Upcoming Advisories

181 Zero-Day Vulnerabilities Discovered since 2006
144 Vulnerabilities Disclosed & Patched
37 Remain in Zero-Day State Unpatched

FG-VD IDAffected VendorsRiskReported Date
FG-VD-15-032 Adobe 4 High 04/22/2015
FG-VD-15-031 Adobe 4 High 04/22/2015
FG-VD-15-034 Apple 4 High 04/23/2015
FG-VD-15-033 Apple 4 High 04/22/2015
FG-VD-15-030 PostgreSQL 3 Medium 04/07/2015
FG-VD-15-029 MariaDB 3 Medium 04/15/2015
FG-VD-15-028 The PHP Group 4 High 04/06/2015
FG-VD-15-027 Joomla 4 High 04/08/2015
FG-VD-15-026 Adobe 4 High 04/09/2015
FG-VD-15-025 Foxit Software 4 High 04/01/2015
FG-VD-15-024 Foxit Software 4 High 03/25/2015
FG-VD-15-023 Adobe 3 Medium 03/25/2015
FG-VD-15-021 DoorBot 3 Medium 03/11/2015
FG-VD-15-022 MongoDB 4 High 03/10/2015
FG-VD-15-019 Zabbix SIA 3 Medium 03/09/2015
FG-VD-15-011 Nagios 3 Medium 03/05/2015
FG-VD-15-017 Cacti 3 Medium 03/02/2015
FG-VD-15-016 PCRE Library Project 4 High 02/27/2015
FG-VD-15-015 PCRE Library Project 5 Critical 02/26/2015
FG-VD-15-013 Fitbit 2 Low 01/30/2015
FG-VD-15-008 MantisBT 3 Medium 01/30/2015
FG-VD-15-007 F5 Networks 3 Medium 01/26/2015
FG-VD-15-006 Agilent 5 Critical 01/22/2015
FG-VD-15-004 Apple 5 Critical 01/22/2015
FG-VD-15-002 Agilent 5 Critical 01/20/2015
FG-VD-15-001 Disqus 3 Medium 01/06/2015
FG-VD-14-011 Infoblox 3 Medium 12/24/2014
FG-VD-14-010 Infoblox 3 Medium 12/24/2014
FG-VD-14-009 Agilent 3 Medium 12/02/2014
FG-VD-14-008 IBM 5 Critical 11/12/2014
FG-VD-14-007 Apple 3 Medium 11/19/2014
FG-VD-14-006 Webmin 3 Medium 09/10/2014
FG-VD-13-017 Apple 4 High 06/06/2013
FG-VD-13-016 Apple 4 High 06/06/2013
FG-VD-13-015 Apple 4 High 06/06/2013
FG-VD-13-012 Microsoft 5 Critical 03/26/2013
FG-VD-13-006 Apple 3 Medium 01/29/2013

FortiGuard protects against zero-day threats and APTs by providing proactive IPS detection well in advance of patches or updated provided by the vulnerable vendor(s). Listed are notifications of vulnerabilities we believe to be in a zero-day state after discovering and reporting to the affected vendor(s). Entries will only be listed once the vendor has confirmed, or we have not had a response from the vendor after four weeks. Only high level details are presented here since the vulnerability is still zero-day.

FortiGuard Labs actively research and discover zero-day vulnerabilities in products which are likely candidates that a hacker would also uncover. Once the flaw is discovered, it is confidentially disclosed to the affected vendor(s) under our Responsible Disclosure protocols. Our team proactively discovers these with the following goals:

1) Protect our customers via zero-day IPS for the zero-day flaws that we exclusively uncover. Since FortiGuard Labs discovers the Proof of Concept (POC), we can create protection well in advance before a vendor patch / update is available. It's an effective and important component of Advanced Persistent Threat protection.

2) Notify the vendor(s) immediately via PSIRT so that they may plan to patch the hole and protect their clients.

3) Reduce the number of holes that malicious attackers may find, adding resistance to their efforts.