Parallels Luki w zabezpieczeniach

Oś czasu

Rodzaj

Hosting Control Software	65
Not Defined	58
Application Server Software	5
Virtualization Software	1

Produkt

Parallels Desktop	44
Parallels Plesk Panel	39
Parallels Plesk Small Business Panel	16
Parallels Plesk	10
Parallels Remote Application Server	5

Przeciwdziałanie

Official Fix	23
Temporary Fix	0
Workaround	0
Unavailable	50
Not Defined	56

Wykorzystywanie

High	14
Functional	0
Proof-of-Concept	7
Unproven	38
Not Defined	70

Wektor dostępu

Not Defined	0
Physical	0
Local	39
Adjacent	4
Network	86

Uwierzytelnianie

Not Defined	0
High	11
Low	47
None	71

Interakcja z użytkownikiem

Not Defined	0
Required	15
None	114

C3BM Index

CVSSv3 Base

≤1	0
≤2	0
≤3	4
≤4	5
≤5	12
≤6	37
≤7	15
≤8	26
≤9	11
≤10	19

CVSSv3 Temp

≤1	0
≤2	0
≤3	4
≤4	6
≤5	32
≤6	20
≤7	12
≤8	25
≤9	28
≤10	2

VulDB

≤1	0
≤2	0
≤3	4
≤4	7
≤5	12
≤6	39
≤7	15
≤8	26
≤9	7
≤10	19

NVD

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	3
≤8	9
≤9	8
≤10	1

CNA

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	1
≤8	12
≤9	2
≤10	0

Sprzedawca

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Research

≤1	0
≤2	0
≤3	0
≤4	0
≤5	0
≤6	0
≤7	0
≤8	0
≤9	0
≤10	0

Exploit 0-day

<1k	17
<2k	36
<5k	75
<10k	0
<25k	0
<50k	1
<100k	0
≥100k	0

Wykorzystaj dzisiaj

<1k	120
<2k	6
<5k	3
<10k	0
<25k	0
<50k	0
<100k	0
≥100k	0

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

Affected Products (13): Access (3), Access Agent (1), Confixx (1), Desktop (44), H-Sphere (3), Parallels Desktop (4), Plesk (10), Plesk Panel (39), Plesk Small Business Panel (16), RAS (1), Remote Application Server (5), Virtuozzo (1), Virtuozzo Containers (1)

Link to Vendor Website: https://www.parallels.com/

Opublikowano	Base	Temp	Słaby punkt	Prod	Wyk	Prz	EPSS	CTI	CVE
2023-12-19	7.8	7.5	Parallels Desktop weak authentication	Nieznany	Not Defined	Official Fix	0.00000	0.00	CVE-2023-50228
2023-12-19	7.8	7.5	Parallels Desktop privilege escalation	Nieznany	Not Defined	Official Fix	0.00000	0.05	CVE-2023-50226
2023-12-19	7.5	7.2	Parallels Desktop virtio-gpu Virtual Device memory corruption	Nieznany	Not Defined	Official Fix	0.00000	0.04	CVE-2023-50227
2023-12-15	5.5	5.3	Parallels RAS Remote Application Server privilege escalation	Nieznany	Not Defined	Official Fix	0.00210	0.00	CVE-2023-45894
2023-03-30	5.3	5.1	Parallels Desktop Toolgate race condition	Nieznany	Not Defined	Official Fix	0.00000	0.00	CVE-2023-27327
2023-03-30	5.3	5.1	Parallels Desktop Service Local Privilege Escalation	Nieznany	Not Defined	Official Fix	0.00000	0.00	CVE-2023-27322
2023-03-30	5.3	5.1	Parallels Desktop Updater race condition	Nieznany	Not Defined	Official Fix	0.00000	0.06	CVE-2023-27323
2023-03-30	5.5	5.3	Parallels Desktop Updater Privilege Escalation	Nieznany	Not Defined	Official Fix	0.00000	0.00	CVE-2023-27324
2023-03-30	5.5	5.3	Parallels Desktop Updater Privilege Escalation	Nieznany	Not Defined	Official Fix	0.00000	0.00	CVE-2023-27325
2023-03-30	5.3	5.1	Parallels Desktop Toolgate privilege escalation	Nieznany	Not Defined	Official Fix	0.00000	0.00	CVE-2023-27328
2023-03-30	6.7	6.4	Parallels Desktop Toolgate directory traversal	Nieznany	Not Defined	Official Fix	0.00000	0.00	CVE-2023-27326
2022-11-23	7.2	7.1	Parallels Remote Application Server Web Client privilege escalation	Application Server Software	Not Defined	Not Defined	0.00324	0.02	CVE-2022-40870
2022-07-19	8.1	8.1	Parallels Access Desktop Control Agent service privilege escalation	Nieznany	Not Defined	Not Defined	0.00045	0.02	CVE-2022-34902
2022-07-19	7.9	7.9	Parallels Desktop ACPI Virtual Device information disclosure	Nieznany	Not Defined	Not Defined	0.00045	0.00	CVE-2022-34889
2022-07-19	8.1	8.1	Parallels Access privilege escalation	Nieznany	Not Defined	Not Defined	0.00045	0.00	CVE-2022-34901
2022-07-19	7.4	7.4	Parallels Access Symbolic Links race condition	Nieznany	Not Defined	Not Defined	0.00045	0.00	CVE-2022-34899
2022-07-19	8.1	8.1	Parallels Desktop privilege escalation	Nieznany	Not Defined	Not Defined	0.00045	0.00	CVE-2022-34891
2022-07-19	8.1	8.1	Parallels Desktop race condition	Nieznany	Not Defined	Not Defined	0.00045	0.00	CVE-2022-34892
2022-07-19	7.5	7.4	Parallels Desktop Tools memory corruption	Nieznany	Not Defined	Official Fix	0.00045	0.00	CVE-2022-34890
2022-07-19	8.1	8.1	Parallels Access Agent Dispatcher Service privilege escalation	Nieznany	Not Defined	Not Defined	0.00045	0.03	CVE-2022-34900
2022-07-16	7.9	7.9	Parallels Desktop HDAudio Virtual Device memory corruption	Nieznany	Not Defined	Not Defined	0.00045	0.00	CVE-2021-34987
2022-07-16	7.0	7.0	Parallels Desktop Symbolic Links race condition	Nieznany	Not Defined	Not Defined	0.00045	0.00	CVE-2021-34986
2022-05-17	3.5	3.5	Parallels H-Sphere index_en.php cross site scripting	Nieznany	Not Defined	Not Defined	0.00087	0.00	CVE-2022-30777
2022-01-25	7.6	7.6	Parallels Desktop denial of service	Nieznany	Not Defined	Not Defined	0.00045	0.00	CVE-2021-34869
2022-01-25	7.6	7.6	Parallels Desktop Toolgate denial of service	Nieznany	Not Defined	Not Defined	0.00045	0.00	CVE-2021-34868

Parallels Luki w zabezpieczeniach

Oś czasu

Rodzaj

Produkt

Przeciwdziałanie

Wykorzystywanie

Wektor dostępu

Uwierzytelnianie

Interakcja z użytkownikiem

C3BM Index

CVSSv3 Base

CVSSv3 Temp

VulDB

NVD

CNA

Sprzedawca

Research

Exploit 0-day

Wykorzystaj dzisiaj

Wykorzystaj wielkość rynku

🔴 CTI Zajęcia

🔒 Login Required

Do you know our Splunk app?