Vulnerabilities That Has Own Names

Generally vulnerabilities are named with a code such as CVE-2015-0235. CVE stands for “Common Vulnerabilities and Exposures”, which is a list of entries for publicly known cybersecurity vulnerabilities.

However, some vulnerabilities become so widespread or more serious than others get their own names. If you see these being reported, it means that they are pretty big deals. Here are some notable recent vulnerabilities and what they do:

CRIME (CVE-2012-4929)

CRIME is a security attack that targets secure Sockets Layer (SSL) and Transport Layer Security (TLS) encryption used to protect Internet traffic. It exploits compression in these protocols to reveal sensitive information, such as session cookies and authentication credentials.

SHELLSHOCK (CVE-2014-6271)

SHELLSHOCK is a critical security flaw in the Bash shell, which is a common command-line interpreter used on many Unix-like operating systems. SHELLSHOCK could allow an attacker to execute arbitrary code and gain complete control of the system. Also known as the “Bash Bug”.

DRUPALDUNGEON (CVE-2014-3704)

DRUPALDUNGEON is a vulnerability in the popular Drupal content management system that could allow an attacker to take over a website or server.

POODLE (CVE-2014-3566)

POODLE is another attack that exploits how SSL 3.0 works. Because SSL 3.0 is outdated and not very secure, POODLE can force browsers to downgrade to this older protocol so that attackers can decrypt and read sensitive information like session cookies.

HEARTBLEED (CVE-2014-0160)

HEARTBLEED is a serious security flaw in the widely used OpenSSL cryptography library. It allows attackers to eavesdrop on communications, steal data directly from the services and users they attack, and impersonate them.

SUPERFISH

SUPERFISH is malicious software that was pre-installed on some Lenovo laptops. It allows attackers to intercept and decrypt HTTPS traffic, including sensitive information like banking details and passwords.

STAGEFRIGHT (CVE-2015-1538)

STAGEFRIGHT is a critical security flaw in Android’s media playback engine that could allow an attacker to take over a device just by sending a specially crafted multimedia message (MMS).

FREAK (CVE-2015-0204)

FREAK is a security attack that targets the encryption used to protect communications between websites and users. It allows attackers to intercept and decrypt HTTPS traffic, including sensitive information like banking details and passwords.

LOGJAM (CVE-2015-4000)

LOGJAM is a security attack that targets the encryption used to protect communications between websites and users. It allows attackers to intercept and decrypt HTTPS traffic, including sensitive information like banking details and passwords.

VENOM (CVE-2015-3456)

VENOM is a critical security flaw in virtualization software that could allow an attacker to take over the underlying server or host system.

SWEET32 (CVE-2016-2183)

SWEET32 is a vulnerability in the popular OpenSSL cryptography library that could allow an attacker to decrypt and read sensitive information like session cookies and authentication credentials.

DIRTY COW (CVE-2016-5195)

DIRTY COW is a critical security flaw in the Linux kernel that could allow an attacker to gain root access to a vulnerable system.

DROWN (CVE-2016-0800)

DROWN is a security attack that targets the encryption used to protect communications between websites and users. It allows attackers to intercept and decrypt HTTPS traffic, including sensitive information like banking details and passwords.

HEIST (CVE-2016-7152)

HEIST is a vulnerability in the popular OpenSSL cryptography library that could allow an attacker to decrypt and read sensitive information like session cookies and authentication credentials.

BLUEBorne ( CVE-2017-1000251 & CVE-2017-1000252)

BLUEBorne is a set of eight security vulnerabilities in the Android operating system that could allow an attacker to take over a vulnerable device.

SAMBA CRY (CVE-2017-7494)

SAMBA CRY is a critical security flaw in the Samba file sharing software that could allow an attacker to take over a system just by sending a specially crafted file.

ETERNALBLUE (CVE-2017-0144)

ETERNALBLUE is a critical security flaw in Microsoft Windows that could allow an attacker to take over a system just by opening a specially crafted file.

KRACK (CVE-2017-13080)

KRACK is a critical security flaw in the WPA2 protocol that could allow an attacker to eavesdrop on communications, steal data directly from the devices and users they attack, and impersonate them.

MELTDOWN (CVE-2017-5754)

MELTDOWN is a critical security flaw in Intel processors that could allow an attacker to bypass security controls and read sensitive data from the kernel or other programs running on the affected system.

SPECTRE (CVE-2017-5753)

SPECTRE is a critical security flaw in Intel processors that could allow an attacker to bypass security controls and read sensitive data from the kernel or other programs running on the affected system.

BLEEDINGBIT (CVE-2018-5383 & CVE-2018-5384)

BLEEDINGBIT is a set of two security flaws in certain models of Texas Instruments Bluetooth Low Energy (BLE) chips that could allow an attacker to remotely take over vulnerable devices.

BlueKeep (CVE-2019-0708)

BlueKeep is a remote code execution vulnerability exists in Remote Desktop Services. An attacker could execute arbitrary code on the target system.

SMBGHOST (CVE-2020-0796)

SMBGHOST is a critical security flaw in Microsoft's SMB protocol that could allow an attacker to take over a system just by sending a specially crafted packet.

ZEROLOGON (CVE-2020-1472)

The NETLOGON vulnerability is a severe security problem in Microsoft's Netlogon protocol that might let an attacker takeover a domain controller and the systems in the domain.

CURVEBALL (2020-0601)

CURVEBALL is a critical Microsoft CryptoAPI vulnerability that may allow an attacker to generate fraudulent certificates and impersonate any website or server.

GHOSTCAT (CVE-2020-1938)

It's a critical vulnerability in the Apache Tomcat, and it could allow attackers to access sensitive configuration files and source code or execute arbitrary code.

BAD NEIGHBOR (CVE-2020-16898)

A serious security hole in Microsoft's SMB protocol might allow an attacker to take over a machine simply by sending a specially crafted packet.

SIGRed (CVE-2020-1350)

SIGRed is a critical security flaw in Microsoft's Domain Name System (DNS) software that could allow an attacker to take over a system just by sending a specially crafted packet.

LOG4SHELL (CVE-2021-44228)

This is a serious security flaw in the Apache log4j logging library that may let an attacker take over a system simply by delivering a carefully crafted log file.

PROXYSHELL (CVE-2020-8794)

ProxyShell identifies a number of vulnerabilities affecting Microsoft Exchange servers. An attacker who successfully exploited this vulnerability could bypass authentication and execute code as a privileged user.

PROXYLOGON (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)

PROXYLOGON is a set of four critical security flaws in Microsoft Exchange Server that could allow an attacker to take over a system just by sending a specially crafted email. This vulnerabilities can cause huge damage because of their wormable nature.

HiveNightmare (CVE-2021-36934)

HiveNightmare is a critical Windows elevation of privilege vulnerability. It can be exploited by an attacker to take complete control of a system just by running a specially crafted program.

FOLLINA (CVE 2022-30190)

An attacker may leverage this vulnerability by using a malicious Microsoft Word document that uses the Microsoft Support Diagnostic Tool (ms-msdt protocol) to execute Windows PowerShell commands.

SPRING4SHELL (CVE-2022-22965)

SPRING4SHELL is a critical security flaw in the Spring Framework that could allow an attacker to take over a system just by sending a specially crafted HTTP request.

As you can see, there are many vulnerabilities that have their own names. Some of them are CVE-numbered, while others aren't. And some of them are critical, while others aren't.

But one thing is for sure: if you want to protect your system from these threats, you need to be aware of them and take steps to mitigate their risks.

See our marketplace to check our cyber security products and services.