{"id":13538636,"url":"https://github.com/hannob/vulns","last_synced_at":"2026-02-06T13:02:27.375Z","repository":{"id":45669466,"uuid":"160244319","full_name":"hannob/vulns","owner":"hannob","description":"Named vulnerabilities and their practical impact","archived":false,"fork":false,"pushed_at":"2021-12-23T16:42:49.000Z","size":202,"stargazers_count":432,"open_issues_count":3,"forks_count":29,"subscribers_count":39,"default_branch":"master","last_synced_at":"2025-03-26T19:17:03.321Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hannob.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-12-03T19:42:39.000Z","updated_at":"2025-03-22T11:01:37.000Z","dependencies_parsed_at":"2022-07-19T04:47:49.139Z","dependency_job_id":null,"html_url":"https://github.com/hannob/vulns","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/hannob/vulns","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hannob%2Fvulns","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hannob%2Fvulns/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hannob%2Fvulns/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hannob%2Fvulns/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hannob","download_url":"https://codeload.github.com/hannob/vulns/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hannob%2Fvulns/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265982830,"owners_count":23859573,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T09:01:14.385Z","updated_at":"2026-02-06T13:02:22.327Z","avatar_url":"https://github.com/hannob.png","language":null,"funding_links":[],"categories":["Vulnerability","\u003ca id=\"683b645c2162a1fce5f24ac2abfa1973\"\u003e\u003c/a\u003e漏洞\u0026\u0026漏洞管理\u0026\u0026漏洞发现/挖掘\u0026\u0026漏洞开发\u0026\u0026漏洞利用\u0026\u0026Fuzzing"],"sub_categories":["Other","\u003ca id=\"9d1ce4a40c660c0ce15aec6daf7f56dd\"\u003e\u003c/a\u003e未分类-Vul"],"readme":"# Vulnerabilities and Attacks\n\nHave vulnerabilities been used in real world attacks?\n\n| Logo | Name | Year | Target | Description | Real attack? | Notes/Sources |\n| :---: | :--- | :--- | :--- | :--- | :--- | :--- |\n| \u003cimg src=\"logo/slowloris.png\" height=\"50\" width=\"74\"\u003e | [Slowloris](https://web.archive.org/web/20090822001255/http://ha.ckers.org/slowloris/) | 2009 | HTTP servers | Denial of service by keeping connections open | Yes | [Abused by Spammers](https://web.archive.org/web/20170306152831/https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire) |\n| - | [BEAST](https://www.youtube.com/watch?v=-BjpkHCeqU0) | 2011 | TLS 1.0 | Attacking implicit IV in CBC mode encryption | No | - |\n| - | [CRIME](https://en.wikipedia.org/wiki/CRIME) | 2012 | TLS | TLS Compression leaks information | No | - |\n| \u003cimg src=\"logo/breach.png\" height=\"50\"\u003e | BREACH | 2013 | TLS | HTTP compression inside TLS leaks information | No | - |\n| - | [TIME](https://www.youtube.com/watch?v=rTIpFfTp3-w) | 2013 | TLS | Compression attack with Javascript/TCP sidechannel | No | - |\n| \u003cimg src=\"logo/heartbleed.svg\" height=\"50\"\u003e | [Heartbleed](http://heartbleed.com/) | 2014 | OpenSSL | Buffer overread leaking server memory | Yes | [Reuters/Canadian tax agency](https://www.reuters.com/article/us-cybersecurity-heartbleed/heartbleed-blamed-in-attack-on-canada-tax-agency-more-expected-idUSBREA3D1PR20140414) [JPMorgan Hack](https://techcrunch.com/2018/09/10/prosecutors-charge-russian-accused-of-hacking-jp-morgan-dow-jones/) |\n| \u003cimg src=\"logo/ccsinjection.svg\" height=\"50\"\u003e | [CCS Injection](http://ccsinjection.lepidum.co.jp/) | 2014 | OpenSSL | State machine confusion via early CCS | No | - |\n| \u003cimg src=\"logo/shellshock.svg\" height=\"50\"\u003e | [Shellshock](https://en.wikipedia.org/wiki/Shellshock_(software_bug)) | 2014 | Bash | Remote code execution via variables | Yes | [Cloudflare/Exploits](https://blog.cloudflare.com/inside-shellshock/) |\n| - | [Drupalgeddon](https://www.drupal.org/forum/newsletters/security-advisories-for-drupal-core/2014-10-15/sa-core-2014-005-drupal-core-sql) | 2014 | Drupal | SQL Injection leading to RCE | Yes | [Drupal/Automated attacks after 7h](https://www.drupal.org/forum/newsletters/security-public-service-announcements/2014-10-29/drupal-core-highly-critical) |\n| - | [POODLE](https://www.openssl.org/~bodo/ssl-poodle.pdf) | 2014 | SSLv3 | Padding oracle with downgrade attack | No | - |\n| - | [goto fail](https://www.imperialviolet.org/2014/02/22/applebug.html) | 2014 | Apple iOS | Typo in source code disabling TLS certificate verification | No | - |\n| - | [GHOST](https://blog.qualys.com/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability) | 2015 | Glibc | Buffer overflow via DNS | No | - |\n| - | [FREAK](https://www.freakattack.com/) | 2015 | TLS | Downgrade to export ciphers | No | - |\n| - | [Superfish](https://en.wikipedia.org/wiki/Superfish) | 2015 | Lenovo laptops | Bundled software with shared root certificate | No | - |\n| - | [Rowhammer](https://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html) | 2015 | DRAM | Bitflips in RAM modules | No | - |\n| - | [Logjam](https://weakdh.org/) | 2015 | TLS | Weak diffie hellman parameters | No* | Speculation this may've been exploited by the NSA |\n| - | [Stagefright](https://en.wikipedia.org/wiki/Stagefright_(bug)) | 2015 | Stagefright/Android | Memory corruption in media parsers | No | - |\n| \u003cimg src=\"logo/venom.png\" width=\"72\" height=\"50\"\u003e | [VENOM](https://venom.crowdstrike.com/) | 2015 | QEMU | VM escape | No | - |\n| \u003cimg src=\"logo/drown.svg\" height=\"50\"\u003e | [DROWN](https://drownattack.com/) | 2016 | TLS/SSLv2 | Bleichenbacher attack using SSLv2 | No | - |\n| \u003cimg src=\"logo/badlock.svg\" height=\"50\"\u003e | [Badlock](https://web.archive.org/web/20170608065927/http://badlock.org/) | 2016 | Samba/SMB | Various man in the middle attacks | No | - |\n| - | [ImageTragick](https://imagetragick.com/) | 2016 | Imagemagick | Remote code execution in image parsers | Yes | [Cloudflare reporting attacks](https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/) |\n| - | [HEIST](https://tom.vg/papers/heist_blackhat2016.pdf) | 2016 | TLS | Compression attack with Javascript/TCP sidechannel | No | - |\n| \u003cimg src=\"logo/sweet32.svg\" height=\"50\"\u003e | [Sweet32](https://sweet32.info/) | 2016 | TLS/3DES | Block collissions in 64 bit block ciphers | No | - |\n| \u003cimg src=\"logo/dirtycow.svg\" height=\"50\"\u003e | [Dirty COW](https://dirtycow.ninja/) | 2016 | Linux Kernel | Race condition leading to local root exploit | Yes | [ZDNet/Drupalgeddon2/DirtyCOW attacks](https://www.zdnet.com/article/hackers-use-drupalgeddon-2-and-dirty-cow-exploits-to-take-over-web-servers/) [TrendMicro/ZNIU Android Malware](https://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/) |\n| \u003cimg src=\"logo/krack.png\" height=\"50\"\u003e | [KRACK](https://www.krackattacks.com/) | 2017 | WPA2 | Nonce reuse in wireless encryption | No | - |\n| \u003cimg src=\"logo/duhk.svg\" height=\"50\"\u003e | [DUHK](https://duhkattack.com/) | 2017 | FortiOS | Hardcoded key in FIPS-certified X9.31 RNG | No | - |\n| \u003cimg src=\"logo/robot.svg\" height=\"50\"\u003e | [ROBOT](https://robotattack.org/) | 2017 | TLS | Lack of Bleichenbacher attack countermeasures | No | - |\n| - | [EternalBlue](https://en.wikipedia.org/wiki/EternalBlue) | 2017 | Windows/SMBv1 | Remote code exection via SMB | Yes | [WaPo/NSA use](https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html?utm_term=.494c978e2f2e), [WannaCry](https://en.wikipedia.org/wiki/WannaCry_ransomware_attack), [NotPetya](https://en.wikipedia.org/wiki/Petya_(malware)) |\n| - | [SambaCry](https://www.samba.org/samba/security/CVE-2017-7494.html) | 2017 | Samba | RCE via Samba shares | Yes | [Kaspersky/Honeypot attacks](https://securelist.com/sambacry-is-coming/78674/) |\n| \u003cimg src=\"logo/meltdown.svg\" height=\"50\"\u003e | [Meltdown](https://meltdownattack.com/) | 2018 | CPU/OS | Speculative execution sidechannel attacking root/user barrier | No | - |\n| \u003cimg src=\"logo/spectre.svg\" height=\"50\" width=\"63\"\u003e | [Spectre](https://spectreattack.com/) | 2018 | CPU/OS | Speculative execution sidechannel attacking program flow | No | - |\n| - | [Drupalgeddon 2](https://www.drupal.org/sa-core-2018-002) | 2018 | Drupal | Remote code execution | Yes | [ZDNet/Drupalgeddon2/DirtyCOW attacks](https://www.zdnet.com/article/hackers-use-drupalgeddon-2-and-dirty-cow-exploits-to-take-over-web-servers/) |\n| \u003cimg src=\"logo/efail.svg\" height=\"50\"\u003e | [EFAIL](https://efail.de/) | 2018 | OpenPGP/SMIME | Exfiltrate decrypted mails with HTML | No | - |\n| - | [Bleichenbacher's CAT](http://cat.eyalro.net/) | 2018 | TLS | Lack of Bleichenbacher attack countermeasures | No | - |\n\nFAQ\n===\n\nWhat?\n-----\n\nI'm wondering how many of the \"famous\" security vulnerabilities have actually been used in attacks that\nhave been documented, so I made a list.\n\nCouldn't there be unknown attacks?\n----------------------------------\n\nObviously this list can only cover attacks that have been publicly documented, particularly targetted\nattacks or attacks within communities with low transparency.\n\nStill if attacks have been widely used it's reasonable to assume that someone will have documented them.\n\nThe table is wrong! Attack X has been used!\n-------------------------------------------\n\nPlease open an issue or a pull request. I created this repo to learn whether my assumptions are correct.\n\nWhat counts as a real world attack?\n-----------------------------------\n\nI realize the distinction can be blurry, but it should be an attack that has been carried out without\nthe consent of the owner of the affected system and it should've successfully compromised some security\nexpectation.\n\nAlso there should be at least one publicly available description with sufficient detail to make the attack\nplausible, not just vague rumors.\n\nThere's an important attack missing!\n------------------------------------\n\nOpen an issue or a pull request, but I may close it if I believe the attack hasn't received sufficient\nattention or is a pure marketing stunt.\n\nThere's a logo missing!\n-----------------------\n\nLikely due to unclear licensing terms. All logos used here are under free licenses.\n\nCopyright\n=========\n\nThe document and most logos are CC0 / public domain, with [some exceptions](LICENSE).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhannob%2Fvulns","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhannob%2Fvulns","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhannob%2Fvulns/lists"}