cbcvebase.

Parallels Desktop vulnerabilities

72 known vulnerabilities affecting parallels/parallels_desktop.

Total CVEs
72
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH46MEDIUM23LOW2

Vulnerabilities

Page 3 of 4
CVE-2022-34889P3HIGHCVSS 8.2v17.1.1_\(51537\)2022-07-18
CVE-2022-34889 [HIGH] CWE-125 CVE-2022-34889: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the ACPI virtual device. The issue results from the
nvd
CVE-2020-17397P3HIGHCVSS 8.2fixed in 16.0.02020-08-25
CVE-2020-17397 [HIGH] CWE-119 CVE-2020-17397: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handling of network packets. The issue results from the
nvd
CVE-2021-27278P3HIGHCVSS 8.2v16.1.12021-04-22
CVE-2021-27278 [HIGH] CWE-22 CVE-2021-27278: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack
nvd
CVE-2020-17395P3HIGHCVSS 8.2fixed in 16.0.02020-08-25
CVE-2020-17395 [HIGH] CWE-191 CVE-2020-17395: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the prl_naptd process. The issue results from the lack of pr
nvd
CVE-2025-30074P3HIGHCVSS 7.8≥ 19.3.1, < 19.4.2≥ 20.0.0, < 20.2.22025-03-16
CVE-2025-30074 [HIGH] CWE-863 CVE-2025-30074: Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows pr Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.
nvd
CVE-2023-27327P3HIGHCVSS 7.5fixed in 18.1.1_\(53328\)2024-05-03
CVE-2023-27327 [HIGH] CWE-367 CVE-2023-27327: Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This Parallels Desktop Toolgate Time-Of-Check Time-Of-Use Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The
nvd
CVE-2021-31422P3HIGHCVSS 7.5v16.1.1-491412021-04-29
CVE-2021-31422 [HIGH] CWE-367 CVE-2021-31422: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000e virtual device. The issue results from the
nvd
CVE-2024-6154P3MEDIUMCVSS 6.7fixed in 18.1.02024-06-20
CVE-2024-6154 [MEDIUM] CWE-122 CVE-2024-6154: Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. Th
nvd
CVE-2020-17391P4MEDIUMCVSS 6.5fixed in 16.0.02020-08-25
CVE-2020-17391 [MEDIUM] CWE-749 CVE-2020-17391: This vulnerability allows local attackers to disclose information on affected installations of Paral This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handler for HOST_IOCTL_INIT_HYPERVISOR in the prl_hype
nvd
CVE-2020-17393P4MEDIUMCVSS 6.5fixed in 15.1.42020-08-25
CVE-2020-17393 [MEDIUM] CWE-20 CVE-2020-17393: This vulnerability allows local attackers to disclose information on affected installations of Paral This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of
nvd
CVE-2020-17398P4MEDIUMCVSS 6.5fixed in 16.0.02020-08-25
CVE-2020-17398 [MEDIUM] CWE-129 CVE-2020-17398: This vulnerability allows local attackers to disclose information on affected installations of Paral This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of prop
nvd
CVE-2021-31419P4MEDIUMCVSS 6.5v15.1.4-472702021-04-29
CVE-2021-31419 [MEDIUM] CWE-908 CVE-2021-31419: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results
nvd
CVE-2021-31418P4MEDIUMCVSS 6.5v15.1.4-472702021-04-29
CVE-2021-31418 [MEDIUM] CWE-908 CVE-2021-31418: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results
nvd
CVE-2021-31417P4MEDIUMCVSS 6.5v15.1.4-472702021-04-29
CVE-2021-31417 [MEDIUM] CWE-908 CVE-2021-31417: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4-47270. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results
nvd
CVE-2021-27244P4MEDIUMCVSS 6.5v16.0.12021-03-29
CVE-2021-27244 [MEDIUM] CWE-125 CVE-2021-27244: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results
nvd
CVE-2021-34855P4MEDIUMCVSS 6.5v16.1.32021-10-25
CVE-2021-34855 [MEDIUM] CWE-908 CVE-2021-34855: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue result
nvd
CVE-2020-8871P4MEDIUMCVSS 6.7fixed in 15.1.32020-03-23
CVE-2020-8871 [MEDIUM] CWE-787 CVE-2020-8871: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.0-47107 . An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from the la
nvd
CVE-2020-8874P4MEDIUMCVSS 6.7fixed in 15.1.32020-03-23
CVE-2020-8874 [MEDIUM] CWE-190 CVE-2020-8874: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of
nvd
CVE-2020-17402P4MEDIUMCVSS 6.5fixed in 16.0.02020-08-25
CVE-2020-17402 [MEDIUM] CWE-732 CVE-2020-17402: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4 (47270). An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. By examining a log fi
nvd
CVE-2020-8873P4MEDIUMCVSS 6.7fixed in 15.1.32020-03-23
CVE-2020-8873 [MEDIUM] CWE-367 CVE-2020-8873: This vulnerability allows local attackers to escalate privileges on affected installations of Parall This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of
nvd
Parallels Desktop vulnerabilities | cvebase