Upcoming Advisories

162 Zero-Day Vulnerabilities Discovered since 2006
139 Vulnerabilities Disclosed & Patched
23 Remain in Zero-Day State Unpatched

FG-VD IDAffected VendorsRiskReported Date
FG-VD-15-014 MongoDB 4 High 02/22/2015
FG-VD-15-010 MongoDB 4 High 02/20/2015
FG-VD-15-013 Fitbit 2 Low 01/30/2015
FG-VD-15-012 MongoDB 5 Critical 02/10/2015
FG-VD-15-011 WordPress 3 Medium 02/05/2015
FG-VD-15-009 WordPress 3 Medium 02/03/2015
FG-VD-15-008 MantisBT 3 Medium 01/30/2015
FG-VD-15-007 F5 Networks 3 Medium 01/26/2015
FG-VD-15-006 Agilent 5 Critical 01/22/2015
FG-VD-15-004 Apple 5 Critical 01/22/2015
FG-VD-15-002 Agilent 5 Critical 01/20/2015
FG-VD-15-001 Disqus 3 Medium 01/06/2015
FG-VD-14-011 Infoblox 3 Medium 12/24/2014
FG-VD-14-010 Infoblox 3 Medium 12/24/2014
FG-VD-14-009 Agilent 3 Medium 12/02/2014
FG-VD-14-008 IBM 5 Critical 11/12/2014
FG-VD-14-007 Apple 3 Medium 11/19/2014
FG-VD-14-006 Webmin 3 Medium 09/10/2014
FG-VD-13-017 Apple 4 High 06/06/2013
FG-VD-13-016 Apple 4 High 06/06/2013
FG-VD-13-015 Apple 4 High 06/06/2013
FG-VD-13-012 Microsoft 5 Critical 03/26/2013
FG-VD-13-006 Apple 3 Medium 01/29/2013


FortiGuard protects against zero-day threats and APTs by providing proactive IPS detection well in advance of patches or updated provided by the vulnerable vendor(s). Listed are notifications of vulnerabilities we believe to be in a zero-day state after discovering and reporting to the affected vendor(s). Entries will only be listed once the vendor has confirmed, or we have not had a response from the vendor after four weeks. Only high level details are presented here since the vulnerability is still zero-day.

FortiGuard Labs actively research and discover zero-day vulnerabilities in products which are likely candidates that a hacker would also uncover. Once the flaw is discovered, it is confidentially disclosed to the affected vendor(s) under our Responsible Disclosure protocols. Our team proactively discovers these with the following goals:

1) Protect our customers via zero-day IPS for the zero-day flaws that we exclusively uncover. Since FortiGuard Labs discovers the Proof of Concept (POC), we can create protection well in advance before a vendor patch / update is available. It's an effective and important component of Advanced Persistent Threat protection.

2) Notify the vendor(s) immediately via PSIRT so that they may plan to patch the hole and protect their clients.

3) Reduce the number of holes that malicious attackers may find, adding resistance to their efforts.