Parallels Desktop For Mac
Approved changes feed: RSS · Atom
cpe:2.3:a:parallels:parallels_desktop_for_mac:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Parallels (f7bc486c-fad7-5571-9bc2-c91e15af2082) |
|---|---|
| Product | Parallels Desktop For Mac (6ec12719-c1b3-583e-8ea2-b6027241ec33) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-31359 |
vulnerable | 2026-06-03 15:00:30.504613 |
Details available
HIGH (8.8)
A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.
Published: 2025-06-03T09:43:25.931Z
Updated: 2025-06-03T13:27:26.786Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-54189 |
vulnerable | 2026-06-03 14:57:40.898003 |
Details available
HIGH (7.8)
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation.
Published: 2025-06-03T09:43:27.168Z
Updated: 2025-06-03T13:19:52.966Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-52561 |
vulnerable | 2026-06-03 14:57:30.614746 |
Details available
HIGH (7.8)
A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation.
Published: 2025-06-03T09:43:27.726Z
Updated: 2025-06-03T13:18:56.981Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-36486 |
vulnerable | 2026-06-03 14:56:04.670840 |
Details available
HIGH (7.8)
A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation.
Published: 2025-06-03T09:43:26.596Z
Updated: 2025-06-03T13:22:13.518Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.