Vulnerabilities > Parallels
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-23 | CVE-2020-8874 | Integer Overflow or Wraparound vulnerability in Parallels Desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. | 4.6 |
| 2020-03-23 | CVE-2020-8873 | Improper Privilege Management vulnerability in Parallels Desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. | 4.6 |
| 2020-03-23 | CVE-2020-8872 | Out-of-bounds Read vulnerability in Parallels Desktop This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.1-47117. | 2.1 |
| 2020-03-23 | CVE-2020-8871 | Out-of-bounds Write vulnerability in Parallels Desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.0-47107 . | 4.6 |
| 2020-01-21 | CVE-2020-7213 | Cleartext Storage of Sensitive Information vulnerability in Parallels 13 Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. | 7.6 |
| 2020-01-07 | CVE-2019-17148 | Improper Privilege Management vulnerability in Parallels Desktop 14.1.3 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). | 7.2 |
| 2019-11-13 | CVE-2019-18793 | Cross-site Scripting vulnerability in Parallels Plesk Panel 9.5 Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/index.htm? via the "fileName" parameter. | 4.3 |
| 2018-02-28 | CVE-2017-9447 | Path Traversal vulnerability in Parallels Remote Application Server 15.5 In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. | 5.0 |
| 2013-07-18 | CVE-2013-4878 | Permissions, Privileges, and Access Controls vulnerability in Parallels products The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823. | 7.5 |
| 2013-04-18 | CVE-2013-0133 | Unspecified vulnerability in Parallels Plesk Panel 11.0.9 Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable. | 7.2 |