Security News > 2024 > October > VMware fixes bad patch for critical vCenter Server RCE flaw
2024-10-22 14:08
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. [...]
News URL
Related news
- Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) (source)
- Veeam RCE bug lets domain users hack backup servers, patch now (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- MITRE Caldera RCE vulnerability with public PoC fixed, patch ASAP! (CVE-2025–27364) (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Critical PHP RCE vulnerability mass exploited in new attacks (source)
- Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws (source)
- Critical RCE flaw in Apache Tomcat actively exploited in attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-17 | CVE-2024-38812 | Out-of-bounds Write vulnerability in VMWare Vcenter Server 7.0/8.0 The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | 9.8 |