CVE-2024-38811— Code-execution vulnerability
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-38811
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Code-execution vulnerability
Source: NVD (National Vulnerability Database)
Vulnerability Description
VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
VMware Fusion 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
VMware Fusion是美国威睿(VMware)公司的一套专用于在苹果机(Mac)上运行Windows应用程序的的虚拟机软件。 VMware Fusion存在安全漏洞,该漏洞源于使用不安全的环境变量,导致代码执行漏洞。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | Fusion | 13.x ~ 13.6 | - |
II. Public POCs for CVE-2024-38811
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-38811
请登录查看更多情报信息。
Same Patch Batch · n/a · 2024-09-03 · 18 CVEs total
| CVE-2024-41435 | YugabyteDB 安全漏洞 | |
| CVE-2023-49233 | Visual Planning Admin Center 安全漏洞 | |
| CVE-2024-42902 | LimeSurvey 安全漏洞 | |
| CVE-2024-42904 | sysPass 安全漏洞 | |
| CVE-2024-42901 | LimeSurvey 安全漏洞 | |
| CVE-2024-42903 | LimeSurvey 安全漏洞 | |
| CVE-2024-44809 | camera-pi 安全漏洞 | |
| CVE-2024-38456 | Vivavis 权限许可和访问控制问题漏洞 | |
| CVE-2024-41434 | PingCAP TiDB 安全漏洞 | |
| CVE-2024-44920 | SeaCMS 安全漏洞 | |
| CVE-2024-41433 | PingCAP TiDB 安全漏洞 | |
| CVE-2024-41436 | ClickHouse 安全漏洞 | |
| CVE-2024-45678 | Yubico YubiKey 5 安全漏洞 | |
| CVE-2024-45180 | SquaredUp DS for SCOM 安全漏洞 | |
| CVE-2024-42991 | MingSoft MCMS 安全漏洞 | |
| CVE-2024-34463 | BPL Personal Weighing Scale PWS-01BT IND/09/18/599 安全漏洞 | |
| CVE-2024-44921 | SeaCMS 安全漏洞 |
IV. Related Vulnerabilities
Same product: Fusion
- CVE-2026-4344
Stored Cross-Site Scripting (XSS) Vulnerability in Assembly - CVE-2026-4345
Stored Cross-Site Scripting (XSS) Vulnerability in Design Na - CVE-2026-4369
Stored Cross-Site Scripting (XSS) Vulnerability in Assembly - CVE-2026-0535
Stored XSS in Electronic Library Component Description - CVE-2026-0534
Stored XSS in the value of a part attribute
Same weakness: CWE-20
V. Comments for CVE-2024-38811
No comments yet