Two VMware vCenter server bugs, including a critical heap-overflow vulnerability that leads to remote code execution (RCE), have been exploited in attacks after Broadcom’s first attempt to fix the flaws fell short. Broadcom first patched the two flaws – CVE-2024-38812 and CVE-2024-38813 – on September 17th, but then issued an October update to the original patches after admitting its initial effort “did not completely address”

Source: The Register