Vulnerabilities > Parallels > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-29 | CVE-2021-31425 | Integer Overflow or Wraparound vulnerability in Parallels Desktop 16.1.249151 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.2-49151. | 7.2 |
| 2020-03-23 | CVE-2020-8875 | Out-of-bounds Write vulnerability in Parallels Desktop This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. | 7.2 |
| 2020-01-21 | CVE-2020-7213 | Cleartext Storage of Sensitive Information vulnerability in Parallels 13 Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. | 7.6 |
| 2020-01-07 | CVE-2019-17148 | Improper Privilege Management vulnerability in Parallels Desktop 14.1.3 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop version 14.1.3 (45485). | 7.2 |
| 2013-07-18 | CVE-2013-4878 | Permissions, Privileges, and Access Controls vulnerability in Parallels products The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823. | 7.5 |
| 2013-04-18 | CVE-2013-0133 | Unspecified vulnerability in Parallels Plesk Panel 11.0.9 Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable. | 7.2 |
| 2012-03-12 | CVE-2012-1557 | SQL Injection vulnerability in Parallels Plesk Panel SQL injection vulnerability in admin/plib/api-rpc/Agent.php in Parallels Plesk Panel 7.x and 8.x before 8.6 MU#2, 9.x before 9.5 MU#11, 10.0.x before MU#13, 10.1.x before MU#22, 10.2.x before MU#16, and 10.3.x before MU#5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in March 2012. | 7.5 |
| 2011-12-16 | CVE-2011-4847 | SQL Injection vulnerability in Parallels Plesk Panel 10.4.4Build20111103.18 SQL injection vulnerability in the Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 allows remote attackers to execute arbitrary SQL commands via a certificateslist cookie to notification@/. | 7.5 |
| 2011-12-16 | CVE-2011-4763 | SQL Injection vulnerability in Parallels Plesk Small Business Panel 10.2.0 Multiple SQL injection vulnerabilities in the Site Editor (aka SiteBuilder) feature in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by Wizard/Edit/Html and certain other files. | 7.5 |
| 2011-12-16 | CVE-2011-4753 | SQL Injection vulnerability in Parallels Plesk Small Business Panel 10.2.0 Multiple SQL injection vulnerabilities in Parallels Plesk Small Business Panel 10.2.0 allow remote attackers to execute arbitrary SQL commands via crafted input to a PHP script, as demonstrated by domains/sitebuilder_edit.php and certain other files. | 7.5 |