Vulnerabilities > Parallels > Remote Application Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-14 | CVE-2023-45894 | Unspecified vulnerability in Parallels Remote Application Server The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques. | 10.0 |
| 2022-11-23 | CVE-2022-40870 | Improper Encoding or Escaping of Output vulnerability in Parallels Remote Application Server 18.0 The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. | 8.1 |
| 2021-12-17 | CVE-2020-8968 | Unspecified vulnerability in Parallels Remote Application Server 15.5/17.0 Parallels Remote Application Server (RAS) allows a local attacker to retrieve certain profile password in clear text format by uploading a previously stored cyphered file by Parallels RAS. | 7.1 |
| 2020-12-25 | CVE-2020-35710 | Information Exposure vulnerability in Parallels Remote Application Server 18.0 Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker's client for use as a "host" value. | 5.0 |
| 2020-07-24 | CVE-2020-15860 | Unspecified vulnerability in Parallels Remote Application Server 17.1.1 Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. | 9.9 |
| 2018-02-28 | CVE-2017-9447 | Path Traversal vulnerability in Parallels Remote Application Server 15.5 In the web interface of Parallels Remote Application Server (RAS) 15.5 Build 16140, a vulnerability exists due to improper validation of the file path when requesting a resource under the "RASHTML5Gateway" directory. | 5.0 |