CVE-2024-22280
- EPSS 0.47%
- Veröffentlicht 11.07.2024 05:15:10
- Zuletzt bearbeitet 14.03.2025 19:15:44
VMware Aria Automation does not apply correct input validation which allows for SQL-injection in the product. An authenticated malicious user could enter specially crafted SQL queries and perform unauthorised read/write operations in the database.
CVE-2024-37085
- EPSS 26.77%
- Veröffentlicht 25.06.2024 15:15:12
- Zuletzt bearbeitet 30.10.2025 19:52:34
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management https://blogs.vmware.c...
CVE-2024-37086
- EPSS 0.19%
- Veröffentlicht 25.06.2024 15:15:12
- Zuletzt bearbeitet 27.06.2025 13:39:14
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the host.
CVE-2024-37087
- EPSS 0.71%
- Veröffentlicht 25.06.2024 15:15:12
- Zuletzt bearbeitet 27.06.2025 13:39:54
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition.
CVE-2024-37079
- EPSS 22.38%
- Veröffentlicht 18.06.2024 06:15:11
- Zuletzt bearbeitet 26.01.2026 14:52:05
vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leadi...
CVE-2024-37081
- EPSS 4.99%
- Veröffentlicht 18.06.2024 06:15:11
- Zuletzt bearbeitet 21.11.2024 09:23:09
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server A...
CVE-2024-22274
- EPSS 2.49%
- Veröffentlicht 21.05.2024 18:15:09
- Zuletzt bearbeitet 27.06.2025 13:37:52
The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system.
CVE-2024-22275
- EPSS 0.99%
- Veröffentlicht 21.05.2024 18:15:09
- Zuletzt bearbeitet 27.06.2025 13:38:06
The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data.
CVE-2024-22273
- EPSS 0.16%
- Veröffentlicht 21.05.2024 18:15:08
- Zuletzt bearbeitet 26.03.2025 16:15:19
The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service cond...
CVE-2024-22254
- EPSS 0.5%
- Veröffentlicht 05.03.2024 18:15:48
- Zuletzt bearbeitet 07.05.2025 15:37:28
VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox.