CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

CVE-2024-37079 in VMware vCenter Exploited in the Wild

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

CVE-2024-37079, a critical heap overflow flaw in VMware vCenter Server, is being actively exploited in the wild. The vulnerability, patched in June 2024, allows remote code execution via a specially crafted network packet. Broadcom confirmed the active exploitation and advised customers to apply security patches immediately. CISA added the flaw to its KEV catalog, mandating FCEB agencies to secure their systems by February 13, 2026, under BOD 22-01. There are no known workarounds or mitigations, emphasizing the urgency of applying the latest patches.

Timeline

  1. 24.01.2026 10:09 2 articles · 3d ago

    CVE-2024-37079 in VMware vCenter Exploited in the Wild

    CISA added CVE-2024-37079, a critical heap overflow flaw in VMware vCenter Server, to its KEV catalog due to active exploitation. The vulnerability, patched in June 2024, allows remote code execution. Broadcom confirmed in-the-wild abuse, and FCEB agencies must update by February 13, 2026. There are no known workarounds or mitigations, emphasizing the urgency of applying the latest patches.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Critical Authentication Bypass in GNU InetUtils telnetd

A critical authentication bypass vulnerability (CVE-2026-24061) in GNU InetUtils telnetd, affecting versions 1.9.3 to 2.7, allows remote attackers to gain root access by exploiting the USER environment variable. The flaw, introduced in 2015, enables bypassing normal authentication if the client supplies a crafted USER value. Mitigations include patching and restricting network access to the telnet port. Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints globally, with over 380,000 in Asia, almost 170,000 in South America, and just over 100,000 in Europe. GreyNoise observed 18 unique IP addresses exploiting this flaw over the past 24 hours, with attacks targeting the 'root' user in 83.3% of cases. The attacks involved automated reconnaissance and attempts to persist SSH keys and deploy Python malware, which failed on the observed systems due to missing binaries or directories.

Open in new tab

Microsoft January 2026 Patch Tuesday Addresses 3 Zero-Days, 114 Flaws

Microsoft's January 2026 Patch Tuesday addressed 114 vulnerabilities, including three zero-days: one actively exploited (CVE-2026-20805) and two publicly disclosed (CVE-2026-21265 and CVE-2023-31096). The updates covered a range of flaw types, with eight classified as 'Critical,' including remote code execution and elevation-of-privilege vulnerabilities. Additionally, Microsoft released emergency out-of-band security updates to patch a high-severity Microsoft Office zero-day vulnerability (CVE-2026-21509) exploited in attacks, affecting multiple Office versions. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-20805 and CVE-2026-21509 to its Known Exploited Vulnerabilities (KEV) catalog, mandating Federal Civilian Executive Branch (FCEB) agencies to apply the latest fixes by February 3, 2026, and February 16, 2026, respectively. The flaw was discovered by the Microsoft Threat Intelligence Center (MSTIC), the Microsoft Security Response Center (MSRC), and the Office Product Group Security Team, and affects several versions of Microsoft Office 2016, 2019, LTSC 2021, LTSC 2024, and Microsoft 365 Apps for Enterprise.

Open in new tab

CISA Adds Actively Exploited Digiever NVR Vulnerability to KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in Digiever DS-2105 Pro network video recorders (NVRs) to its Known Exploited Vulnerabilities (KEV) catalog due to active exploitation. The flaw, tracked as CVE-2023-52163, allows post-authentication remote code execution via command injection. The vulnerability remains unpatched as the device has reached end-of-life (EoL) status. Threat actors are exploiting this flaw to deliver botnets like Mirai and ShadowV2. CISA recommends mitigations or discontinuation of the product by January 12, 2025.

Open in new tab

Critical RCE flaw in HPE OneView software actively exploited

Hewlett Packard Enterprise (HPE) has patched a maximum-severity remote code execution (RCE) vulnerability (CVE-2025-37164) in its OneView software, which has a CVSS score of 10.0. The flaw affects all versions before v11.00 and can be exploited by unauthenticated attackers in low-complexity attacks. The vulnerability was reported by Vietnamese security researcher Nguyen Quoc Khanh (brocked200). HPE advises immediate patching as there are no workarounds or mitigations available. HPE has not confirmed whether the vulnerability has been exploited in attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged the flaw as actively exploited in attacks and has given Federal Civilian Executive Branch (FCEB) agencies three weeks to secure their systems by January 28th. CISA encourages all organizations, including private sector, to patch their devices against this actively exploited flaw as soon as possible. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via a centralized dashboard interface. The hotfix must be reapplied after upgrading from version 6.60 or later to version 7.00.00, or after any HPE Synergy Composer reimaging operations. Separate hotfixes are available for the OneView virtual appliance and Synergy Composer2.

Open in new tab

Critical Remote Command Execution Vulnerability Exploited in CentOS Web Panel

A critical remote command execution vulnerability (CVE-2025-48703) in CentOS Web Panel (CWP) is being actively exploited. The flaw allows unauthenticated attackers to execute arbitrary shell commands as a valid user. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, urging federal entities to patch or discontinue use by November 25. The issue affects all CWP versions before 0.9.8.1204. The vulnerability was demonstrated in late June and reported to CWP on May 13. The fix was released on June 18 in version 0.9.8.1205. CISA did not provide details on the exploitation methods, targets, or origin of the malicious activity.

Open in new tab