Zero-days of Pandemic Year till August, 2020

Posted by Author Dhiren Vaghela on Posted on

With more than half of 2020 behind us, Google Security Researchers of Google’s Project Zero security team compared the vulnerability stats of the year with the stats from 2019. Interestingly, by this month last year, the same numbers of zero-days were detected in the wild as this year.

Qualys has been uptodate with all the zero-days, as and when required, in form of a QID or a Threat Protect blog. The CVE reported to each zero-day has been blogged by Qualys team and mentioned in detail in respective Tp Blog Link below.

Here’s a consolidated list of 2020’s zero-days:

CVE QID(s) TP Blog Link
CVE-2019-17026 372325, 372329 https://threatprotect.qualys.com/2020/02/18/mozilla-firefox-and-firefox-esr-type-confusion-vulnerability/
CVE-2020-0674 100400 https://threatprotect.qualys.com/2020/01/23/internet-explorer-zero-day-remote-code-execution-vulnerability-cve-2020-0674/
CVE-2020-6418 372439, 372408 https://threatprotect.qualys.com/2020/02/26/google-chrome-v8-type-confusion-vulnerability-cve-2020-6418/
CVE-2020-8467, CVE-2020-8468 48089 https://threatprotect.qualys.com/2020/03/31/critical-vulnerabilities-in-trend-micro-apex-one-and-officescan-cve-2020-8467cve-2020-8468/
CVE-2020-6819, CVE-2020-6820 372500, 372481 https://threatprotect.qualys.com/2020/04/06/mozilla-firefox-critical-use-after-free-vulnerabilitiescve-2020-6819-cve-2020-6820/
CVE-2020-1020, CVE-2020-1027, CVE-2020-0938 91617, 91622, 13712 https://threatprotect.qualys.com/2020/04/09/sonatype-nexus-repository-manager-3-multiple-vulnerabilities/
CVE 2020-12271 13769 https://threatprotect.qualys.com/2020/04/29/sophos-xg-firewall-sql-injection-bug/

 

For a detailed list of zero-day vulnerabilities “in the wild” since 2014, please refer the spreadsheet below which has been made public by Google’s Project Zero as a useful community resource:

https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1869060786

Detection

Qualys customers can scan their network with QID(s) mentioned in table above to detect respective vulnerable assets. Please continue to follow Qualys Threat Protection for more coverage on latest vulnerabilities.

References and Sources:

 

Leave a Reply

Your email address will not be published. Required fields are marked *