cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-38812,https://securityvulnerability.io/vulnerability/CVE-2024-38812,vCenter Server Heap Overflow Vulnerability,"A heap-overflow vulnerability exists in the vCenter Server's implementation of the DCERPC protocol, allowing a remote attacker with network access to exploit this weakness. By sending a specially crafted network packet, the attacker may be able to execute arbitrary code on the affected system. This vulnerability poses a significant risk, as it could lead to unauthorized access or control over the system, highlighting the importance of maintaining robust network security practices and applying updates promptly.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation",9.8,CRITICAL,0.0041600000113248825,true,2024-11-20T00:00:00.000Z,true,false,true,2024-09-18T06:08:27.000Z,true,true,true,2024-09-18T19:52:02.370Z,2024-09-17T18:15:00.000Z,6630
CVE-2024-38813,https://securityvulnerability.io/vulnerability/CVE-2024-38813,Privilege escalation vulnerability,"A privilege escalation vulnerability exists in VMware vCenter Server, enabling a remote attacker with network access to elevate their privileges to root. This is exploited by sending specially crafted network packets aimed at the vCenter Server. It is crucial for organizations using affected versions to assess their security posture and implement necessary safeguards to protect their systems against potential exploits.",Vmware,"Vmware Vcenter Server,Vmware Cloud Foundation",7.5,HIGH,0.0041600000113248825,true,2024-11-20T00:00:00.000Z,true,false,true,2024-11-20T00:00:00.000Z,,false,false,,2024-09-17T18:15:00.000Z,0
CVE-2024-37087,https://securityvulnerability.io/vulnerability/CVE-2024-37087,VMware vCenter Server Denial-of-Service Vulnerability,The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.,VMware,"Vcenter Server,Vmware Cloud Foundation",5.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-06-25T14:16:13.273Z,0
CVE-2024-37081,https://securityvulnerability.io/vulnerability/CVE-2024-37081,VMware vCenter Server Local Privilege Escalation Vulnerabilities,"The CVE-2024-37081 vulnerability in VMware vCenter Server allows an authenticated local user with non-administrative privileges to elevate privileges to root on the vCenter Server Appliance. This is a local privilege escalation vulnerability due to misconfiguration of sudo. The potential impact of this vulnerability is significant, as it can allow unauthorized elevation of privileges on the vCenter Server. The vendor affected by this vulnerability is VMware. There are no known exploits of this vulnerability by ransomware groups at this time.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation",7.8,HIGH,0.00279000005684793,false,,true,false,true,2024-07-07T03:29:13.000Z,true,false,false,,2024-06-18T05:43:20.580Z,0
CVE-2024-37080,https://securityvulnerability.io/vulnerability/CVE-2024-37080,vCenter Server Heap Overflow Vulnerability,"VMware vCenter Server is susceptible to a heap overflow vulnerability associated with the DCERPC protocol implementation. Malicious actors with network access can exploit this flaw by sending a specially crafted network packet. This breach may result in remote code execution, granting unauthorized access and control over affected systems. Organizations utilizing vCenter Server should prioritize applying patches and updates to mitigate potential risks.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation",9.8,CRITICAL,0.0009299999801442027,false,,true,false,true,2024-06-19T15:39:17.000Z,,false,false,,2024-06-18T05:43:10.901Z,0
CVE-2024-37079,https://securityvulnerability.io/vulnerability/CVE-2024-37079,vCenter Server Heap Overflow Vulnerability,"vCenter Server is impacted by a heap-overflow vulnerability within its DCERPC protocol implementation. This flaw allows an attacker with network access to exploit the vulnerability by delivering specially crafted network packets. If executed successfully, this exploitation could lead to unauthorized remote code execution, posing severe risks to system integrity and confidentiality. It is critical for organizations using affected versions of vCenter Server to implement appropriate security measures to mitigate potential threats stemming from this vulnerability.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation",9.8,CRITICAL,0.0009299999801442027,false,,true,false,false,,,true,false,,2024-06-18T05:43:06.619Z,6722
CVE-2024-22275,https://securityvulnerability.io/vulnerability/CVE-2024-22275,vCenter Server Partial File Read Vulnerability,"The vCenter Server contains a vulnerability that allows a malicious actor, with administrative privileges on the vCenter appliance shell, to exploit a partial file read issue. This exploitation could enable the attacker to read arbitrary files that may contain sensitive information, posing a significant risk to the confidentiality of critical data managed within the vCenter environment.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation (vcenter Server)",4.9,MEDIUM,0.0004299999854993075,false,,false,false,true,2024-07-07T03:14:28.000Z,true,false,false,,2024-05-21T17:29:45.562Z,0
CVE-2024-22274,https://securityvulnerability.io/vulnerability/CVE-2024-22274,VMware vCenter Server Remote Code Execution Vulnerability,"The vulnerability identified as CVE-2024-22274 affects VMware vCenter Server and allows a malicious actor with administrative privileges to run arbitrary commands on the underlying operating system. The vulnerability has been exploited and a proof-of-concept (PoC) exploit has been released, potentially allowing remote code execution. This poses a serious risk as it can give attackers full control of the affected system. The vulnerability affects specific API components and arbitrary commands can be executed with root privileges. VMware has recommended applying updates to the affected deployments and emphasizes the importance of maintaining up-to-date security measures in virtualization environments. Currently, no workarounds are available, and organizations are urged to assess their systems and apply the necessary updates to mitigate the risk of potential exploitation.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation (vcenter Server)",7.2,HIGH,0.0004299999854993075,false,,true,false,true,2024-07-07T02:55:25.000Z,true,false,false,,2024-05-21T17:29:33.899Z,0
CVE-2023-34056,https://securityvulnerability.io/vulnerability/CVE-2023-34056,VMware vCenter Server Partial Information Disclosure Vulnerability,vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data.,Vmware,"Vmware Vcenter Server,Vmware Cloud Foundation (vmware Vcenter Server)",4.3,MEDIUM,0.0005200000014156103,false,,true,false,false,,,false,false,,2023-10-25T04:24:47.707Z,0
CVE-2023-34048,https://securityvulnerability.io/vulnerability/CVE-2023-34048,VMware vCenter Server contains critical out-of-bounds write vulnerability,"The articles discuss a critical out-of-bounds write vulnerability in VMware vCenter Server, known as CVE-2023-34048, which can potentially lead to remote code execution. This vulnerability has been exploited by the Chinese espionage group UNC3886 since late 2021, posing a serious threat to affected systems. The attackers were able to exploit this vulnerability to gain unauthorized access to vCenter systems, and further exploit other VMware flaws to execute arbitrary commands and transfer files. The potential impact of this vulnerability is severe, as it allows attackers to gain privileged access to systems and compromise them. VMware has released patches to address this vulnerability, and users are advised to update to the latest version to mitigate any potential threats. This case highlights the importance of timely patching and security vigilance to protect against advanced cyber threats.",Vmware,"Vmware Vcenter Server,Vmware Cloud Foundation (vmware Vcenter Server)",9.8,CRITICAL,0.3834100067615509,true,2024-01-22T00:00:00.000Z,true,true,true,2024-01-20T10:23:22.000Z,,true,false,,2023-10-25T04:21:42.267Z,0
CVE-2023-20896,https://securityvulnerability.io/vulnerability/CVE-2023-20896,Out-of-Bounds Read Vulnerability in VMware vCenter Server,"The VMware vCenter Server exposes an out-of-bounds read vulnerability stemming from issues in the DCERPC protocol implementation. Exploitation of this vulnerability requires network access, allowing a malicious actor to send specifically crafted packets to the vCenter Server which may lead to an out-of-bounds read. This can consequently cause disruptions and potential denial-of-service in critical services such as vmcad, vmdird, and vmafdd, impacting the availability and functionality of the server.",Vmware,"Vmware Vcenter Server (vcenter Server),Vmware Cloud Foundation (vcenter Server)",5.9,MEDIUM,0.0007099999929778278,false,,false,false,false,,,false,false,,2023-06-22T13:15:00.000Z,0
CVE-2023-20894,https://securityvulnerability.io/vulnerability/CVE-2023-20894,Out-of-Bounds Write Vulnerability in VMware vCenter Server,"The VMware vCenter Server has an out-of-bounds write vulnerability arising from the implementation of the DCERPC protocol. This security flaw allows a remote attacker with network access to the vCenter Server to exploit the vulnerability by crafting and sending a malicious packet. Successfully triggering the out-of-bounds write can lead to memory corruption, which may compromise the integrity and availability of vCenter Server services. Organizations utilizing affected versions should prioritize updating to mitigate potential security threats.",Vmware,"Vmware Vcenter Server (vcenter Server),Vmware Cloud Foundation (vcenter Server)",8.1,HIGH,0.002369999885559082,false,,false,false,false,,,false,false,,2023-06-22T12:15:00.000Z,0
CVE-2023-20893,https://securityvulnerability.io/vulnerability/CVE-2023-20893,Use-After-Free Vulnerability in VMware vCenter Server,"The vCenter Server from VMware is susceptible to a use-after-free vulnerability in its DCERPC protocol implementation. This vulnerability can be exploited by an attacker with network access to the vCenter Server, enabling them to execute arbitrary code on the underlying operating system. Organizations using affected versions should take immediate steps to assess their exposure and apply necessary security updates to mitigate risks.",Vmware,"Vmware Vcenter Server (vcenter Server),Vmware Cloud Foundation (vcenter Server)",8.1,HIGH,0.003370000049471855,false,,false,false,false,,,false,false,,2023-06-22T12:15:00.000Z,0
CVE-2023-20892,https://securityvulnerability.io/vulnerability/CVE-2023-20892,VMware vCenter Server heap-overflow vulnerability,"The vCenter Server is vulnerable to a heap overflow caused by the use of uninitialized memory within the DCERPC protocol implementation. This flaw allows a malicious actor with network access to exploit the vulnerability, potentially executing arbitrary code on the operating system hosting the vCenter Server. Organizations are urged to implement immediate security measures to mitigate the risks associated with this vulnerability.",Vmware,"Vmware Vcenter Server (vcenter Server),Vmware Cloud Foundation (vcenter Server)",8.1,HIGH,0.002369999885559082,false,,false,false,false,,,false,false,,2023-06-22T12:15:00.000Z,0
CVE-2023-20895,https://securityvulnerability.io/vulnerability/CVE-2023-20895,Memory Corruption Vulnerability in VMware vCenter Server,"The VMware vCenter Server has a significant memory corruption issue related to the handling of the DCERPC protocol. This vulnerability enables a malicious actor with network access to potentially disrupt normal operation, allowing them to bypass authentication mechanisms. If exploited, this could lead to unauthorized access, posing a serious threat to sensitive data and system integrity. It is crucial for users to stay informed about this vulnerability and apply necessary security updates promptly.",Vmware,"Vmware Vcenter Server (vcenter Server),Vmware Cloud Foundation (vcenter Server)",8.1,HIGH,0.0020099999383091927,false,,false,false,false,,,false,false,,2023-06-22T12:15:00.000Z,0
CVE-2022-31698,https://securityvulnerability.io/vulnerability/CVE-2022-31698,Denial of Service Vulnerability in VMware vCenter Server,"VMware vCenter Server is susceptible to a denial-of-service vulnerability affecting its content library service. A malicious user with network access to port 443 can exploit this weakness by sending specially crafted headers, potentially causing a service disruption. Organizations utilizing VMware's vCenter Server should take proactive measures to secure their environments against this vulnerability.",Vmware,"Vmware Vcenter Server, Vmware Cloud Foundation",5.3,MEDIUM,0.0009500000160187483,false,,false,false,false,,,false,false,,2022-12-13T00:00:00.000Z,0
CVE-2022-31697,https://securityvulnerability.io/vulnerability/CVE-2022-31697,Information Disclosure Vulnerability in VMware vCenter Server,"The vCenter Server has a vulnerability that exposes sensitive information by logging credentials in plaintext. If a malicious actor gains access to a workstation that performs specific operations like Install, Upgrade, Migrate, or Restore using a vCenter Server Appliance ISO, they can potentially retrieve plaintext passwords recorded during these procedures. This issue highlights the importance of securing access to workstations and monitoring the logging configurations to prevent unauthorized access to sensitive information.",Vmware,"Vmware Vcenter Server, Vmware Cloud Foundation",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2022-12-13T00:00:00.000Z,0
CVE-2022-22948,https://securityvulnerability.io/vulnerability/CVE-2022-22948,VMware vCenter Server Vulnerability: Sensitive Information at Risk,The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.,Vmware,Vmware Vcenter Server And Vmware Cloud Foundation,6.5,MEDIUM,0.0051299999468028545,true,2024-07-17T00:00:00.000Z,false,false,true,2021-10-17T09:59:20.000Z,true,false,false,,2022-03-29T17:24:33.000Z,0
CVE-2021-22049,https://securityvulnerability.io/vulnerability/CVE-2021-22049,SSRF Vulnerability in VMware vSphere Web Client Affecting vSAN UI Plugin,"The vSphere Web Client, particularly the vSAN Web Client (vSAN UI) plug-in by VMware, exhibits a Server Side Request Forgery (SSRF) vulnerability. This issue allows a malicious actor with network access to port 443 on the vCenter Server to launch attacks by crafting specific URL requests, potentially accessing external URLs or internal services that should otherwise remain safeguarded. As a result, this vulnerability poses a significant risk to the integrity and confidentiality of the affected systems, necessitating immediate attention and remediation.",Vmware,Vmware Vcenter Server And Vmware Cloud Foundation,9.8,CRITICAL,0.0034600000362843275,false,,false,false,false,,,false,false,,2021-11-24T16:32:59.000Z,0
CVE-2021-21980,https://securityvulnerability.io/vulnerability/CVE-2021-21980,Unauthorized File Read Vulnerability in vSphere Web Client from VMware,"The vSphere Web Client (FLEX/Flash) suffers from a vulnerability that allows an unauthorized file read. This weakness comes from improper access controls, permitting a malicious actor with network access to port 443 on vCenter Server to exploit the vulnerability. By leveraging this flaw, attackers may potentially access sensitive information, which poses a significant risk to the security of the affected systems.",Vmware,Vmware Vcenter Server And Vmware Cloud Foundation,7.5,HIGH,0.0037299999967217445,false,,false,false,true,2022-05-07T12:36:41.000Z,true,false,false,,2021-11-24T16:32:43.000Z,0
CVE-2021-22048,https://securityvulnerability.io/vulnerability/CVE-2021-22048,Privilege Escalation Vulnerability in vCenter Server by VMware,"A vulnerability exists in VMware's vCenter Server through the Integrated Windows Authentication (IWA) mechanism. This flaw allows a malicious actor who has non-administrative access to exploit the system and elevate their privileges, potentially granting access to more sensitive areas of the server. Organizations using vCenter Server should be aware of this vulnerability and implement the necessary upgrades or patches to mitigate potential risks. Regular audits and monitoring can aid in identifying any unauthorized access attempts.",Vmware,Vmware Vcenter Server And Vmware Cloud Foundation,8.8,HIGH,0.0024300001095980406,false,,false,false,false,,,false,false,,2021-11-10T17:50:53.000Z,0
CVE-2021-22020,https://securityvulnerability.io/vulnerability/CVE-2021-22020,Denial-of-Service Vulnerability in vCenter Server by VMware,"The vCenter Server has a vulnerability in its Analytics service that can be exploited to induce a denial-of-service condition. An attacker may leverage this flaw to disrupt the availability of the vCenter Server, impacting operations and accessibility of the services provided. Ensuring that your systems are updated is crucial for mitigating this risk. For more details, refer to the VMware security advisory.",Vmware,"Vmware Vcenter Server, Vmware Cloud Foundation",5.5,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-09-23T12:16:47.000Z,0
CVE-2021-22019,https://securityvulnerability.io/vulnerability/CVE-2021-22019,Denial-of-Service Vulnerability in vCenter Server by VMware,"The vCenter Server is susceptible to a denial-of-service vulnerability affecting the VAPI (vCenter API) service. An attacker with access to the server's network can exploit this vulnerability by sending a specially crafted JSON-RPC message to port 5480. This can lead to a denial-of-service condition, disrupting the functionality of the vCenter Server and impacting its availability.",Vmware,"Vmware Vcenter Server, Vmware Cloud Foundation",7.5,HIGH,0.003109999932348728,false,,false,false,false,,,false,false,,2021-09-23T12:16:41.000Z,0
CVE-2021-22018,https://securityvulnerability.io/vulnerability/CVE-2021-22018,Arbitrary File Deletion in VMware vSphere Lifecycle Manager Plugin,"The vCenter Server has a vulnerability in the VMware vSphere Lifecycle Manager plug-in that allows for arbitrary file deletion. Attackers with access to port 9087 can exploit this vulnerability to delete non-critical files, posing a potential risk to data integrity and availability. Organizations utilizing affected versions of vCenter Server should prioritize applying the latest security updates to mitigate the risk associated with this vulnerability.",Vmware,"Vmware Vcenter Server, Vmware Cloud Foundation",6.5,MEDIUM,0.005909999832510948,false,,false,false,false,,,false,false,,2021-09-23T12:16:31.000Z,0
CVE-2021-22017,https://securityvulnerability.io/vulnerability/CVE-2021-22017,URI Normalization Vulnerability in vCenter Server by VMware,"A vulnerability exists within the Rhttproxy component of VMware's vCenter Server that arises from improper URI normalization. This flaw can be exploited by a malicious actor who has network access to port 443 on the vCenter Server. The attacker may leverage this vulnerability to bypass the proxy, consequently gaining unauthorized access to internal endpoints, which could lead to further exploitation or data leaks.",Vmware,"Vmware Vcenter Server, Vmware Cloud Foundation",5.3,MEDIUM,0.06207999959588051,true,2022-01-10T00:00:00.000Z,false,false,true,2022-01-10T00:00:00.000Z,,false,false,,2021-09-23T12:13:01.000Z,0