📦 Vcenter Server
by Vmware
🔍 What is Vcenter Server?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2024-38812 is a critical heap-overflow vulnerability in vCenter Server's DCERPC protocol implementation that allows remote code execution. Attackers with network access can exploit it by sending s...
CVE-2024-37079 is a critical heap overflow vulnerability in vCenter Server's DCERPC protocol implementation that allows remote code execution. Attackers with network access can exploit it by sending s...
CVE-2023-34048 is a critical out-of-bounds write vulnerability in vCenter Server's DCERPC protocol implementation that allows remote code execution. Attackers with network access to vCenter Server can...
CVE-2021-22049 is a Server-Side Request Forgery (SSRF) vulnerability in the vSAN Web Client plug-in for vSphere Web Client (FLEX/Flash). It allows attackers with network access to vCenter Server port ...
CVE-2021-22005 is a critical arbitrary file upload vulnerability in VMware vCenter Server's Analytics service. Attackers with network access to port 443 can upload malicious files to execute arbitrary...
CVE-2021-21985 is a critical remote code execution vulnerability in VMware vSphere Client's Virtual SAN Health Check plugin. Attackers with network access to port 443 can execute arbitrary commands wi...
CVE-2021-21972 is a critical remote code execution vulnerability in VMware vSphere Client's HTML5 interface. It allows unauthenticated attackers with network access to port 443 to upload arbitrary fil...
CVE-2024-37081 is a local privilege escalation vulnerability in VMware vCenter Server caused by sudo misconfigurations. Authenticated local users with non-administrative privileges can exploit this to...
CVE-2024-22274 is an authenticated remote code execution vulnerability in VMware vCenter Server. Attackers with administrative shell access on the vCenter appliance can execute arbitrary commands on t...
This vulnerability allows attackers with network access to VMware vCenter Server to send specially crafted DCERPC packets causing memory corruption through an out-of-bounds write. Successful exploitat...
This CVE describes a heap overflow vulnerability in vCenter Server's DCERPC protocol implementation due to uninitialized memory usage. Attackers with network access can exploit this to execute arbitra...
CVE-2021-21980 is an unauthorized arbitrary file read vulnerability in the vSphere Web Client (FLEX/Flash) that allows attackers with network access to port 443 on vCenter Server to access sensitive i...
CVE-2021-22048 is a privilege escalation vulnerability in VMware vCenter Server's IWA authentication mechanism. Attackers with non-administrative access can exploit it to gain higher privileges, poten...
This vulnerability allows attackers to cause a denial-of-service condition in VMware vCenter Server by sending specially crafted JSON-RPC messages to the VAPI service on port 5480. Organizations runni...
CVE-2021-22012 is an information disclosure vulnerability in VMware vCenter Server's unauthenticated appliance management API. Attackers with network access to port 443 can exploit this to access sens...
CVE-2021-22014 is an authenticated remote code execution vulnerability in VMware vCenter Server's VAMI interface. An attacker with valid credentials and network access to port 5480 can execute arbitra...
This vulnerability in VMware vCenter Server's VAPI service allows attackers with network access to port 443 to send specially crafted JSON-RPC messages and access sensitive information. It affects org...
This vulnerability in VMware vCenter Server allows attackers with network access to port 443 to trigger excessive memory consumption in the VPXD service, causing a denial-of-service condition. It affe...
CVE-2021-21991 is a local privilege escalation vulnerability in VMware vCenter Server that allows authenticated non-administrative users to gain Administrator privileges. This affects vSphere Client (...