Have vulnerabilities been used in real world attacks?

Logo	Name	Year	Target	Description	Real attack?	Notes/Sources
	Slowloris	2009	HTTP servers	Denial of service by keeping connections open	Yes	Abused by Spammers
-	BEAST	2011	TLS 1.0	Attacking implicit IV in CBC mode encryption	No	-
-	CRIME	2012	TLS	TLS Compression leaks information	No	-
	BREACH	2013	TLS	HTTP compression inside TLS leaks information	No	-
-	TIME	2013	TLS	Compression attack with Javascript/TCP sidechannel	No	-
	Heartbleed	2014	OpenSSL	Buffer overread leaking server memory	Yes	Reuters/Canadian tax agency JPMorgan Hack
	CCS Injection	2014	OpenSSL	State machine confusion via early CCS	No	-
	Shellshock	2014	Bash	Remote code execution via variables	Yes	Cloudflare/Exploits
-	Drupalgeddon	2014	Drupal	SQL Injection leading to RCE	Yes	Drupal/Automated attacks after 7h
-	POODLE	2014	SSLv3	Padding oracle with downgrade attack	No	-
-	goto fail	2014	Apple iOS	Typo in source code disabling TLS certificate verification	No	-
-	GHOST	2015	Glibc	Buffer overflow via DNS	No	-
-	FREAK	2015	TLS	Downgrade to export ciphers	No	-
-	Superfish	2015	Lenovo laptops	Bundled software with shared root certificate	No	-
-	Rowhammer	2015	DRAM	Bitflips in RAM modules	No	-
-	Logjam	2015	TLS	Weak diffie hellman parameters	No*	Speculation this may've been exploited by the NSA
-	Stagefright	2015	Stagefright/Android	Memory corruption in media parsers	No	-
	VENOM	2015	QEMU	VM escape	No	-
	DROWN	2016	TLS/SSLv2	Bleichenbacher attack using SSLv2	No	-
	Badlock	2016	Samba/SMB	Various man in the middle attacks	No	-
-	ImageTragick	2016	Imagemagick	Remote code execution in image parsers	Yes	Cloudflare reporting attacks
-	HEIST	2016	TLS	Compression attack with Javascript/TCP sidechannel	No	-
	Sweet32	2016	TLS/3DES	Block collissions in 64 bit block ciphers	No	-
	Dirty COW	2016	Linux Kernel	Race condition leading to local root exploit	Yes	ZDNet/Drupalgeddon2/DirtyCOW attacks TrendMicro/ZNIU Android Malware
	KRACK	2017	WPA2	Nonce reuse in wireless encryption	No	-
	DUHK	2017	FortiOS	Hardcoded key in FIPS-certified X9.31 RNG	No	-
	ROBOT	2017	TLS	Lack of Bleichenbacher attack countermeasures	No	-
-	EternalBlue	2017	Windows/SMBv1	Remote code exection via SMB	Yes	WaPo/NSA use, WannaCry, NotPetya
-	SambaCry	2017	Samba	RCE via Samba shares	Yes	Kaspersky/Honeypot attacks
	Meltdown	2018	CPU/OS	Speculative execution sidechannel attacking root/user barrier	No	-
	Spectre	2018	CPU/OS	Speculative execution sidechannel attacking program flow	No	-
-	Drupalgeddon 2	2018	Drupal	Remote code execution	Yes	ZDNet/Drupalgeddon2/DirtyCOW attacks
	EFAIL	2018	OpenPGP/SMIME	Exfiltrate decrypted mails with HTML	No	-
-	Bleichenbacher's CAT	2018	TLS	Lack of Bleichenbacher attack countermeasures	No	-

I'm wondering how many of the "famous" security vulnerabilities have actually been used in attacks that have been documented, so I made a list.

Obviously this list can only cover attacks that have been publicly documented, particularly targetted attacks or attacks within communities with low transparency.

Still if attacks have been widely used it's reasonable to assume that someone will have documented them.

Please open an issue or a pull request. I created this repo to learn whether my assumptions are correct.

I realize the distinction can be blurry, but it should be an attack that has been carried out without the consent of the owner of the affected system and it should've successfully compromised some security expectation.

Also there should be at least one publicly available description with sufficient detail to make the attack plausible, not just vague rumors.

Open an issue or a pull request, but I may close it if I believe the attack hasn't received sufficient attention or is a pure marketing stunt.

Likely due to unclear licensing terms. All logos used here are under free licenses.

The document and most logos are CC0 / public domain, with some exceptions.