VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug

VMware/Broadcom disclosed two critical heap-overflow vulnerabilities in vCenter Server's DCE/RPC implementation (CVE-2024-37079 and CVE-2024-37080, CVSS 9.8) that could enable remote code execution, plus an important local privilege escalation (CVE-2024-37081) related to sudo misconfiguration; patches are available and the vendor reports no known in-the-wild exploitation, though unsupported older vSphere releases may still be vulnerable.