Vmware: >> Vcenter Server >> 8.0 Security Vulnerabilities
CVE-2024-38813
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet.
Known exploited
CVSS Score
7.5
EPSS Score
0.144
Published
2024-09-17
CVE-2024-38812
The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.61
Published
2024-09-17
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-06-25
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.447
Published
2024-06-18
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution.
CVSS Score
9.8
EPSS Score
0.388
Published
2024-06-18
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
CVSS Score
7.8
EPSS Score
0.442
Published
2024-06-18
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
CVSS Score
7.2
EPSS Score
0.566
Published
2024-05-21
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.
CVSS Score
4.9
EPSS Score
0.073
Published
2024-05-21
CVE-2023-34048
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.
Known exploited
CVSS Score
9.8
EPSS Score
0.92
Published
2023-10-25
vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-10-25
Page 1