Lucene search
K
ParallelsRemote Application Server

7 matches found

CVE
CVE
added 2025/02/04 11:9 p.m.101 views

CVE-2025-0413

Parallels Desktop is affected by CVE-2025-0413 in the Technical Data Reporter component. The flaw lets a local attacker with low privileges abuse symbolic links to change file permissions, enabling privilege escalation to root and potentially arbitrary code execution. Exploitation requires local ...

7.8CVSS7.5AI score0.00415EPSS
CVE
CVE
added 2020/12/25 6:58 p.m.68 views

CVE-2020-35710

Parallels Remote Application Server (RAS) 18 is affected. The issue allows remote attackers to discover an intranet IP address because, after submitting the login form (even with blank credentials), the attacker's client receives the host IP via a second request to RASHTML5Gateway/socket.io conta...

5.3CVSS5.4AI score0.01661EPSS
Web
CVE
CVE
added 2022/11/22 12:0 a.m.63 views

CVE-2022-40870

CVE-2022-40870 affects the Web Client of Parallels Remote Application Server v18.0. The issue is a Host Header Injection that allows an attacker to execute arbitrary commands via a crafted payload in the Host header. CVSSv3.1 base score 8.1 (High) with network access, high complexity, no privileg...

8.1CVSS8.4AI score0.01048EPSS
CVE
CVE
added 2018/02/28 3:0 p.m.60 views

CVE-2017-9447

Parallels Remote Application Server (RAS) 15.5 Build 16140 web interface is vulnerable to a path traversal issue due to improper validation of file paths when requesting resources under the RASHTML5Gateway directory. A remote, unauthenticated attacker could exploit this to read arbitrary files on...

7.5CVSS7.5AI score0.02015EPSS
CVE
CVE
added 2021/12/17 4:10 p.m.47 views

CVE-2020-8968

CVE-2020-8968 affects Parallels Remote Application Server (RAS). A local attacker can retrieve certain profile passwords in clear text by uploading a previously stored cyphered file, compromising confidentiality (and potentially integrity/availability of user data). Exploitation is local and requ...

7.1CVSS6.8AI score0.00272EPSS
CVE
CVE
added 2020/07/24 4:1 p.m.44 views

CVE-2020-15860

Parallels RAS 17.1.1 is affected by a Business Logic Error (CVE-2020-15860) that allows an authenticated user to execute any backend operating-system application via the web application and to access hosts in the internal domain without having published apps. Core Security’s advisory (CORE-2020-0...

9.9CVSS9.7AI score0.04009EPSS
CVE
CVE
added 2023/12/14 12:0 a.m.44 views

CVE-2023-45894

CVE-2023-45894 affects the Parallels Remote Application Server (RAS). The vulnerability stems from the RAS not segmenting virtualized applications from the server, enabling a remote attacker to achieve remote code execution via kiosk-breakout techniques on versions prior to 19.2.23975. Reported s...

10CVSS9.6AI score0.01205EPSS