Vulnerabilities > Parallels
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-21 | CVE-2024-6240 | Improper Privilege Management vulnerability in Parallels Desktop Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. | 10.0 |
| 2024-06-20 | CVE-2024-6153 | Unspecified vulnerability in Parallels Desktop Parallels Desktop Updater Protection Mechanism Failure Software Downgrade Vulnerability. | 7.8 |
| 2024-06-20 | CVE-2024-6154 | Out-of-bounds Write vulnerability in Parallels Desktop Parallels Desktop Toolgate Heap-based Buffer Overflow Local Privilege Escalation Vulnerability. | 6.7 |
| 2023-12-14 | CVE-2023-45894 | Unspecified vulnerability in Parallels Remote Application Server The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques. | 10.0 |
| 2022-11-23 | CVE-2022-40870 | Improper Encoding or Escaping of Output vulnerability in Parallels Remote Application Server 18.0 The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. | 8.1 |
| 2022-05-16 | CVE-2022-30777 | Cross-site Scripting vulnerability in Parallels H-Sphere 3.6.2 Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. | 6.1 |
| 2022-01-25 | CVE-2021-34867 | Uncontrolled Memory Allocation vulnerability in Parallels 16.1.349160 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. | 7.2 |
| 2022-01-25 | CVE-2021-34868 | Uncontrolled Memory Allocation vulnerability in Parallels 16.1.349160 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. | 7.2 |
| 2022-01-25 | CVE-2021-34869 | Uncontrolled Memory Allocation vulnerability in Parallels 16.1.349160 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. | 7.2 |
| 2021-12-17 | CVE-2020-8968 | Unspecified vulnerability in Parallels Remote Application Server 15.5/17.0 Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. | 7.1 |