Vulnerabilities > Parallels

DATE CVE VULNERABILITY TITLE RISK
2022-05-16 CVE-2022-30777 Cross-site Scripting vulnerability in Parallels H-Sphere 3.6.2
Parallels H-Sphere 3.6.1713 allows XSS via the index_en.php from parameter.
network
parallels CWE-79
4.3
2022-01-25 CVE-2021-34867 Uncontrolled Memory Allocation vulnerability in Parallels 16.1.349160
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160.
local
low complexity
parallels CWE-789
7.2
2022-01-25 CVE-2021-34868 Uncontrolled Memory Allocation vulnerability in Parallels 16.1.349160
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160.
local
low complexity
parallels CWE-789
7.2
2022-01-25 CVE-2021-34869 Uncontrolled Memory Allocation vulnerability in Parallels 16.1.349160
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160.
local
low complexity
parallels CWE-789
7.2
2021-12-17 CVE-2020-8968 Insufficiently Protected Credentials vulnerability in Parallels Remote Application Server 15.5/17.0
Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS.
local
low complexity
parallels CWE-522
2.1
2021-10-25 CVE-2021-34854 Uncontrolled Memory Allocation vulnerability in Parallels Desktop 16.1.3
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160).
local
low complexity
parallels CWE-789
7.2
2021-10-25 CVE-2021-34855 Use of Uninitialized Resource vulnerability in Parallels Desktop 16.1.3
This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160).
local
low complexity
parallels CWE-908
2.1
2021-10-25 CVE-2021-34856 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Parallels Desktop 16.1.3
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160).
local
low complexity
parallels CWE-119
4.6
2021-10-25 CVE-2021-34857 Out-of-bounds Write vulnerability in Parallels Desktop 16.1.3
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160).
local
low complexity
parallels CWE-787
4.6
2021-10-25 CVE-2021-34864 Improper Access Control vulnerability in Parallels Desktop 16.1.3
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160).
local
low complexity
parallels CWE-284
4.6