cbcvebase.

Parallels Desktop vulnerabilities

72 known vulnerabilities affecting parallels/parallels_desktop.

Total CVEs
72
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH46MEDIUM23LOW2

Vulnerabilities

Page 2 of 4
CVE-2024-6153P3HIGHCVSS 7.8fixed in 18.1.02024-06-20
CVE-2024-6153 [HIGH] CWE-693 CVE-2024-6153: Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulner Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows local attackers to downgrade Parallels software on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The
nvd
CVE-2024-54189P3HIGHCVSS 7.8v20.1.1_\(55740\)2025-06-03
CVE-2024-54189 [HIGH] CWE-62 CVE-2024-54189: A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for M A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation.
nvd
CVE-2023-50226P3HIGHCVSS 7.8fixed in 17.1.7_\(51588\)≥ 18.0.0_\(53049\), < 18.3.2_\(53621\)2024-05-03
CVE-2023-50226 [HIGH] CWE-59 CVE-2023-50226: Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerabilit Parallels Desktop Updater Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw
nvd
CVE-2023-27324P3HIGHCVSS 7.8fixed in 18.1.0_\(53311\)2024-05-03
CVE-2023-27324 [HIGH] CWE-665 CVE-2023-27324: Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vul Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spec
nvd
CVE-2023-27322P3HIGHCVSS 7.8fixed in 18.1.0_\(53311\)2024-05-03
CVE-2023-27322 [HIGH] CWE-665 CVE-2023-27322: Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vul Parallels Desktop Service Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spec
nvd
CVE-2023-27325P3HIGHCVSS 7.8fixed in 18.1.0_\(53311\)2024-05-03
CVE-2023-27325 [HIGH] CWE-665 CVE-2023-27325: Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vul Parallels Desktop Updater Improper Initialization Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The spec
nvd
CVE-2023-27326P3HIGHCVSS 8.2fixed in 18.1.1_\(53328\)2024-05-03
CVE-2023-27326 [HIGH] CWE-22 CVE-2023-27326: Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulner Parallels Desktop Toolgate Directory Traversal Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specif
nvd
CVE-2021-27259P3HIGHCVSS 7.8v16.0.12021-04-14
CVE-2021-27259 [HIGH] CWE-190 CVE-2021-27259: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack
nvd
CVE-2023-27328P3HIGHCVSS 7.8fixed in 18.1.1_\(53328\)2024-05-03
CVE-2023-27328 [HIGH] CWE-91 CVE-2023-27328: Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerabilit Parallels Desktop Toolgate XML Injection Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw
nvd
CVE-2024-52561P3HIGHCVSS 7.8v20.1.1_\(55740\)2025-06-03
CVE-2024-52561 [HIGH] CWE-708 CVE-2024-52561: A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for M A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privil
nvd
CVE-2021-34986P3HIGHCVSS 7.8v16.5.02022-07-15
CVE-2021-34986 [HIGH] CWE-367 CVE-2021-34986: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.0 (49183). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. By creating a symbolic link, an atta
nvd
CVE-2023-50228P3HIGHCVSS 7.8fixed in 19.1.0_\(54729\)2024-05-03
CVE-2023-50228 [HIGH] CWE-347 CVE-2023-50228: Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalatio Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this
nvd
CVE-2021-31428P3HIGHCVSS 8.2v15.1.5-473092021-04-29
CVE-2021-31428 [HIGH] CWE-122 CVE-2021-31428: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lac
nvd
CVE-2021-31429P3HIGHCVSS 8.2v15.1.5-473092021-04-29
CVE-2021-31429 [HIGH] CWE-122 CVE-2021-31429: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results from the lac
nvd
CVE-2021-34987P3HIGHCVSS 8.2v16.5.12022-07-15
CVE-2021-34987 [HIGH] CWE-120 CVE-2021-34987: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.5.1 (49187). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the HDAudio virtual device. The issue results from t
nvd
CVE-2019-17148P3HIGHCVSS 7.8v14.1.32020-01-07
CVE-2019-17148 [HIGH] CWE-77 CVE-2019-17148: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Parallels Service. The i
nvd
CVE-2022-34891P3HIGHCVSS 7.8v17.1.12022-07-18
CVE-2022-34891 [HIGH] CWE-732 CVE-2022-34891: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The product sets incorrect
nvd
CVE-2021-34854P3HIGHCVSS 7.8v16.1.32021-10-25
CVE-2021-34854 [HIGH] CWE-789 CVE-2021-34854: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the la
nvd
CVE-2022-34892P3HIGHCVSS 7.8v17.1.12022-07-18
CVE-2022-34892 [HIGH] CWE-362 CVE-2022-34892: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the update machanism. The issue results from the
nvd
CVE-2023-27323P3HIGHCVSS 7.8fixed in 18.1.0_\(53311\)2024-05-03
CVE-2023-27323 [HIGH] CWE-367 CVE-2023-27323: Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This v Parallels Desktop Updater Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The sp
nvd
Parallels Desktop vulnerabilities | cvebase