cbcvebase.

Parallels Desktop vulnerabilities

72 known vulnerabilities affecting parallels/parallels_desktop.

Total CVEs
72
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH46MEDIUM23LOW2

Vulnerabilities

Page 1 of 4
CVE-2024-6240P2CRITICALCVSS 10.0fixed in 19.3.02024-06-21
CVE-2024-6240 [CRITICAL] CWE-269 CVE-2024-6240: Improper privilege management vulnerability in Parallels Desktop Software, which affects versions ea Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV environment variable with the path to the malicious script, executing on application startup. An attacker could exploit this vulnerability to escalate privil
nvd
CVE-2025-31359P3HIGHCVSS 8.8v20.2.2_\(55879\)2025-06-03
CVE-2025-31359 [HIGH] CWE-22 CVE-2025-31359: A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.
nvd
CVE-2021-31424P3HIGHCVSS 8.8v15.1.5-473092021-04-29
CVE-2021-31424 [HIGH] CWE-122 CVE-2021-31424: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Open Tools Gate component. The issue results from t
nvd
CVE-2021-31420P3HIGHCVSS 8.8v16.1.0-489502021-04-29
CVE-2021-31420 [HIGH] CWE-121 CVE-2021-31420: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.0-48950. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack
nvd
CVE-2021-31425P3HIGHCVSS 8.8v16.1.2-491512021-04-29
CVE-2021-31425 [HIGH] CWE-190 CVE-2021-31425: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from t
nvd
CVE-2021-31426P3HIGHCVSS 8.8v16.1.2-491512021-04-29
CVE-2021-31426 [HIGH] CWE-190 CVE-2021-31426: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue results from the lac
nvd
CVE-2020-17399P3HIGHCVSS 8.8fixed in 16.0.02020-08-25
CVE-2020-17399 [HIGH] CWE-129 CVE-2020-17399: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper
nvd
CVE-2020-17396P3HIGHCVSS 8.8fixed in 16.0.02020-08-25
CVE-2020-17396 [HIGH] CWE-190 CVE-2020-17396: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor module. The issue results from the lack of prope
nvd
CVE-2020-17392P3HIGHCVSS 8.8fixed in 16.0.02020-08-25
CVE-2020-17392 [HIGH] CWE-822 CVE-2020-17392: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_SET_KERNEL_SYMBOLS in the prl_hype
nvd
CVE-2020-17400P3HIGHCVSS 8.8fixed in 16.0.02020-08-25
CVE-2020-17400 [HIGH] CWE-129 CVE-2020-17400: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper
nvd
CVE-2020-17390P3HIGHCVSS 8.8fixed in 15.1.42020-08-25
CVE-2020-17390 [HIGH] CWE-125 CVE-2020-17390: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the hypervisor kernel extension. The issue results from the l
nvd
CVE-2022-34890P3HIGHCVSS 8.8v17.1.1_\(51537\)2022-07-18
CVE-2022-34890 [HIGH] CWE-822 CVE-2022-34890: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Tools component. The issue r
nvd
CVE-2021-27243P3HIGHCVSS 8.8v16.0.12021-03-29
CVE-2021-27243 [HIGH] CWE-190 CVE-2021-27243: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack
nvd
CVE-2021-34856P3HIGHCVSS 8.8v16.1.32021-10-25
CVE-2021-34856 [HIGH] CWE-119 CVE-2021-34856: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the virtio-gpu virtual device. The issue results fro
nvd
CVE-2021-34864P3HIGHCVSS 8.8v16.1.32021-10-25
CVE-2021-34864 [HIGH] CWE-284 CVE-2021-34864: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the WinAppHelper component. The issue results from th
nvd
CVE-2020-8875P3HIGHCVSS 8.8fixed in 15.1.32020-03-23
CVE-2020-8875 [HIGH] CWE-129 CVE-2020-8875: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper va
nvd
CVE-2021-27242P3HIGHCVSS 8.8v16.0.12021-03-29
CVE-2021-27242 [HIGH] CWE-787 CVE-2021-27242: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack
nvd
CVE-2021-34857P3HIGHCVSS 8.8v16.1.32021-10-25
CVE-2021-34857 [HIGH] CWE-787 CVE-2021-34857: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the l
nvd
CVE-2023-50227P3HIGHCVSS 8.3fixed in 19.1.0_\(54729\)2024-05-03
CVE-2023-50227 [HIGH] CWE-787 CVE-2023-50227: Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerabi Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest system must visit a malicious page or open a malicious file.
nvd
CVE-2024-36486P3HIGHCVSS 7.8v20.1.1_\(55740\)2025-06-03
CVE-2024-36486 [HIGH] CWE-62 CVE-2024-36486: A privilege escalation vulnerability exists in the virtual machine archive restoration functionality A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this pro
nvd
Parallels Desktop vulnerabilities | cvebase