CVSS: 8.3EPSS: 2%CPEs: 1EXPL: 0CVE-2023-50227 – Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-50227
19 Dec 2023 — Parallels Desktop virtio-gpu Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Parallels Desktop. User interaction is required to exploit this vulnerability in that the target in a guest system must visit a malicious page or open a malicious file. The specific flaw exists within the virtio-gpu virtual device. The issue results from the lack of proper validation of user-supplied data, which can result in ... • https://kb.parallels.com/en/125013 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50228 – Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2023-50228
19 Dec 2023 — Parallels Desktop Updater Improper Verification of Cryptographic Signature Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop. An attacker must first obtain the ability to execute low-privileged code on the target host system in order to exploit this vulnerability. The specific flaw exists within the Updater service. The issue results from the lack of proper verification of a cryptographic signature. • https://kb.parallels.com/en/125013 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24038
https://notcve.org/view.php?id=CVE-2021-24038
18 Aug 2021 — Due to a bug with management of handles in OVRServiceLauncher.exe, an attacker could expose a privileged process handle to an unprivileged process, leading to local privilege escalation. This issue affects Oculus Desktop versions after 1.39 and prior to 31.1.0.67.507. Debido a un bug en la administración de los manejadores en el archivo OVRServiceLauncher.exe, un atacante podría exponer un manejador de proceso privilegiado a un proceso no privilegiado, conllevando a una escalada de privilegios local. Este p... • https://www.facebook.com/security/advisories/cve-2021-24038 • CWE-269: Improper Privilege Management •