Overview
- VMware vCenter Server
18 Jun 2024
Published
02 Aug 2024
Updated
CVSS v3.1
HIGH (7.8)
EPSS
49.73%
KEV
Description
The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance.
Statistics
- 1 Post
Last activity: 9 hours ago
Fediverse
As it is public now* I'm able to talk about it.
Check your VMware infrastructure. CVE-2024-37079 is known to have been exploited in the wild.
> UPDATE: Broadcom has information to suggest that exploitation of CVE-2024-37079 has occurred in the wild.
https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37079
https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37080
https://euvd.enisa.europa.eu/vulnerability/CVE-2024-37081
* technically since Friday.
Overview
- Academy Software Foundation
- OpenEXR
23 Dec 2025
Published
24 Dec 2025
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.05%
KEV
Description
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27948.
Statistics
- 1 Post
Last activity: 6 hours ago
Overview
- Academy Software Foundation
- OpenEXR
23 Dec 2025
Published
24 Dec 2025
Updated
CVSS v3.0
HIGH (7.8)
EPSS
0.05%
KEV
Description
Academy Software Foundation OpenEXR EXR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Academy Software Foundation OpenEXR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of EXR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-27947.
Statistics
- 1 Post
Last activity: 6 hours ago