Skip to main content

Remote Application Server

5 CVEs product

Monthly

CVE-2025-0413 HIGH This Week

Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Remote Application Server Parallels
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2023-45894 CRITICAL Act Now

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Remote Application Server
NVD GitHub
CVSS 3.1
10.0
EPSS
1.2%
CVE-2022-40870 HIGH POC This Week

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Remote Application Server
NVD GitHub
CVSS 3.1
8.1
EPSS
1.0%
CVE-2020-35710 MEDIUM POC This Month

Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Remote Application Server
NVD
CVSS 3.1
5.3
EPSS
1.7%
CVE-2020-15860 CRITICAL POC Act Now

Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Remote Application Server
NVD
CVSS 3.1
9.9
EPSS
4.0%
EPSS 0% CVSS 7.8
HIGH This Week

Parallels Desktop Technical Data Reporter Link Following Local Privilege Escalation Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Privilege Escalation Remote Application Server +1
NVD
EPSS 1% CVSS 10.0
CRITICAL Act Now

The Remote Application Server in Parallels RAS before 19.2.23975 does not segment virtualized applications from the server, which allows a remote attacker to achieve remote code execution via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Remote Application Server
NVD GitHub
EPSS 1% CVSS 8.1
HIGH POC This Week

The Web Client of Parallels Remote Application Server v18.0 is vulnerable to Host Header Injection attacks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Code Injection Remote Application Server
NVD GitHub
EPSS 2% CVSS 5.3
MEDIUM POC This Month

Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Remote Application Server
NVD
EPSS 4% CVSS 9.9
CRITICAL POC Act Now

Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic Error causing remote code execution. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Remote Application Server
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy