the same as # 5, except for ship decks
7 Protected against the effects of immersion in water to depth between 15 cm and 1 meter


Most environmentally sealed cases are rated IP67. This meas that they are protected from dust and capable of withstanding water immersion
between 15 cm and 1 meter for 30 minutes.

The MIL-STD-810 standards

The MIL-STD-810 series of standards are issued by the United States Army’s Developmental Test Command, to specify various environmental tests to simulate conditions that the tested item will encounter in the field. The current revision, as of 2006, is revision F, issued January 1, 2000, superseding revision E from 1989.
MIL-STD810 E refers to the type of testing that mobile gear is put through to determine its ruggedness. Rugged mobile gear will state that it is MIL-STD810 E rated or may say it is MIL-STD810 F compliant. They both mean
the same level of ruggedness is applicable. MIL-STD810 F is just a revision of MIL-STD810 E and applies more to the testing process rather than the resulting rating.
MIL-STD810 E and F are the highest standard for ruggedized testing for mobile gear. Always check for this testing result when looking at mobile gear that is labeled as “rugged”. There are 24 categories which are tested and all must obtain the MIL-STD810 E/F rating to be considered rugged.

The 24 categories are as follows:

  • Low Pressure (Altitude)
  • High Temperature
  • Low Temperature
  • Temperature Shock
  • Contamination by Fluids
  • Solar Radiation (Sunshine)
  • Rain Method
  • Humidity
  • Fungus
  • Salt Fog
  • Sand and Dust
  • Explosive Atmosphere
  • Immersion
  • Acceleration
  • Vibration
  • Acoustic Noise
  • Shock
  • Pyroshock
  • Acidic Atmosphere
  • Gunfire Vibration
  • Temperature, Humidity, Vibration, and Altitude
  • Icing/Freezing Rain
  • Ballistic Shock
  • Vibro-Acoustic/Temperature


These categories are tested to determine the environmental worthiness and durability of a design. There are guidelines for each phase of testing in all categories.
All mobile gear to be tested are first run under normal conditions to ensure that they do operate properly and to set a baseline performance.
Tests are conducted in natural environments or in laboratories in simulated conditions. When possible a combination of testing environments is used.

As an example of the rating systems being used, the following image shows the ratings for the Nomad 800 Series Pocket PCs.