cbcvebase.

Parallels Desktop vulnerabilities

72 known vulnerabilities affecting parallels/parallels_desktop.

Total CVEs
72
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH46MEDIUM23LOW2

Vulnerabilities

Page 4 of 4
CVE-2021-31421P4MEDIUMCVSS 6.0v16.1.1-491412021-04-29
CVE-2021-31421 [MEDIUM] CWE-22 CVE-2021-31421: This vulnerability allows local attackers to delete arbitrary files on affected installations of Par This vulnerability allows local attackers to delete arbitrary files on affected installations of Parallels Desktop 16.1.1-49141. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the
nvd
CVE-2021-31427P4MEDIUMCVSS 5.6v15.1.5-473092021-04-29
CVE-2021-31427 [MEDIUM] CWE-367 CVE-2021-31427: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Open Tools Gate component. The issue r
nvd
CVE-2020-8876P4MEDIUMCVSS 5.5fixed in 15.1.32020-03-23
CVE-2020-8876 [MEDIUM] CWE-129 CVE-2020-8876: This vulnerability allows local attackers to disclose information on affected installations of Paral This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the IOCTL handler. The issue results from the lack of proper
nvd
CVE-2021-31423P4MEDIUMCVSS 6.0v15.1.5-473092021-04-29
CVE-2021-31423 [MEDIUM] CWE-908 CVE-2021-31423: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results
nvd
CVE-2021-31431P4MEDIUMCVSS 6.0v15.1.5-473092021-04-29
CVE-2021-31431 [MEDIUM] CWE-125 CVE-2021-31431: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results
nvd
CVE-2021-31432P4MEDIUMCVSS 6.0v15.1.5-473092021-04-29
CVE-2021-31432 [MEDIUM] CWE-125 CVE-2021-31432: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results
nvd
CVE-2021-31430P4MEDIUMCVSS 6.0v15.1.5-473092021-04-29
CVE-2021-31430 [MEDIUM] CWE-125 CVE-2021-31430: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the IDE virtual device. The issue results
nvd
CVE-2020-17401P4MEDIUMCVSS 6.0fixed in 16.0.02020-08-25
CVE-2020-17401 [MEDIUM] CWE-129 CVE-2020-17401: This vulnerability allows local attackers to disclose sensitive informations on affected installatio This vulnerability allows local attackers to disclose sensitive informations on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the VGA virtual device. The issue results from
nvd
CVE-2020-17394P4MEDIUMCVSS 6.0fixed in 16.0.02020-08-25
CVE-2020-17394 [MEDIUM] CWE-129 CVE-2020-17394: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the OEMNet component. The issue results from th
nvd
CVE-2020-8872P4MEDIUMCVSS 4.4fixed in 15.1.32020-03-23
CVE-2020-8872 [MEDIUM] CWE-125 CVE-2020-8872: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.1-47117. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from
nvd
CVE-2021-27260P4LOWCVSS 3.2v16.0.12021-04-14
CVE-2021-27260 [LOW] CWE-125 CVE-2021-27260: This vulnerability allows local attackers to disclose sensitive information on affected installation This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results fr
nvd
CVE-2006-5817P4LOWCVSS 2.1vbuild_19402006-11-08
CVE-2006-5817 [LOW] CVE-2006-5817: prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permissions (0666) for /Library/Para prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permissions (0666) for /Library/Parallels/.dhcpd_configuration, which allows local users to modify DHCP configuration.
nvd
Parallels Desktop vulnerabilities | cvebase