Vulnerabilities > Parallels > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-21 | CVE-2024-6240 | Improper Privilege Management vulnerability in Parallels Desktop Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. | 10.0 |
| 2023-12-14 | CVE-2023-45894 | Unspecified vulnerability in Parallels Remote Application Server The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via standard kiosk breakout techniques. | 10.0 |
| 2020-07-24 | CVE-2020-15860 | Unspecified vulnerability in Parallels Remote Application Server 17.1.1 Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. | 9.9 |
| 2011-12-16 | CVE-2011-4856 | Unspecified vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18 The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving admin/health/parameters and certain other files. | 9.3 |
| 2011-12-16 | CVE-2011-4855 | Unspecified vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18 The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving admin/customer-service-plan/list/reset-search/true/ and certain other files. | 9.3 |
| 2011-12-16 | CVE-2011-4854 | Unspecified vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18 The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not ensure that Content-Type HTTP headers match the corresponding Content-Type data in HTML META elements, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving the get_enabled_product_icon program. | 9.3 |
| 2011-12-16 | CVE-2011-4851 | Credentials Management vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18 The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 generates a password form field without disabling the autocomplete feature, which makes it easier for remote attackers to bypass authentication by leveraging an unattended workstation, as demonstrated by forms in server/google-tools/ and certain other files. | 9.3 |
| 2011-12-16 | CVE-2011-4768 | Unspecified vulnerability in Parallels Plesk Small Business Panel 10.2.0 The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving Wizard/Edit/Modules/Image and certain other files. | 10.0 |
| 2011-12-16 | CVE-2011-4762 | Unspecified vulnerability in Parallels Plesk Small Business Panel 10.2.0 Parallels Plesk Small Business Panel 10.2.0 sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving smb/app/top-categories-data/ and certain other files. | 10.0 |
| 2011-12-16 | CVE-2011-4761 | Unspecified vulnerability in Parallels Plesk Small Business Panel 10.2.0 Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type header's charset parameter for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving domains/sitebuilder_edit.php and certain other files. | 10.0 |