Parallels Desktop 20.1.1 (55740) for MacOS
Approved changes feed: RSS · Atom
cpe:2.3:a:parallels:parallels_desktop:20.1.1_\(55740\):*:*:*:*:macos:*:*
part: a version: 20.1.1_(55740) update: *
| Vendor | Parallels (f7bc486c-fad7-5571-9bc2-c91e15af2082) |
|---|---|
| Product | Parallels Desktop (6a7447f5-8626-58c9-95ec-45fa8c8c77fc) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | macos |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-54189 |
vulnerable | 2026-06-03 14:57:40.898735 |
Details available
HIGH (7.8)
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation.
Published: 2025-06-03T09:43:27.168Z
Updated: 2025-06-03T13:19:52.966Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-52561 |
vulnerable | 2026-06-03 14:57:30.615995 |
Details available
HIGH (7.8)
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation.
Published: 2025-06-03T09:43:27.726Z
Updated: 2025-06-03T13:18:56.981Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36486 |
vulnerable | 2026-06-03 14:56:04.671728 |
Details available
HIGH (7.8)
A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.
Published: 2025-06-03T09:43:26.596Z
Updated: 2025-06-03T13:22:13.518Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.