CVSS: 10.0EPSS: 14%CPEs: 3EXPL: 0CVE-2024-38813 – VMware vCenter Server Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2024-38813
17 Sep 2024 — The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. VMware vCenter contains an improper check for drop... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 • CWE-250: Execution with Unnecessary Privileges CWE-273: Improper Check for Dropped Privileges •
CVSS: 10.0EPSS: 61%CPEs: 3EXPL: 2CVE-2024-38812 – VMware vCenter Server Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2024-38812
17 Sep 2024 — The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network... • https://github.com/maybeheisenberg/CVE-2024-38812 • CWE-122: Heap-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-37087 – VMware vCenter Server Appliance License Server Uncontrolled Memory Allocation Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-37087
25 Jun 2024 — The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of VMware vCenter Server Appliance. Authentication is not required to exploit this vulnerability. The specific flaw exists within the License Server. The issue results from the lack of proper validation of user-supplied data, which can result... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 14%CPEs: 2EXPL: 6CVE-2024-37081 – VMware vCenter Sudo Privilege Escalation
https://notcve.org/view.php?id=CVE-2024-37081
18 Jun 2024 — The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance. vCenter Server contiene múltiples vulnerabilidades de escalada de privilegios locales debido a una mala configuración de sudo. Un usuario local autenticado con privilegios no administrativos puede aprovechar estos problemas para elevar los privilegios ... • https://packetstorm.news/files/id/182981 • CWE-556: ASP.NET Misconfiguration: Use of Identity Impersonation •
CVSS: 10.0EPSS: 4%CPEs: 2EXPL: 0CVE-2024-37080
https://notcve.org/view.php?id=CVE-2024-37080
18 Jun 2024 — vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. vCenter Server contiene una vulnerabilidad de desbordamiento de montón en la implementación del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar esta vulnerabilidad al enviar un paqu... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 17%CPEs: 3EXPL: 0CVE-2024-37079
https://notcve.org/view.php?id=CVE-2024-37079
18 Jun 2024 — vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. vCenter Server contiene una vulnerabilidad de desbordamiento de montón en la implementación del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar esta vulnerabilidad al enviar un paqu... • https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 • CWE-787: Out-of-bounds Write •
CVSS: 8.3EPSS: 7%CPEs: 2EXPL: 1CVE-2024-22275
https://notcve.org/view.php?id=CVE-2024-22275
21 May 2024 — The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data. vCenter Server contiene una vulnerabilidad de lectura parcial de archivos. Un actor malintencionado con privilegios administrativos en el shell del dispositivo vCenter puede aprovechar este problema para leer parcialmente archivos arbitrarios que contengan datos confidenciales. The vC... • https://github.com/mbadanoiu/CVE-2024-22275 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 56%CPEs: 3EXPL: 4CVE-2024-22274
https://notcve.org/view.php?id=CVE-2024-22274
21 May 2024 — The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system. vCenter Server contiene una vulnerabilidad de ejecución remota de código autenticado. Un actor malintencionado con privilegios administrativos en el shell del dispositivo vCenter puede aprovechar este problema para ejecutar comandos arbitrarios en el sistema operat... • https://github.com/mbadanoiu/CVE-2024-22274 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 38EXPL: 0CVE-2023-34056 – VMware vCenter Server Partial Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2023-34056
25 Oct 2023 — vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. vCenter Server contiene una vulnerabilidad de divulgación parcial de información. Un actor malintencionado con privilegios no administrativos para vCenter Server puede aprovechar este problema para acceder a datos no autorizados. vCenter Server contains a partial information disclosure vulnerability. A malicious ac... • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 10.0EPSS: 92%CPEs: 37EXPL: 0CVE-2023-34048 – VMware vCenter Server Out-of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2023-34048
25 Oct 2023 — vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. vCenter Server contiene una vulnerabilidad de escritura fuera de los límites en la implementación del protocolo DCERPC. Un actor malintencionado con acceso a la red de vCenter Server puede desencadenar una escritura fuera de los límites que podría conducir a la ejecuc... • https://www.vmware.com/security/advisories/VMSA-2023-0023.html • CWE-787: Out-of-bounds Write •