Upcoming Advisories

190 Zero-Day Vulnerabilities Discovered since 2006
151 Vulnerabilities Disclosed & Patched
39 Remain in Zero-Day State Unpatched

FG-VD IDAffected VendorsRiskReported Date
FG-VD-15-042 Miscrosoft 3 Medium 05/18/2015
FG-VD-15-043 Miscrosoft 4 High 05/18/2015
FG-VD-15-041 United Airlines 3 Medium 05/18/2015
FG-VD-15-040 Apple 4 High 05/12/2015
FG-VD-15-039 Adobe 4 High 05/04/2015
FG-VD-15-038 Teradata 4 High 05/07/2015
FG-VD-15-036 VideoLAN 4 High 05/04/2015
FG-VD-15-037 Adobe 4 High 05/01/2015
FG-VD-15-035 VideoLAN 4 High 04/29/2015
FG-VD-15-032 Adobe 4 High 04/22/2015
FG-VD-15-031 Adobe 4 High 04/22/2015
FG-VD-15-034 Apple 4 High 04/23/2015
FG-VD-15-033 Apple 4 High 04/22/2015
FG-VD-15-030 PostgreSQL 3 Medium 04/07/2015
FG-VD-15-026 Adobe 4 High 04/09/2015
FG-VD-15-025 Foxit Software 4 High 04/01/2015
FG-VD-15-024 Foxit Software 4 High 03/25/2015
FG-VD-15-023 Adobe 3 Medium 03/25/2015
FG-VD-15-021 DoorBot 3 Medium 03/11/2015
FG-VD-15-022 MongoDB 4 High 03/10/2015
FG-VD-15-019 Zabbix SIA 3 Medium 03/09/2015
FG-VD-15-017 Cacti 3 Medium 03/02/2015
FG-VD-15-013 Fitbit 2 Low 01/30/2015
FG-VD-15-008 MantisBT 3 Medium 01/30/2015
FG-VD-15-007 F5 Networks 3 Medium 01/26/2015
FG-VD-15-006 Agilent 5 Critical 01/22/2015
FG-VD-15-004 Apple 5 Critical 01/22/2015
FG-VD-15-002 Agilent 5 Critical 01/20/2015
FG-VD-15-001 Disqus 3 Medium 01/06/2015
FG-VD-14-011 Infoblox 3 Medium 12/24/2014
FG-VD-14-010 Infoblox 3 Medium 12/24/2014
FG-VD-14-009 Agilent 3 Medium 12/02/2014
FG-VD-14-007 Apple 3 Medium 11/19/2014
FG-VD-14-006 Webmin 3 Medium 09/10/2014
FG-VD-13-017 Apple 4 High 06/06/2013
FG-VD-13-016 Apple 4 High 06/06/2013
FG-VD-13-015 Apple 4 High 06/06/2013
FG-VD-13-012 Microsoft 5 Critical 03/26/2013
FG-VD-13-006 Apple 3 Medium 01/29/2013

FortiGuard protects against zero-day threats and APTs by providing proactive IPS detection well in advance of patches or updated provided by the vulnerable vendor(s). Listed are notifications of vulnerabilities we believe to be in a zero-day state after discovering and reporting to the affected vendor(s). Entries will only be listed once the vendor has confirmed, or we have not had a response from the vendor after four weeks. Only high level details are presented here since the vulnerability is still zero-day.

FortiGuard Labs actively research and discover zero-day vulnerabilities in products which are likely candidates that a hacker would also uncover. Once the flaw is discovered, it is confidentially disclosed to the affected vendor(s) under our Responsible Disclosure protocols. Our team proactively discovers these with the following goals:

1) Protect our customers via zero-day IPS for the zero-day flaws that we exclusively uncover. Since FortiGuard Labs discovers the Proof of Concept (POC), we can create protection well in advance before a vendor patch / update is available. It's an effective and important component of Advanced Persistent Threat protection.

2) Notify the vendor(s) immediately via PSIRT so that they may plan to patch the hole and protect their clients.

3) Reduce the number of holes that malicious attackers may find, adding resistance to their efforts.