Parallels Desktop vulnerabilities
69 known vulnerabilities affecting parallels/desktop.
Total CVEs
69
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH45MEDIUM23LOW1
Vulnerabilities
Page 3 of 4
CVE-2020-17397P3HIGHCVSS 8.2v15.1.42020-08-25
CVE-2020-17397 [HIGH] CWE-119 CVE-2020-17397: This vulnerability allows local attackers to escalate privileges on affected installations of Parall
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handling of network packets. The issue results from the
nvd
CVE-2021-27278P3HIGHCVSS 8.2v16.1.1-491412021-04-22
CVE-2021-27278 [HIGH] CWE-22 CVE-2021-27278: This vulnerability allows local attackers to escalate privileges on affected installations of Parall
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack
nvd
CVE-2020-17395P3HIGHCVSS 8.2v15.1.42020-08-25
CVE-2020-17395 [HIGH] CWE-191 CVE-2020-17395: This vulnerability allows local attackers to escalate privileges on affected installations of Parall
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the prl_naptd process. The issue results from the lack of pr
nvd
CVE-2023-27327P3HIGHCVSS 7.5v18.0.22024-05-03
CVE-2023-27327 [HIGH] CWE-367 CVE-2023-27327: Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This
Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.
The
nvd
CVE-2021-31422P3HIGHCVSS 7.5v16.1.1-491412021-04-29
CVE-2021-31422 [HIGH] CWE-367 CVE-2021-31422: This vulnerability allows local attackers to escalate privileges on affected installations of Parall
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000e virtual device. The issue results from the
nvd
CVE-2024-6154P3MEDIUMCVSS 6.7v18.2.0 (53488)2024-06-20
CVE-2024-6154 [MEDIUM] CWE-122 CVE-2024-6154: Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This
Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability.
Th
nvd
CVE-2020-17391P4MEDIUMCVSS 6.5v15.1.3-472552020-08-25
CVE-2020-17391 [MEDIUM] CWE-749 CVE-2020-17391: This vulnerability allows local attackers to disclose information on affected installations of Paral
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_INIT_HYPERVISOR in the prl_hype
nvd
CVE-2020-17393P4MEDIUMCVSS 6.5v15.1.3-472552020-08-25
CVE-2020-17393 [MEDIUM] CWE-20 CVE-2020-17393: This vulnerability allows local attackers to disclose information on affected installations of Paral
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of
nvd
CVE-2020-17398P4MEDIUMCVSS 6.5v15.1.42020-08-25
CVE-2020-17398 [MEDIUM] CWE-129 CVE-2020-17398: This vulnerability allows local attackers to disclose information on affected installations of Paral
This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of prop
nvd
CVE-2021-31419P4MEDIUMCVSS 6.5v15.1.4-472702021-04-29
CVE-2021-31419 [MEDIUM] CWE-908 CVE-2021-31419: This vulnerability allows local attackers to disclose sensitive information on affected installation
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results
nvd
CVE-2021-31418P4MEDIUMCVSS 6.5v15.1.4-472702021-04-29
CVE-2021-31418 [MEDIUM] CWE-908 CVE-2021-31418: This vulnerability allows local attackers to disclose sensitive information on affected installation
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results
nvd
CVE-2021-31417P4MEDIUMCVSS 6.5v15.1.4-472702021-04-29
CVE-2021-31417 [MEDIUM] CWE-908 CVE-2021-31417: This vulnerability allows local attackers to disclose sensitive information on affected installation
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results
nvd
CVE-2021-27244P4MEDIUMCVSS 6.5v16.0.1-489192021-03-29
CVE-2021-27244 [MEDIUM] CWE-125 CVE-2021-27244: This vulnerability allows local attackers to disclose sensitive information on affected installation
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results
nvd
CVE-2021-34855P4MEDIUMCVSS 6.5v16.1.3 (49160)2021-10-25
CVE-2021-34855 [MEDIUM] CWE-908 CVE-2021-34855: This vulnerability allows local attackers to disclose sensitive information on affected installation
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue result
nvd
CVE-2020-8871P4MEDIUMCVSS 6.7v15.1.0-471072020-03-23
CVE-2020-8871 [MEDIUM] CWE-787 CVE-2020-8871: This vulnerability allows local attackers to escalate privileges on affected installations of Parall
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.0-47107 . An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the la
nvd
CVE-2020-8874P4MEDIUMCVSS 6.7v15.1.2-471232020-03-23
CVE-2020-8874 [MEDIUM] CWE-190 CVE-2020-8874: This vulnerability allows local attackers to escalate privileges on affected installations of Parall
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of
nvd
CVE-2020-17402P4MEDIUMCVSS 6.5v15.1.4 (47270)2020-08-25
CVE-2020-17402 [MEDIUM] CWE-732 CVE-2020-17402: This vulnerability allows local attackers to disclose sensitive information on affected installation
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. By examining a log fi
nvd
CVE-2020-8873P4MEDIUMCVSS 6.7v15.1.2-471232020-03-23
CVE-2020-8873 [MEDIUM] CWE-367 CVE-2020-8873: This vulnerability allows local attackers to escalate privileges on affected installations of Parall
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of
nvd
CVE-2021-31421P4MEDIUMCVSS 6.0v16.1.1-491412021-04-29
CVE-2021-31421 [MEDIUM] CWE-22 CVE-2021-31421: This vulnerability allows local attackers to delete arbitrary files on affected installations of Par
This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the
nvd
CVE-2021-31427P4MEDIUMCVSS 5.6v15.1.5-473092021-04-29
CVE-2021-31427 [MEDIUM] CWE-367 CVE-2021-31427: This vulnerability allows local attackers to disclose sensitive information on affected installation
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Open Tools Gate component. The issue r
nvd