CVSS: 10.0EPSS: 14%CPEs: 3EXPL: 0CVE-2024-38813 – VMware vCenter Server Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-38813
17 Sep 2024 — The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. VMware vCenter contains an improper check for drop... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 • CWE-250: Execution with Unnecessary Privileges CWE-273: Improper Check for Dropped Privileges •
CVSS: 9.0EPSS: 56%CPEs: 3EXPL: 4CVE-2024-22274
https://notcve.org/view.php?id=CVE-2024-22274
21 May 2024 — The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system. vCenter Server contiene una vulnerabilidad de ejecución remota de código autenticado. Un actor malintencionado con privilegios administrativos en el shell del dispositivo vCenter puede aprovechar este problema para ejecutar comandos arbitrarios en el sistema operat... • https://github.com/mbadanoiu/CVE-2024-22274 • CWE-94: Improper Control of Generation of Code ('Code Injection') •