CVE-2024-37081

CVE-2024-37081 affects VMware vCenter Server (vCenter Server Appliance). A misconfiguration of sudo enables a local authenticated user with non-admin privileges to escalate to root. IBM’s bulletin ties this to vCenter Server variants in IBM Cloud Pak System and lists the remediation path: upgrade...

CVE-2024-37080

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution...

CVE-2024-37080

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution...

EUVD-2024-36413

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution...

CVE-2024-37080

VMware vCenter Server is affected by a DCERPC protocol heap-overflow vulnerability (CVE-2024-37080) that can lead to remote code execution when an attacker with network access sends a crafted packet. Public sources consistently describe this as a network-exposed issue with high impact (CVE-2024-3...

EUVD-2024-36412

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution...

CVE-2024-37079

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution...

CVE-2024-37079

CVE-2024-37079 is a VMware vCenter Server DCERPC heap-out-of-bounds/write vulnerability with remote code execution potential when a network-accessible vCenter receives crafted packets. Affected component: vCenter Server (DCERPC workflow). Root cause: heap overflow/out-of-bounds write in the DCERP...

CVE-2024-37079

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution...

VMSA-2024-0012:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081)

Advisory ID: | VMSA-2024-0012.1 ---|--- Severity: | Critical CVSSv3 Range: | 7.8-9.8 Synopsis: | VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities CVE-2024-37079, CVE-2024-37080, CVE-2024-37081 Issue date: | 2024-06-17 Updated on: | 2026-01-23 CVEs |...

VMware vCenter Server Security Vulnerability

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments that automates the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

VMware vCenter Server Security Vulnerability

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments that automates the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

VMware vCenter Server Security Vulnerability

VMware vCenter Server is a suite of server and virtualization management software from VMware. The software provides a centralized platform for managing VMware vSphere environments that automates the implementation and delivery of virtual infrastructures. A security vulnerability exists in VMware...

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure VMware vCenter Server allows a perpetrator to execute arbitrary code.

The vulnerability of the DCERPC protocol implementation in the software for managing virtual infrastructure, VMware vCenter Server, arises due to a buffer overflow. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted network packet remotely...

PT-2024-4328

Name of the Vulnerable Software and Affected Versions VMware vCenter Server affected versions not specified Description The vCenter Server has multiple local privilege escalation issues stemming from a misconfiguration of sudo. An authenticated local user with non-administrative privileges can...

PT-2024-4293

Name of the Vulnerable Software and Affected Versions VMware vCenter Server affected versions not specified Description The software contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to the server may trigger this...

PT-2024-4164

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions prior to 8.0U2d, 8.0U1e, and 7.0U3r Description VMware vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. This out-of-bounds write flaw allows a malicious actor wi...

VulnCheck KEV: CVE-2022-22948

VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information...

Hackers Created Rogue VMs to Evade Detection in Recent MITRE Cyber Attack

The MITRE Corporation has revealed that the cyber attack targeting the not-for-profit company towards late December 2023 by exploiting zero-day flaws in Ivanti Connect Secure ICS involved the threat actor creating rogue virtual machines VMs within its VMware environment. "The adversary created...

CVE-2024-22275

The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data...