Vulnerabilities > Parallels
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-45894 | Unspecified vulnerability in Parallels Remote Application Server The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques. | 10.0 |
| 2022-11-23 | CVE-2022-40870 | Improper Encoding or Escaping of Output vulnerability in Parallels Remote Application Server 18.0 The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. | 8.1 |
| 2022-05-16 | CVE-2022-30777 | Cross-site Scripting vulnerability in Parallels H-Sphere 3.6.2 Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter. | 6.1 |
| 2022-01-25 | CVE-2021-34867 | Uncontrolled Memory Allocation vulnerability in Parallels 16.1.349160 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. | 7.2 |
| 2022-01-25 | CVE-2021-34868 | Uncontrolled Memory Allocation vulnerability in Parallels 16.1.349160 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. | 7.2 |
| 2022-01-25 | CVE-2021-34869 | Uncontrolled Memory Allocation vulnerability in Parallels 16.1.349160 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. | 7.2 |
| 2021-12-17 | CVE-2020-8968 | Unspecified vulnerability in Parallels Remote Application Server 15.5/17.0 Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. | 7.1 |
| 2021-10-25 | CVE-2021-34854 | Uncontrolled Memory Allocation vulnerability in Parallels Desktop 16.1.3 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). | 7.2 |
| 2021-10-25 | CVE-2021-34855 | Use of Uninitialized Resource vulnerability in Parallels Desktop 16.1.3 This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). | 2.1 |
| 2021-10-25 | CVE-2021-34856 | Out-of-bounds Write vulnerability in Parallels Desktop 16.1.3 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). | 8.8 |