本頁列出影響 vmware vcenter_server 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-38813 KEV | The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | [email protected] | 7.5 | 16.68% | 2024-09-17 | 2026-06-17 |
| CVE-2024-38812 KEV | The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | [email protected] | 9.8 | 54.14% | 2024-09-17 | 2026-06-17 |
| CVE-2024-37087 | The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service condition. | [email protected] | 5.3 | 0.71% | 2024-06-25 | 2026-06-17 |
| CVE-2024-37081 | The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance. | [email protected] | 7.8 | 4.99% | 2024-06-18 | 2026-06-17 |
| CVE-2024-37080 | vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | [email protected] | 9.8 | 12.48% | 2024-06-18 | 2026-06-17 |
| CVE-2024-37079 KEV | vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | [email protected] | 9.8 | 22.38% | 2024-06-18 | 2026-06-17 |
| CVE-2024-22275 | The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data. | [email protected] | 4.9 | 0.99% | 2024-05-21 | 2026-06-17 |
| CVE-2024-22274 | The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system. | [email protected] | 7.2 | 2.49% | 2024-05-21 | 2026-06-17 |
| CVE-2023-34056 | vCenter Server contains a partial information disclosure vulnerability. A malicious actor with non-administrative privileges to vCenter Server may leverage this issue to access unauthorized data. | [email protected] | 4.3 | 0.67% | 2023-10-25 | 2026-06-17 |
| CVE-2023-34048 KEV | vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. | [email protected] | 9.8 | 99.43% | 2023-10-25 | 2026-06-17 |
| CVE-2023-20896 | The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd). | [email protected] | 5.9 | 0.90% | 2023-06-22 | 2026-06-17 |
| CVE-2023-20895 | The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication. | [email protected] | 8.1 | 1.38% | 2023-06-22 | 2026-06-17 |
| CVE-2023-20894 | The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption. | [email protected] | 8.1 | 33.95% | 2023-06-22 | 2026-06-17 |
| CVE-2023-20893 | The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server. | [email protected] | 8.1 | 1.21% | 2023-06-22 | 2026-06-17 |
| CVE-2023-20892 | The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server. | [email protected] | 8.1 | 1.79% | 2023-06-22 | 2026-06-17 |
| CVE-2022-31698 | The vCenter Server contains a denial-of-service vulnerability in the content library service. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header. | [email protected] | 5.3 | 47.80% | 2022-12-13 | 2026-06-17 |
| CVE-2022-31697 | The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation. | [email protected] | 5.5 | 0.13% | 2022-12-13 | 2026-06-17 |
| CVE-2022-31680 | The vCenter Server contains an unsafe deserialisation vulnerability in the PSC (Platform services controller). A malicious actor with admin access on vCenter server may exploit this issue to execute arbitrary code on the underlying operating system that hosts the vCenter Server. | [email protected] | 9.1 | 33.06% | 2022-10-07 | 2026-06-17 |
| CVE-2022-22982 | The vCenter Server contains a server-side request forgery (SSRF) vulnerability. A malicious actor with network access to 443 on the vCenter Server may exploit this issue by accessing a URL request outside of vCenter Server or accessing an internal service. | [email protected] | 7.5 | 0.79% | 2022-07-13 | 2026-06-17 |
| CVE-2022-22948 KEV | The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information. | [email protected] | 6.5 | 13.94% | 2022-03-29 | 2026-06-17 |