Title: Remote command execution in Fortinet FortiManager
Published Date: Oct 23, 2024
Risk Index: 9.55 of 10 (Critical)
Summary: A critical vulnerability has been identified in the fgfmd daemon component of Fortinet’s FortiManager. This missing authentication vulnerability (CVE-2024-47575) allows remote attackers to execute arbitrary code or commands via specially crafted requests.
If exploited, this vulnerability could allow an attacker to gain unauthorized access to sensitive data or execute arbitrary code on the affected system. This could lead to substantial data breaches, unauthorized data manipulation, and potential system control by malicious entities, severely impacting affected organizations’ operational capabilities and confidentiality.
Title: Multiple vulnerabilities in Apple iOS and iPadOS
Published Date: Jan 26, 2022
Risk Index: 9.91 of 10 (Critical)
Summary: A critical vulnerability has been identified in the memory handling components of various Apple products, such as iOS, iPadOS, and macOS. This flaw, classified as CVE-2022-22587, has the potential to permit a malicious application to execute arbitrary code with kernel privileges. Apple has acknowledged reports of this vulnerability potentially being exploited in the wild.
If exploited, CVE-2022-22587 could allow an attacker to execute arbitrary code with elevated privileges on the affected system. This could lead to full system compromise, where sensitive data may be accessed, modified, or deleted, and further malicious activities could be conducted without user awareness. The high level of access afforded by kernel privileges could expose the system to multiple security risks.
Title: Remote code execution in WhatsApp
Published Date: May 13, 2019
Risk Index: 9.91 of 10 (Critical)
Summary: A critical vulnerability has been identified in the VOIP stack of WhatsApp. This buffer overflow vulnerability allows for remote code execution via a specifically crafted series of Real-Time Control Protocol (RTCP) packets sent to a targeted phone number. This vulnerability is present in multiple versions of WhatsApp across different operating systems.
If exploited, this vulnerability could allow an attacker to gain unauthorized access to sensitive data or execute arbitrary code on the affected system. Attackers could potentially control the device, intercept communications, and access a wide range of personal or confidential data, leading to severe privacy violations and potential harm to users.