Lucene search
K
ParallelsParallels Desktop

74 matches found

CVE
CVE
added 2020/01/07 11:5 p.m.2699 views

CVE-2019-17148

CVE-2019-17148 describes a local privilege escalation in Parallels Desktop (v14.1.3, build 45485). The flaw is in the Parallels Service and results from improper validation of a user-supplied string before it is used to perform a system call, enabling an attacker with low-privilege code execution...

7.8CVSS7.6AI score0.005EPSS
CVE
CVE
added 2022/07/15 7:5 p.m.2405 views

CVE-2021-34987

This CVE (CVE-2021-34987) concerns Parallels Desktop 16.5.1 (49187) where the HDAudio virtual device contains a buffer overflow due to improper validation of user-supplied data length before copying to a fixed-length buffer. The vulnerability enables local privilege escalation and arbitrary code ...

8.2CVSS8.3AI score0.00308EPSS
CVE
CVE
added 2021/04/22 5:50 p.m.2104 views

CVE-2021-27278

CVE-2021-27278 concerns Parallels Desktop (v16.1.1-49141) affecting the Toolgate component. The vulnerability arises from improper validation of a user-supplied path used in file operations, enabling local attackers who have the ability to run high-privileged code on a guest to escalate privilege...

8.2CVSS8.1AI score0.00542EPSS
CVE
CVE
added 2022/07/15 7:5 p.m.1451 views

CVE-2021-34986

Parallels Desktop 16.5.0 (49183) contains a local privilege escalation in the Parallels Service. By creating a symbolic link, an attacker who can run low-privileged code can abuse the service to execute a file, escalating to root and executing arbitrary code. This has been disclosed as ZDI-22-385...

7.8CVSS7.8AI score0.00244EPSS
CVE
CVE
added 2024/06/20 8:13 p.m.105 views

CVE-2024-6154

CVE-2024-6154 affects Parallels Desktop Toolgate, where a heap-based buffer overflow in the Toolgate component is caused by inadequate validation of the length of user-supplied data before copying to a fixed-size heap buffer. This allows local attackers who can run high-privileged code on the gue...

8.2CVSS7.6AI score0.0025EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.104 views

CVE-2023-27322

CVE-2023-27322 affects Parallels Desktop Service, with a local privilege escalation caused by improper initialization of environment variables in the Parallels Service. The vulnerability enables a local attacker who already has low-privilege code execution access to escalate to root and execute a...

7.8CVSS7.8AI score0.00369EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.86 views

CVE-2023-50226

Parallels Desktop Updater contains a local privilege escalation via the Updater service. The flaw arises from creating a symbolic link to move arbitrary files, allowing an attacker who already has low-privilege code execution to escalate to root and execute arbitrary code. Several sources corrobo...

7.8CVSS7.8AI score0.00686EPSS
CVE
CVE
added 2024/06/21 1:33 p.m.82 views

CVE-2024-6240

CVE-2024-6240 concerns an improper privilege management vulnerability in Parallels Desktop Software prior to version 19.3.0. An attacker could place malicious code in a script and populate the BASH_ENV variable with the path to that script, causing it to execute on application startup and potenti...

10CVSS7.9AI score0.00317EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.80 views

CVE-2023-27326

CVE-2023-27326 is a local privilege escalation in Parallels Desktop where the Toolgate component fails to validate a user-supplied path, enabling directory traversal and arbitrary code execution as the current host user. Exploitation requires prior high-privilege code execution on the guest syste...

8.2CVSS8.3AI score0.0126EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.77 views

CVE-2023-50227

CVE-2023-50227 describes a vulnerability in Parallels Desktop affecting the virtio-gpu virtual device. The issue is an out-of-bounds write caused by improper validation of user-supplied data, enabling a remote attacker to execute code in the hypervisor. Exploitation requires user interaction (the...

8.3CVSS8.7AI score0.00757EPSS
CVE
CVE
added 2025/06/03 9:43 a.m.76 views

CVE-2024-54189

Summary: CVE-2024-54189 is a local privilege-escalation vulnerability in Parallels Desktop for Mac 20.1.1 (build 55740). During VM snapshot creation, the root-level prl_disp_service writes metadata to a snapshot.xml file in a VM directory owned by a normal user. An attacker can replace that file ...

7.8CVSS7.9AI score0.00277EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.75 views

CVE-2023-27327

CVE-2023-27327 concerns Parallels Desktop Toolgate, a local privilege escalation. The flaw arises from missing locking when operating on an object within Toolgate, enabling a local attacker who can run high-privileged code on the guest to escalate privileges and execute code in the host context. ...

7.5CVSS7.8AI score0.00405EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.74 views

CVE-2023-27324

CVE-2023-27324 affects Parallels Desktop Updater on macOS. The Updater service suffers from improper initialization of environment variables, enabling a local attacker to escalate privileges to root by executing low-privileged code on the target host. Documents consistently identify the impact as...

7.8CVSS7.9AI score0.00369EPSS
CVE
CVE
added 2020/08/25 8:20 p.m.73 views

CVE-2020-17395

Parallels Desktop contains a local privilege-escalation flaw in the prl_naptd process due to an improper validation of user-supplied data, causing an integer underflow before memory write. This can allow an attacker with the ability to run high-privilege code on a guest to escalate privileges and...

8.2CVSS8.2AI score0.00485EPSS
CVE
CVE
added 2024/06/20 8:12 p.m.70 views

CVE-2024-6153

CVE-2024-6153 affects Parallels Desktop Updater. The flaw is in the Updater service where version information is not properly validated before performing updates. This enables local attackers who can run low-privilege code to cause a downgrade and, potentially in conjunction with other vulnerabil...

7.8CVSS7.5AI score0.00292EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.69 views

CVE-2023-27328

Parallels Desktop Toolgate XML Injection Local Privilege Escalation: Affected component is Toolgate within Parallels Desktop. Root cause is improper validation of a user-supplied string used to construct an XML document, enabling a local attacker to escalate privileges and execute arbitrary code ...

7.8CVSS7.9AI score0.00321EPSS
CVE
CVE
added 2007/05/02 5:0 p.m.68 views

CVE-2007-2455

Technical details about CVE-2007-2455 are not publicly available in the provided connected documents; no affected products, root cause, impact, or remediation are specified. Monitor for updates in future reports.

6.1CVSS6.4AI score0.00598EPSS
CVE
CVE
added 2022/07/15 8:10 p.m.68 views

CVE-2022-34889

CVE-2022-34889 affects Parallels Desktop 17.1.1 (51537). The vulnerability is in the ACPI virtual device and arises from insufficient validation of user-supplied data, causing a read past the end of an allocated buffer. This enables local attackers who can run high-privilege code on the target gu...

8.2CVSS8.2AI score0.0033EPSS
CVE
CVE
added 2025/06/03 9:43 a.m.68 views

CVE-2024-52561

Summary: CVE-2024-52561 is a privilege-escalation vulnerability in Parallels Desktop for Mac 20.1.1 (build 55740). During snapshot deletion, the root service (prl_disp_service) verifies and may change ownership of files under the Snapshot directory. Attackers can exploit a symlink to replace the ...

7.8CVSS7.8AI score0.00244EPSS
CVE
CVE
added 2021/03/29 9:5 p.m.67 views

CVE-2021-27243

This entry concerns CVE-2021-27243 affecting Parallels Desktop (Toolgate). The impact is local privilege escalation via an integer overflow in Toolgate caused by insufficient validation of user-supplied data, which can lead to buffer overflow and arbitrary code execution in the hypervisor context...

8.8CVSS8.8AI score0.00276EPSS
CVE
CVE
added 2021/03/29 9:5 p.m.67 views

CVE-2021-27244

Parallels Desktop 16.0.1-48919 contains a local, information-disclosure vulnerability in the Toolgate component. The flaw arises from improper validation of user-supplied data, leading to a read past the end of an allocated buffer. An attacker who can execute low-privileged code on the guest OS c...

6.5CVSS6.2AI score0.0027EPSS
CVE
CVE
added 2022/07/15 8:12 p.m.64 views

CVE-2022-34891

CVE-2022-34891 affects Parallels Desktop 17.1.1. The flaw is in the updater mechanism where permissions on sensitive files are set incorrectly, enabling a local, low-privilege attacker to escalate to root and execute arbitrary code. Exploitation details or active exploitation are not provided in ...

7.8CVSS7.8AI score0.00277EPSS
CVE
CVE
added 2024/05/03 2:14 a.m.64 views

CVE-2023-50228

Parallels Desktop Updater contains an in-the-wild vulnerability: improper verification of a cryptographic signature in the Updater service allows a local attacker who can run low-privileged code to escalate to root. Affected: Parallels Desktop Updater. Root cause: signature verification bypass. I...

7.8CVSS7.8AI score0.00211EPSS
CVE
CVE
added 2025/06/03 9:43 a.m.64 views

CVE-2025-31359

Cisco TALOS reports TALOS-2025-2160 (CVE-2025-31359) as a directory-traversal vulnerability in Parallels Desktop for Mac 20.2.2 (55879) affecting the PVMP unpacking process via prl_packer_inplace. The flaw allows a directory traversal payload to cause writes to arbitrary files, potentially enabli...

8.8CVSS8.8AI score0.01679EPSS
CVE
CVE
added 2020/08/25 8:20 p.m.63 views

CVE-2020-17399

CVE-2020-17399 affects Parallels Desktop (15.1.4) with the prl_hypervisor kext. The flaw arises from insufficient validation of user-supplied data, causing a write past the end of an allocated buffer and enabling local privilege escalation to kernel context. Several connected sources corroborate ...

8.8CVSS8.7AI score0.00533EPSS
CVE
CVE
added 2020/08/25 8:20 p.m.62 views

CVE-2020-17397

CVE-2020-17397 affects Parallels Desktop (notably 15.1.4) where a memory corruption triggered by improper validation of data in network packet handling allows local privilege escalation to the hypervisor context. Exploitation requires high-privilege code execution on the target guest; no public e...

8.2CVSS8.3AI score0.0046EPSS
CVE
CVE
added 2021/04/29 4:31 p.m.62 views

CVE-2021-31432

The CVE-2021-31432 issue affects Parallels Desktop 15.1.5-47309 and is tied to the IDE virtual device. The root cause is improper validation of user-supplied data that leads to an out-of-bounds read (read past the end of an allocated buffer). This information disclosure vulnerability requires a l...

6CVSS5.8AI score0.00448EPSS
CVE
CVE
added 2020/08/25 8:20 p.m.61 views

CVE-2020-17398

CVE-2020-17398 affects Parallels Desktop (notably 15.1.4) through the prl_hypervisor kernel extension. The issue is an out-of-bounds read caused by insufficient validation of user-supplied data, enabling local attackers who can run low-privilege code to disclose information and, in combination wi...

6.5CVSS6.1AI score0.0053EPSS
CVE
CVE
added 2020/08/25 8:20 p.m.61 views

CVE-2020-17402

CVE-2020-17402 affects Parallels Desktop 15.1.4 (47270) via a flaw in the prl_hypervisor kext. The weakness allows a local, low-privilege attacker who can run code on the target to disclose a memory address by inspecting a log file, which could be used with other vulnerabilities to escalate to ke...

6.5CVSS6.3AI score0.00475EPSS
CVE
CVE
added 2020/08/25 8:20 p.m.60 views

CVE-2020-17393

The CVE-2020-17393 issue affects Parallels Desktop (15.1.3-47255) through the prl_hypervisor kext. A lack of proper validation of user-supplied data can leak a kernel pointer after the handler completes, enabling local information disclosure. While the advisory notes this could be leveraged along...

6.5CVSS6.2AI score0.0053EPSS
CVE
CVE
added 2020/08/25 8:20 p.m.60 views

CVE-2020-17400

The CVE-2020-17400 entry concerns Parallels Desktop (vulnerable through the prl_hypervisor kext). A local attacker who can run low-privilege code can exploit an input-validation flaw that leads to a read past the end of an allocated buffer, enabling privilege escalation and code execution in the ...

8.8CVSS8.6AI score0.00533EPSS
CVE
CVE
added 2021/10/25 5:10 p.m.60 views

CVE-2021-34855

CVE-2021-34855 affects Parallels Desktop 16.1.3 (49160) and involves the Toolgate component. The issue arises from uninitialized memory access in Toolgate, allowing a local attacker who can run low-privileged code on the guest to disclose sensitive information. The vulnerability can be leveraged ...

6.5CVSS6.3AI score0.00258EPSS
CVE
CVE
added 2020/08/25 8:20 p.m.59 views

CVE-2020-17394

CVE-2020-17394 affects Parallels Desktop (OEMNet) and stems from insufficient validation of user-supplied data, causing an out-of-bounds read in a local context. Exploitation requires high-privilege code on the guest; successful exploitation could disclose memory-resident data and, as described i...

6CVSS5.7AI score0.00553EPSS
CVE
CVE
added 2021/04/29 4:31 p.m.59 views

CVE-2021-31422

CVE-2021-31422 affects Parallels Desktop 16.1.1-49141. The vulnerability is in the e1000e virtual device, caused by a lack of proper locking when performing operations on an object, enabling a local attacker who already has high-privilege code execution in the guest to escalate privileges and exe...

7.5CVSS7.7AI score0.00299EPSS
CVE
CVE
added 2020/08/25 8:20 p.m.58 views

CVE-2020-17396

CVE-2020-17396 affects Parallels Desktop (notably 15.1.4) via the prl_hypervisor module. The issue is an integer overflow caused by insufficient validation of user-supplied data, leading to a buffer allocation error and the possibility for a local attacker to escalate privileges and execute code ...

8.8CVSS8.7AI score0.00533EPSS
CVE
CVE
added 2022/07/15 8:11 p.m.58 views

CVE-2022-34890

CVE-2022-34890 affects Parallels Desktop 17.1.1 (51537) with the flaw in Parallels Tools. The issue arises from improper validation of a user-supplied value dereferenced as a pointer, enabling a local attacker with low privileges on the guest to disclose sensitive information and, in conjunction ...

8.8CVSS8.3AI score0.00317EPSS
CVE
CVE
added 2022/07/18 2:17 p.m.58 views

CVE-2022-34892

CVE-2022-34892 affects Parallels Desktop 17.1.1 on macOS. A race-condition in the updater mechanism (due to lack of proper locking when operating on an object) can be exploited by a local attacker who already has low-privilege code execution to escalate to root and execute arbitrary code. The iss...

7.8CVSS7.8AI score0.0024EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.58 views

CVE-2023-27325

The CVE-2023-27325 issue affects Parallels Desktop and specifically the Updater service. The root cause is improper initialization of environment variables, which allows a local attacker with low-privilege code execution to escalate to root privileges and run arbitrary code. Public documentation ...

7.8CVSS7.9AI score0.00363EPSS
CVE
CVE
added 2020/08/25 8:20 p.m.57 views

CVE-2020-17390

CVE-2020-17390 affects Parallels Desktop on macOS, specifically versions around 15.1.2-47123, with a vulnerability in the hypervisor kernel extension. The issue stems from improper validation of user-supplied data, causing an out-of-bounds read that can escalate privileges to the hypervisor conte...

8.8CVSS8.4AI score0.00531EPSS
CVE
CVE
added 2020/08/25 8:20 p.m.57 views

CVE-2020-17391

The CVE-2020-17391 entries describe a local information-disclosure flaw in Parallels Desktop’s prl_hypervisor kext, specifically in the HOST_IOCTL_INIT_HYPERVISOR handler. The vulnerability arises from exposing a dangerous method to unprivileged users, enabling a local attacker to disclose kernel...

6.5CVSS6.3AI score0.0053EPSS
CVE
CVE
added 2020/08/25 8:20 p.m.56 views

CVE-2020-17401

CVE-2020-17401 affects Parallels Desktop 15.1.4, with the vulnerability located in the VGA virtual device. The issue is an out-of-bounds read caused by improper validation of user-supplied data, allowing local attackers who can execute high-privilege code on the guest to read past the end of an a...

6CVSS5.8AI score0.00553EPSS
CVE
CVE
added 2020/03/23 5:30 p.m.56 views

CVE-2020-8871

The CVE-2020-8871 entry describes a local privilege-escalation flaw in Parallels Desktop 15.1.0-47107 caused by improper validation in the VGA virtual device, leading to a write past the end of an allocated buffer. An attacker must first gain the ability to execute high-privileged code on the tar...

8.2CVSS6.6AI score0.00614EPSS
CVE
CVE
added 2021/04/29 4:31 p.m.56 views

CVE-2021-31420

CVE-2021-31420 is a stack-based buffer overflow in Parallels Desktop 16.1.0-48950, within the Toolgate component. The issue results from insufficient validation of the length of user-supplied data before copying to a fixed-length stack buffer. This permits local attackers who can run low-privileg...

8.8CVSS8.7AI score0.00436EPSS
CVE
CVE
added 2024/05/03 1:55 a.m.56 views

CVE-2023-27323

CVE-2023-27323 concerns Parallels Desktop Updater on macOS, where a Time-Of-Check Time-Of-Use flaw in the Updater service can be triggered by creating a symbolic link to abuse the service and execute a file, leading to local privilege escalation to root. Affected software is Parallels Desktop (Up...

7.8CVSS7.8AI score0.00201EPSS
CVE
CVE
added 2021/04/29 4:31 p.m.55 views

CVE-2021-31417

Parallels Desktop 15.1.4-47270 is affected by CVE-2021-31417 in the Toolgate component. The issue stems from uninitialized memory access, enabling a local attacker who can run low-privilege code on the target guest to disclose sensitive information. The vulnerability can be leveraged with other f...

6.5CVSS6.3AI score0.0043EPSS
CVE
CVE
added 2021/04/29 4:31 p.m.55 views

CVE-2021-31428

CVE-2021-31428 affects Parallels Desktop 15.1.5-47309, with the vulnerability located in the IDE virtual device. The issue is a heap-based buffer overflow caused by improper validation of the length of user-supplied data before copying to a fixed-length heap buffer, enabling local privilege escal...

8.2CVSS8.3AI score0.00442EPSS
CVE
CVE
added 2021/10/25 5:10 p.m.55 views

CVE-2021-34864

Parallels Desktop 16.1.3 is affected by a local privilege-escalation in the WinAppHelper component due to improper access control. An attacker with low-privileged code execution in the guest can escalate to the hypervisor context and execute arbitrary code. Root cause: lack of proper access contr...

8.8CVSS8.3AI score0.00229EPSS
CVE
CVE
added 2021/10/25 5:10 p.m.54 views

CVE-2021-34854

CVE-2021-34854 affects Parallels Desktop 16.1.3 (49160) via the Toolgate component. The flaw arises from improper validation of user-supplied data, causing uncontrolled memory allocation and enabling a local attacker who can run low-privilege code on the guest to escalate privileges and execute a...

7.8CVSS7.8AI score0.00246EPSS
CVE
CVE
added 2007/05/02 5:0 p.m.53 views

CVE-2007-2454

CVE-2007-2454 describes a heap-based buffer overflow in the VGA device used by Parallels. The flaw allows local users with root access inside the guest to terminate the virtual machine and potentially execute arbitrary code on the host via vectors related to bitblt operations. Documents do not pr...

6.8CVSS7.7AI score0.00438EPSS
CVE
CVE
added 2021/04/14 3:46 p.m.53 views

CVE-2021-27260

CVE-2021-27260 affects Parallels Desktop 16.0.1-48919. The vulnerability is in the Toolgate component and arises from insufficient validation of user-supplied data, leading to a read past the end of an allocated buffer. This enables local attackers who can execute high-privilege code on the targe...

3.2CVSS3.7AI score0.0049EPSS
Total number of security vulnerabilities74