Parallels Desktop
by Parallels
CVEs (49)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34331 | Cri | 0.64 | 9.8 | 0.01 | Sep 23, 2024 | A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. | ||
| CVE-2025-30074 | Hig | 0.51 | 7.8 | 0.00 | Mar 16, 2025 | Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine. | ||
| CVE-2024-52561 | 0.00 | — | 0.00 | Jun 3, 2025 | A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an… | |||
| CVE-2024-54189 | 0.00 | — | 0.00 | Jun 3, 2025 | A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write… | |||
| CVE-2024-36486 | 0.00 | — | 0.00 | Jun 3, 2025 | A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to… | |||
| CVE-2025-31359 | 0.00 | — | 0.02 | Jun 3, 2025 | A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation. | |||
| CVE-2025-0413 | 0.00 | — | 0.00 | Feb 4, 2025 | Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute… | |||
| CVE-2024-6240 | 0.00 | — | 0.00 | Jun 21, 2024 | Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application… | |||
| CVE-2023-27327 | 0.00 | — | 0.00 | May 3, 2024 | Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged… | |||
| CVE-2023-27325 | 0.00 | — | 0.00 | May 3, 2024 | Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code… | |||
| CVE-2023-27324 | 0.00 | — | 0.00 | May 3, 2024 | Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code… | |||
| CVE-2022-34892 | 0.00 | — | 0.00 | Jul 18, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The… | |||
| CVE-2022-34890 | 0.00 | — | 0.00 | Jul 15, 2022 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2022-34889 | 0.00 | — | 0.00 | Jul 15, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The… | |||
| CVE-2021-34986 | 0.00 | — | 0.00 | Jul 15, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw… | |||
| CVE-2021-34869 | 0.00 | — | 0.00 | Jan 25, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific… | |||
| CVE-2021-34868 | 0.00 | — | 0.00 | Jan 25, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific… | |||
| CVE-2021-34864 | 0.00 | — | 0.00 | Oct 25, 2021 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The… | |||
| CVE-2021-34855 | 0.00 | — | 0.00 | Oct 25, 2021 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2021-34854 | 0.00 | — | 0.00 | Oct 25, 2021 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The… |
- risk 0.64cvss 9.8epss 0.01
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.
- risk 0.51cvss 7.8epss 0.00
Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.
- CVE-2024-52561Jun 3, 2025risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an…
- CVE-2024-54189Jun 3, 2025risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write…
- CVE-2024-36486Jun 3, 2025risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to…
- CVE-2025-31359Jun 3, 2025risk 0.00cvss —epss 0.02
A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.
- CVE-2025-0413Feb 4, 2025risk 0.00cvss —epss 0.00
Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute…
- CVE-2024-6240Jun 21, 2024risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application…
- CVE-2023-27327May 3, 2024risk 0.00cvss —epss 0.00
Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged…
- CVE-2023-27325May 3, 2024risk 0.00cvss —epss 0.00
Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code…
- CVE-2023-27324May 3, 2024risk 0.00cvss —epss 0.00
Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code…
- CVE-2022-34892Jul 18, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The…
- CVE-2022-34890Jul 15, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2022-34889Jul 15, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The…
- CVE-2021-34986Jul 15, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw…
- CVE-2021-34869Jan 25, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…
- CVE-2021-34868Jan 25, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…
- CVE-2021-34864Oct 25, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The…
- CVE-2021-34855Oct 25, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2021-34854Oct 25, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The…
Page 1 of 3