CVE-2022-34902 – Parallels Access Agent Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34902
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access 6.5.4 (39316) Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. ... Era ZDI-CAN-15787 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Access Agent. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. • https://kb.parallels.com/en/129010 https://www.zerodayinitiative.com/advisories/ZDI-22-946 • CWE-427: Uncontrolled Search Path Element •
CVE-2022-34889 – Parallels Desktop ACPI Out-Of-Bounds Read Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34889
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 17.1.1 (51537). ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. ... Era ZDI-CAN-16554 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor. • https://kb.parallels.com/125013 https://www.zerodayinitiative.com/advisories/ZDI-22-940 • CWE-125: Out-of-bounds Read •
CVE-2022-34891 – Parallels Desktop Updater Incorrect Permission Assignment Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34891
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Era ZDI-CAN-16395 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://kb.parallels.com/125013 https://www.zerodayinitiative.com/advisories/ZDI-22-942 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2022-34890 – Parallels Desktop Tools Untrusted Pointer Dereference Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2022-34890
An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. ... An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. • https://kb.parallels.com/125013 https://www.zerodayinitiative.com/advisories/ZDI-22-941 • CWE-822: Untrusted Pointer Dereference •
CVE-2022-34892 – Parallels Desktop Updater Race Condition Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2022-34892
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop Parallels Desktop 17.1.1. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. ... Era ZDI-CAN-16396 This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. ... An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. • https://kb.parallels.com/125013 https://www.zerodayinitiative.com/advisories/ZDI-22-943 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •