Logo bugs
heartbleed apr 2014 CVE-2014-0160 OpenSSL rarely used heartbeat functionality leaks memory which can include private keys shellshock sep 2014 CVE-2014-6271+ bash: controlling an env variable equals code execution due to parse error GHOST jan 2015 CVE-2015-0235 glibc gethostbyname misfortune cookie feb 2015 CVE-2014-9222 dsl isp router authentication bypass venom may 2015 CVE-2015-3456 qemu emulated floppy drive, vm escape stagefright jul 2015 CVE-2015-1538+ android, various bug in stagefright library, code execution when viewing untrusted media drownattack feb 2016 CVE-2016-0800 openssl bleichenbacher attack on sslv2 leaks private key, often same as tls key badlock mar 2016 CVE-2016-2118 smb/samba bug, SAMR and LSA mitm ImageTragick may 2016 CVE-2016-3714 ImageMagick, possible to craft files which when converted execute code phwned may 2016 none privilege escalation admin->root in specific android VOIP devices. httpoxy jul 2016 CVE-2016-5385+ CGI HTTP_PROXY env var conflicts sweet32 aug 2016 CVE-2016-2183+ Birthday attacks on 64-bit block ciphers in TLS and OpenVPN dirtycow oct 2016 CVE-2016-5195 Linux kernel privilege escalation blacknurse nov 2016 none icmp type 3 code 3 DoS attack pwnscriptum dec 2016 CVE-2016-10033 PHPMailer - Remote Code Execution (possibly/probably miscredited) ticketbleed feb 2017 CVE-2016-9244 heartbleed like vulnerability in BIG-IP appliances shattered feb 2017 full sha1 collision cloudbleed feb 2017 cloudflare leaking PII customer data to the internet biterrant mar 2017 pointing out sha1 is used in bittorrent. The actual threat is exagerated. riddle mar 2017 CVE-2017-3305 mysql ssl client/server connections are mitm'able DoubleAgent mar 2017 CVE-2017-5567+ microsoft application verifier hijack, allowing to misappropriate AV Ring-Road apr 2017 QUIC protocol leaking password length stringbleed apr 2017 CVE 2017-5135 SNMP auth bypass (allegedly) antbleed apr 2017 miner device firmware allows remote disabling ghostbutt apr 2017 CVE-2017-8291 Artifex Ghostscript -dSAFER bypass (allegedly) rtpbleed sep 2017 mitm sip calls, without being in the middle due to how rtp proxies deal with NAT ROBOT dec 2017 CVE-2017-17428+ Bleichenbacher's Oracle, again in pcks1.5 meltdown jan 2018 CVE-2017-5754 speculative execution sidechannel leaking memory from pages marked supervisor via cache spectre jan 2018 CVE-2017-5753+ speculative execution sidechannel leaking memory from a victim process on the same CPU holeybeep apr 2018 CVE-2018-0492 local privilege escalation allegedly. (less common) suid binary beep. sirenjack apr 2018 ati systems' sirens can be activated without encryption efail may 2018 CVE-2017-17688+ two bugs in how pgp is handled in mail clients, and cipher block chaining dynoroot may 2018 CVE-2018-1111 redhat dhcp client remote root code execution by malicious dhcp server zipperdown may 2018 alleged app boundary violation in iOS zipslip jun 2018 CVE-2018-1002203+ zip file overwrite aka the old ..\..\ wavethrough jun 2018 CVE-2018-8235 html media element making no-cors requests in unsafe way RAMPAGE jun 2018 CVE-2018-9442 android app seperation bypass foreshadow aug 2018 CVE-2018-3615 speculative execution bugs allowing to read sgx, smm, .. bleedingbit nov 2018 CVE-2018-16986+ Bugs in bluetooth low energy implementations, alleged rce dragonblood apr 2019 various weaknesses in the uncommon WPA3 standard Thrangrycat may 2019 CVE-2019-1649+ Bypass Cisco's Trust Anchor module zombieload may 2019 CVE-2018-12130 Speculative execution intel leaking sgx and vm from root mds may 2019 CVE-2018-12130+ Speculative execution intel sidechannels rambleed jun 2019 CVE-2019-0174 rowhammer; physical address space plundervolt dec 2019 CVE-2019-11157 undervolting as a means to influence sgx cablehaunt jan 2020 CVE-2019-19494+ cable modem firmware buffer overflow cacheout jun 2020 CVE-2020-0549+ intel sepculative execution bug based on cache eviction boothole jul 2020 CVE-2020-10713 grub2 / uefi bypass secure boot revolte aug 2020 attack to decrypt lte platypus nov 2020 CVE-2020-8694+ power sidechannel, RAPL accessible from unprivileged user, breaks aesni/sgx/etc saddns nov 2020 CVE-2020-25705 icmp global rate limit causes sidechannel exposing source port of dns querry reducing entropy, allowing dns cache poisoining fragattacks may 2021 CVE-2020-24586+ multiple design and implementation flaws in WPA2 and WPA3. m1racles may 2021 CVE-2021-30747 read/writable register on Apple M1 arm cpu that is not properly isolated between processes alpaca jun 2021 CVE-2021-31971 TLS multi protocol confusion with subdomains sequoia jul 2021 CVE-2021-33909 local linux privesc, kernel bug large file path cipherleak aug 2021 CVE-2020-12966 AMD SEV-SNP sidechannel. reading ciphertext leads to infoleak spook.js sep 2021 Spectre mitigation in chrome bypass omigod sep 2021 CVE-2021-38647+ Azure's OpenManagementInterface remote code execution bugs smashex oct 2021 CVE-2021-0186+ intel SGX compromise enclaves hertzbleed jun 2022 CVE-2022-23823+ Using frequency scaling of modern cpu as a side channel rolling-pwn jul 2022 CVE-2022-46145 Honda cars allowing to roll back the rolling key counter acropalypse mar 2023 CVE-2023-21036 Information leakage from Pixel screenshot censor tool tetraburst aug 2023 CVE-2022-24401+ Radio Communication network technology used by law enforcement broken crypto 5ghoul dec 2023 CVE-2023-33043+ family of implementation-level 5G vulnerabilities terrapin dec 2023 CVE-2023-48795+ prefix truncation attack on SSH risk:station nov 2024 CVE-2024-10443 Remote root on specific NAS devices
Named bugs
named bugs without logo: shatter dec 2002 MS02-071 WM_TIMER Message Handling privesc BEAST sep 2011 CVE-2011-3389 ssl cbc weakness, made people use rc4 CRIME sep 2012 CVE-2012-4929 ssl info leakage by using chosen plain text and compression size lucky13 feb 2013 CVE-2013-0169 ssl cbc timing oracle (the fix caused the worse bug: CVE-2016-2107) BREACH aug 2013 CVE-2013-3587 ssl compression info leakage POODLE oct 2014 CVE-2014-3566 ssl cbc mitm force downgrade to sslv3 rc4nomore aug 2015 stop people using rc4 FREAK may 2015 CVE-2015-0204 ssl mitm force use "exportgrade rsa" 512 bit keys. logjam may 2015 CVE-2015-4000 dh a lot of software only used one of a small set of weak (<=1024 bit) primes rowhammer jul 2015 CVE-2015-0565 induce faults in physically nearby rows of DRAM possibly belonging to higher priv process cachebleed mar 2016 CVE-2016-0702 ssl sidechannel using cache-banks pre haswell cpus badTunnel jun 2016 CVE-2016-3236 MS16-077 massive WPAD privilege escalation HEIST aug 2016 BREACH/CRIME from browser using malicious javascript (allegedly) quadrooter aug 2016 android rooting bugs(provisional) drammer oct 2016 CVE-2016-6728 rowhammer for ARM/mobile LOBSTER nov 2016 CVE-2016-1000031 serialisation in apache remote exec Devil's Ivy jul 2017 CVE-2017-9765 rce allegedly in library code from gSOAP KRACK nov 2017 wpa handshake problems. Please Stop Naming Vulnerabilities nov 2017 Android kernel bugs PortSmash nov 2018 CVE-2018-5407 sidechannel in intel chips with hyperthreading
Satire bugs
This new trend, and in particular the mismatch between hype and severity of some of these bugs has drawn a lot of criticism. and spawned satirical bugs.
BACKRONYM NoToken sadlock Twitbleed
Please let us know if any of these are POE-days [(c) brainsmoke].
Disclamer
This list does not make any claims about the noteworthyness of these bugs. It also strongly refutes the notion that all bugs with a logo are overhyped. Some have won a pwnie for best bug, some for most overhyped bug.The license of these logos is not always clear, it is however our understanding that the inclusion on this page falls under fair use. More importantly even intended use. However, if you own any of the rights on one of these logos and would like to see it removed contact us at [email protected] and it will be removed immediately.
The list is incomplete, and may contain flaws.
bla