How severe is CVE-2021-31423?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6 out of 10.

What type of vulnerability is CVE-2021-31423?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2021-31423

MEDIUM Year: 2021

CVSS v3 Score

6.0

Medium

CVSS v2 Score

2.1

Low

Weakness Type

CWE-908

View all →

Vulnerability Description

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 15.1.5-47309. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-12528.

CVE-2020-14703

MEDIUM

CVSS:6.0(Medium)

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily expl...

CWE-9082020

CVE-2020-14704

MEDIUM

CVSS:6.0(Medium)

CWE-9082020

CVE-2019-18603

MEDIUM

CVSS:5.9(Medium)

OpenAFS before 1.6.24 and 1.8.x before 1.8.5 is prone to information leakage upon certain error conditions because uninitialized RPC output variables are sent over the network to a peer.

CWE-9082019

CVE-2020-35494

MEDIUM

CVSS:6.1(Medium)

There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to ...

CWE-9082020

CVE-2021-43848

MEDIUM

CVSS:5.9(Medium)

h2o is an open source http server. In code prior to the `8c0eca3` commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain order, HTTP/3 server-side implementation ...

CWE-9082021

CVE-2024-57874

MEDIUM

CVSS:6.1(Medium)

In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn't initialize the temporary '...

CWE-9082024

CVE-2021-31423

Vulnerability Description

Related Vulnerabilities

CVE-2020-14703

CVE-2020-14704

CVE-2019-18603

CVE-2020-35494

CVE-2021-43848

CVE-2024-57874