CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52561
https://notcve.org/view.php?id=CVE-2024-52561
03 Jun 2025 — A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is deleted, a root service verifies and modifies the ownership of the snapshot files. By using a symlink, an attacker can change the ownership of files owned by root to a lower-privilege user, potentially leading to privilege escalation. Existe una vulnerabilidad de escalada de privilegios en la función de instantáneas de Parallels Desktop ... • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2123 • CWE-708: Incorrect Ownership Assignment •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-54189
https://notcve.org/view.php?id=CVE-2024-54189
03 Jun 2025 — A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation. Existe una vulnerabilidad de escalada de privilegios en la función de instantáneas de Parallels Desktop para Mac versión 20.1.1 (compilación 55740). Al tomar una ins... • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2124 • CWE-62: UNIX Hard Link •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36486
https://notcve.org/view.php?id=CVE-2024-36486
03 Jun 2025 — A privilege escalation vulnerability exists in the virtual machine archive restoration functionality of Parallels Desktop for Mac version 20.1.1 (55740). When an archived virtual machine is restored, the prl_vmarchiver tool decompresses the file and writes the content back to its original location using root privileges. An attacker can exploit this process by using a hard link to write to an arbitrary file, potentially resulting in privilege escalation. Existe una vulnerabilidad de escalada de privilegios e... • https://talosintelligence.com/vulnerability_reports/TALOS-2024-2126 • CWE-62: UNIX Hard Link •