CVE-2021-34868

HIGH Year: 2021
CVSS v3 Score
7.8
High
CVSS v2 Score
7.2
High
Weakness Type
CWE-789
View all →

Vulnerability Description

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in an uncontrolled memory allocation. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13712.

Related Vulnerabilities

CVE-2021-34854

HIGH
CVSS:7.8(High)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code...

CWE-7892021

CVE-2021-34869

HIGH
CVSS:7.8(High)

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 16.1.3-49160. An attacker must first obtain the ability to execute low-privileged code o...

CWE-7892021

CVE-2017-20016

HIGH
CVSS:7.5(High)

A vulnerability has been found in WEKA INTEREST Security Scanner up to 1.8 and classified as problematic. This vulnerability affects unknown code of the component Portscan. The manipulation with an un...

CWE-7892017

CVE-2017-7651

HIGH
CVSS:7.5(High)

In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server simply by filling the RAM memory with a lot of connections with large payload. This can be done without authentications if occur i...

CWE-7892017

CVE-2017-7652

HIGH
CVSS:7.5(High)

In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running with a configuration file, then sending a HUP signal to server triggers the configuration to be reloaded from disk. If there are lot...

CWE-7892017

CVE-2020-3596

HIGH
CVSS:7.5(High)

A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a d...

CWE-7892020