June 18, 2024: Heap Overflow Vulnerabilities in VMWare vCenter Server

**Critical heap-overflow vulnerabilities in VMware vCenter DCE/RPC (CVE-2024-37079, CVE-2024-37080)** — VMware vCenter Server contains multiple heap-based buffer overflow flaws in its DCERPC implementation (CVSS 9.8) that could allow remote code execution if an attacker can send crafted DCERPC packets. Affected versions include releases prior to 8.0 U2d, 8.0 U1e, and 7.0 U3r; no public exploitation details are available. The advisory includes remediation pointers and Censys queries to identify exposed vCenter/DCERPC instances.