*12.1.0.1004 LPE Critical 1000 USD
*12.1.0.1004 LPE High 600 USD
*12.1.0.1005 LPE High 500 USD
*12.1.0.1005 LPE Low 150 USD
*12.1.0.1005 LPE Low 150 USD
*12.1.0.1006 LPE Medium 150 USD
*13.1.0.1001 RCE Medium 76.90 USD
- 360 Total Security
*10.8.0.1060 LPE High 300 USD
*10.8.0.1213 LPE with Cloud Drive High 538.35 USD
*10.8.0.1213 EOP with Sandbox Escape High 153.82 USD
- 360 Safe Browser & 360 Chrome (Chromium 86 kernel)
*12.0.1592.0 RCE with Sandbox Escape
*12.3.1611.0 RCE with Sandbox Escape
*13.0.2170.0 RCE with Sandbox Escape Critical 764.18 USD
This page is about the bounty lists I found for products from anti-virus browsers, anti-virus software, cloud security, and such security vendors:
In fact, if you use these anti-virus software, you can protect your security to a certain extent, but I suggest that if you really think security is important, you may need to use a mix of different anti-virus software, because if you use only one anti-virus software, you will have the ability to People with skills can easily use them to "remotely invade your computer" + "persistently monitor your computer". Yes, this type of protection product will become like a key, allowing high-level hackers to enter and exit your computer. becomes easier.
The essence of hacking is intrusion + surveillance. The terms are called remote attack and persistence.
It just so happens that if you find similar vulnerabilities in anti-virus software (such as those shown on this page), it will become an exploitable point.
The CVEs issued by Qihoo 360:
- Other software
Sandboxie-5.26 Sandbox Escape CVE-2018-18748
360Sandbox-3.5.0.1033 Sandbox Escape CVE-2018-18603
ProjectSend multiple RCE CVE-2016-10731 & CVE-2016-10732 & CVE-2016-10733 & CVE-2016-10734