Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up
na/

VMware vCenter Server

12 Versions 18 CVEs

Versions

VMware vCenter Server (6.7 before 6.7 U3p and 6.5 before 6.5 U3r) and VMware Cloud Foundation 3.x

OTHER 2 CVEs

7.x before 7.0 U1c

OTHER 2 CVEs

VMware vCenter Server 6.7 before 6.7 U3o and VMware Cloud Foundation 3.x before 3.10.2.2

OTHER 1 CVE

6.5 before 6.5 U3n

OTHER 2 CVEs

7.0

MAJOR_MINOR 7 CVEs

VMware vCenter Server 7.x before 7.0.2 U2d and VMware Cloud Foundation 4.x before 4.3.1

OTHER 1 CVE

VMware vCenter Server (7.0 before 7.0 U3f, 6.7 before 6.7 U3r & 6.5 before 6.5 U3t)

OTHER 1 CVE

8.0

MAJOR_MINOR 7 CVEs

VMware vCenter Server 6.5 prior to U3u

OTHER 1 CVE

VMware vCenter Server 6.5 before 6.5 U3q

OTHER 2 CVEs

6.7 before 6.7 U3l

OTHER 2 CVEs

VMware vCenter Server(7.0 and 6.7) and VMware Cloud Foundation (4.x and 3.x)

OTHER 1 CVE

Recent CVEs

CVE-2024-38813

The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.

HIGH Sep 17, 2024

CVE-2024-38812

The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

CRITICAL Sep 17, 2024

CVE-2024-37081

The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.

HIGH Jun 18, 2024

CVE-2024-37080

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

CRITICAL Jun 18, 2024

CVE-2024-37079

vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.

CRITICAL Jun 18, 2024

CVE-2024-22275

The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.

MEDIUM May 21, 2024

CVE-2024-22274

The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.

HIGH May 21, 2024