2024 VMware Flaw Now in Attackers’ Crosshairs
The critical-severity vulnerability can be exploited via crafted network packets for remote code execution. The post 2024 VMware Flaw Now in Attackers’ Crosshairs appeared first on SecurityWeek.
Threat actors have exploited a critical-severity VMware vCenter Server vulnerability disclosed in 2024, according to fresh warnings from CISA and Broadcom.
Tracked as CVE-2024-37079 (CVSS score of 9.8), the flaw is described as an out-of-bounds write issue in the Distributed Computing Environment/Remote Procedure Calls (DCERPC) protocol implementation of vCenter Server.
Incorrect bounds checking during the processing of network packets could result in an overflow of heap memory, leading to remote code execution.
Source: https://www.securityweek.com/2024-vmware-flaw-now-in-attackers-crosshairs/
Related breach coverage
- Fresh SolarWinds Vulnerability Exploited in Attacks2026-02-04
The critical-severity SolarWinds Web Help Desk flaw could lead to unauthenticated remote code execution. The post Fresh SolarWinds Vulnerability Exploited in Attacks appeared first on SecurityWeek.
- Critical HPE OneView Vulnerability Exploited in Attacks2026-01-08
The maximum-severity code injection flaw can be exploited without authentication for remote code execution. The post Critical HPE OneView Vulnerability Exploited in Attacks appeared first on SecurityWeek.
- Critical Grandstream Phone Vulnerability Exposes Calls to Interception2026-02-21
The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges. The post Critical Grandstream Phone Vulnerability Exposes Calls to Interception appeared first on SecurityWeek.
- SonicWall Patches Exploited SMA 1000 Zero-Day2025-12-18
The medium-severity flaw has been exploited in combination with a critical bug for remote code execution. The post SonicWall Patches Exploited SMA 1000 Zero-Day appeared first on SecurityWeek.