Vendor CVEs
Parallels
All CVEs
123 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34331 | Cri | 0.64 | 9.8 | 0.01 | Sep 23, 2024 | A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root. | ||
| CVE-2025-66431 | Hig | 0.51 | 7.8 | 0.00 | Dec 3, 2025 | WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management." | ||
| CVE-2025-30074 | Hig | 0.51 | 7.8 | 0.00 | Mar 16, 2025 | Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine. | ||
| CVE-2013-4878 | 0.05 | — | 0.31 | Jul 18, 2013 | The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different… | |||
| CVE-2008-6479 | 0.03 | — | 0.01 | Mar 16, 2009 | Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd. | |||
| CVE-2008-6478 | 0.03 | — | 0.01 | Mar 16, 2009 | Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the… | |||
| CVE-2007-4009 | 0.03 | — | 0.04 | Jul 26, 2007 | PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter. | |||
| CVE-2006-2423 | 0.03 | — | 0.02 | May 17, 2006 | Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. | |||
| CVE-2025-66430 | 0.00 | — | 0.00 | Dec 12, 2025 | Plesk 18.0 has Incorrect Access Control. | |||
| CVE-2024-52561 | 0.00 | — | 0.00 | Jun 3, 2025 | A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an… | |||
| CVE-2024-54189 | 0.00 | — | 0.00 | Jun 3, 2025 | A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write… | |||
| CVE-2024-36486 | 0.00 | — | 0.00 | Jun 3, 2025 | A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to… | |||
| CVE-2025-31359 | 0.00 | — | 0.02 | Jun 3, 2025 | A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation. | |||
| CVE-2025-0413 | 0.00 | — | 0.00 | Feb 4, 2025 | Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute… | |||
| CVE-2024-6240 | 0.00 | — | 0.00 | Jun 21, 2024 | Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application… | |||
| CVE-2023-27327 | 0.00 | — | 0.00 | May 3, 2024 | Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged… | |||
| CVE-2023-27325 | 0.00 | — | 0.00 | May 3, 2024 | Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code… | |||
| CVE-2023-27324 | 0.00 | — | 0.00 | May 3, 2024 | Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code… | |||
| CVE-2023-0829 | 0.00 | — | 0.01 | Sep 20, 2023 | Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription. | |||
| CVE-2022-40870 | 0.00 | — | 0.01 | Nov 22, 2022 | The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header. | |||
| CVE-2022-34892 | 0.00 | — | 0.00 | Jul 18, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The… | |||
| CVE-2022-34890 | 0.00 | — | 0.00 | Jul 15, 2022 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2022-34889 | 0.00 | — | 0.00 | Jul 15, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The… | |||
| CVE-2021-34986 | 0.00 | — | 0.00 | Jul 15, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw… | |||
| CVE-2022-30777 | 0.00 | — | 0.02 | May 16, 2022 | Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. | |||
| CVE-2021-34869 | 0.00 | — | 0.00 | Jan 25, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific… | |||
| CVE-2021-34868 | 0.00 | — | 0.00 | Jan 25, 2022 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific… | |||
| CVE-2020-8968 | 0.00 | — | 0.00 | Dec 17, 2021 | Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be… | |||
| CVE-2021-34864 | 0.00 | — | 0.00 | Oct 25, 2021 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The… | |||
| CVE-2021-34855 | 0.00 | — | 0.00 | Oct 25, 2021 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2021-34854 | 0.00 | — | 0.00 | Oct 25, 2021 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The… | |||
| CVE-2021-31431 | 0.00 | — | 0.00 | Apr 29, 2021 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2021-31430 | 0.00 | — | 0.00 | Apr 29, 2021 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2021-31428 | 0.00 | — | 0.00 | Apr 29, 2021 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific… | |||
| CVE-2021-31427 | 0.00 | — | 0.00 | Apr 29, 2021 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2021-31424 | 0.00 | — | 0.00 | Apr 29, 2021 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific… | |||
| CVE-2021-31425 | 0.00 | — | 0.00 | Apr 29, 2021 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific… | |||
| CVE-2021-31423 | 0.00 | — | 0.00 | Apr 29, 2021 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2021-31419 | 0.00 | — | 0.00 | Apr 29, 2021 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2021-31418 | 0.00 | — | 0.00 | Apr 29, 2021 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2021-31417 | 0.00 | — | 0.00 | Apr 29, 2021 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2021-27260 | 0.00 | — | 0.00 | Apr 14, 2021 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2021-27259 | 0.00 | — | 0.00 | Apr 14, 2021 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific… | |||
| CVE-2021-27244 | 0.00 | — | 0.00 | Mar 29, 2021 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.… | |||
| CVE-2020-35710 | 0.00 | — | 0.02 | Dec 25, 2020 | Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an… | |||
| CVE-2020-17400 | 0.00 | — | 0.01 | Aug 25, 2020 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists… | |||
| CVE-2020-17401 | 0.00 | — | 0.01 | Aug 25, 2020 | This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The… | |||
| CVE-2020-17395 | 0.00 | — | 0.00 | Aug 25, 2020 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw… | |||
| CVE-2020-17394 | 0.00 | — | 0.01 | Aug 25, 2020 | This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The… | |||
| CVE-2020-17392 | 0.00 | — | 0.01 | Aug 25, 2020 | This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw… |
- risk 0.64cvss 9.8epss 0.01
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows attackers to escalate privileges via a crafted macOS installer, because Parallels Service is setuid root.
- risk 0.51cvss 7.8epss 0.00
WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management."
- risk 0.51cvss 7.8epss 0.00
Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.
- CVE-2013-4878Jul 18, 2013risk 0.05cvss —epss 0.31
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different…
- CVE-2008-6479Mar 16, 2009risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd.
- CVE-2008-6478Mar 16, 2009risk 0.03cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the…
- CVE-2007-4009Jul 26, 2007risk 0.03cvss —epss 0.04
PHP remote file inclusion vulnerability in admin/business_inc/saveserver.php in SWSoft Confixx Pro 2.0.12 through 3.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the thisdir parameter.
- CVE-2006-2423May 17, 2006risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter.
- CVE-2025-66430Dec 12, 2025risk 0.00cvss —epss 0.00
Plesk 18.0 has Incorrect Access Control.
- CVE-2024-52561Jun 3, 2025risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an…
- CVE-2024-54189Jun 3, 2025risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write…
- CVE-2024-36486Jun 3, 2025risk 0.00cvss —epss 0.00
A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to…
- CVE-2025-31359Jun 3, 2025risk 0.00cvss —epss 0.02
A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.
- CVE-2025-0413Feb 4, 2025risk 0.00cvss —epss 0.00
Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute…
- CVE-2024-6240Jun 21, 2024risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application…
- CVE-2023-27327May 3, 2024risk 0.00cvss —epss 0.00
Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged…
- CVE-2023-27325May 3, 2024risk 0.00cvss —epss 0.00
Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code…
- CVE-2023-27324May 3, 2024risk 0.00cvss —epss 0.00
Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code…
- CVE-2023-0829Sep 20, 2023risk 0.00cvss —epss 0.01
Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription.
- CVE-2022-40870Nov 22, 2022risk 0.00cvss —epss 0.01
The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. This vulnerability allows attackers to execute arbitrary commands via a crafted payload injected into the Host header.
- CVE-2022-34892Jul 18, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The…
- CVE-2022-34890Jul 15, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2022-34889Jul 15, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The…
- CVE-2021-34986Jul 15, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw…
- CVE-2022-30777May 16, 2022risk 0.00cvss —epss 0.02
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
- CVE-2021-34869Jan 25, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…
- CVE-2021-34868Jan 25, 2022risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…
- CVE-2020-8968Dec 17, 2021risk 0.00cvss —epss 0.00
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. The confidentiality, availability and integrity of the information of the user could be…
- CVE-2021-34864Oct 25, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The…
- CVE-2021-34855Oct 25, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2021-34854Oct 25, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The…
- CVE-2021-31431Apr 29, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2021-31430Apr 29, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2021-31428Apr 29, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific…
- CVE-2021-31427Apr 29, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2021-31424Apr 29, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…
- CVE-2021-31425Apr 29, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…
- CVE-2021-31423Apr 29, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2021-31419Apr 29, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2021-31418Apr 29, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2021-31417Apr 29, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2021-27260Apr 14, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2021-27259Apr 14, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific…
- CVE-2021-27244Mar 29, 2021risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.…
- CVE-2020-35710Dec 25, 2020risk 0.00cvss —epss 0.02
Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. In other words, after an…
- CVE-2020-17400Aug 25, 2020risk 0.00cvss —epss 0.01
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists…
- CVE-2020-17401Aug 25, 2020risk 0.00cvss —epss 0.01
This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The…
- CVE-2020-17395Aug 25, 2020risk 0.00cvss —epss 0.00
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw…
- CVE-2020-17394Aug 25, 2020risk 0.00cvss —epss 0.01
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The…
- CVE-2020-17392Aug 25, 2020risk 0.00cvss —epss 0.01
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw…
Page 1 of 3