How severe is CVE-2021-34855?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2021-34855?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2021-34855 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13592.

Related Vulnerabilities

CVE-2018-18366

MEDIUM

CVSS:6.5(Medium)

Symantec Norton Security prior to 22.16.3, SEP (Windows client) prior to and including 12.1 RU6 MP9, and prior to 14.2 RU1, SEP SBE prior to Cloud Agent 3.00.31.2817, NIS-22.15.2.22, SEP-12.1.7484.700...

CWE-9082018

CVE-2018-20992

MEDIUM

CVSS:6.5(Medium)

An issue was discovered in the claxon crate before 0.4.1 for Rust. Uninitialized memory can be exposed because certain decode buffer sizes are mishandled.

CWE-9082018

CVE-2018-6982

MEDIUM

CVSS:6.5(Medium)

VMware ESXi 6.7 without ESXi670-201811401-BG and VMware ESXi 6.5 without ESXi650-201811301-BG contain uninitialized stack memory usage in the vmxnet3 virtual network adapter which may lead to an infor...

CWE-9082018

CVE-2019-13751

MEDIUM

CVSS:6.5(Medium)

Uninitialized data in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.

CWE-9082019

CVE-2019-2140

MEDIUM

CVSS:6.5(Medium)

In libxaac, there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed f...

CWE-9082019

CVE-2019-2166

MEDIUM

CVSS:6.5(Medium)

In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed fo...

CWE-9082019