Parallels
By the Year
In 2024 there have been 0 vulnerabilities in Parallels . Parallels did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 3 | 8.60 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.50 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Parallels vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Parallels Security Vulnerabilities
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160
CVE-2021-34868
8.8 - High
- January 25, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13712.
Stack Exhaustion
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160
CVE-2021-34867
8.2 - High
- January 25, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13672.
Stack Exhaustion
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160
CVE-2021-34869
8.8 - High
- January 25, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13797.
Stack Exhaustion
Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks
CVE-2020-7213
7.5 - High
- January 21, 2020
Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. Users of out-of-date versions are presented with a pop-up window for a parallels_updates.xml file on the http://update.parallels.com web site.
Cleartext Storage of Sensitive Information
