Such flaws, tracked as CVE-2024-27459, CVE-2024-24974, and CVE-2024-27903, involved OpenVPN's openvpnserv component, while another flaw relating to the Windows TAP driver, tracked as CVE-2024-1305, could be leveraged to enable denial-of-service conditions.
Google's Quick Share peer-to-peer file-sharing tool has been impacted by 10 now-addressed security vulnerabilities, which could have been leveraged to facilitate unauthorized wireless file writing and remote code execution in Windows systems.
More than 6,000 IPs with Cisco SMI were observed by the Shadowserver Foundation to have been exposed to the internet, with CISA noting that exploitation has been made easier by the prevalence of weak passwords in such devices.
Attackers could not exploit the flaw to allow arbitrary memory address write or program execution even if they could manipulate kernel memory, said CrowdStrike Vice President Adam Meyers.
Aside from inconsistencies between Content Validator inputs and those received by the Content Interpreter, such an issue was also caused by an out-of-bounds flaw in the Content Interpreter and inadequate testing, according to a root cause analysis issued by CrowdStrike.
Such a security issue — which is a patch bypass for the already addressed path traversal flaw, tracked as CVE-2024-36104 — stems from an authentication mechanism vulnerability enabling unauthenticated access to critical endpoints.