{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T18:30:55.755","vulnerabilities":[{"cve":{"id":"CVE-2021-27260","sourceIdentifier":"zdi-disclosures@trendmicro.com","published":"2021-04-14T16:15:14.047","lastModified":"2024-11-21T05:57:42.713","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.0.1-48919. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12068."},{"lang":"es","value":"Esta vulnerabilidad permite a atacantes locales divulgar información confidencial sobre las instalaciones afectadas de Parallels Desktop versión 16.0.1-48919. Un atacante primero debe obtener la capacidad de ejecutar código muy privilegiado en el sistema invitado de destino para explotar esta vulnerabilidad. El fallo específico se presenta dentro del componente Toolgate. El problema es debido a una falta de comprobación apropiada de los datos suministrados por el usuario, lo que puede resultar en una lectura más allá del final de un búfer asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para escalar privilegios y ejecutar código arbitrario en el contexto del hypervisor. Era ZDI-CAN-12068"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N","baseScore":3.2,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":1.4}],"cvssMetricV30":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N","baseScore":3.2,"baseSeverity":"LOW","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.5,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:N/A:N","baseScore":2.1,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"zdi-disclosures@trendmicro.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:parallels:parallels_desktop:16.0.1:*:*:*:*:macos:*:*","matchCriteriaId":"249D33E0-876B-4964-8CAE-E987F7DCB6C1"}]}]}],"references":[{"url":"https://kb.parallels.com/en/125013","source":"zdi-disclosures@trendmicro.com","tags":["Release Notes","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-213/","source":"zdi-disclosures@trendmicro.com","tags":["Third Party Advisory","VDB Entry"]},{"url":"https://kb.parallels.com/en/125013","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Vendor Advisory"]},{"url":"https://www.zerodayinitiative.com/advisories/ZDI-21-213/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","VDB Entry"]}]}}]}