Vulnerabilites related to apple - apple_remote_desktop
Vulnerability from fkie_nvd
Published
2006-09-19 21:07
Modified
2025-04-03 01:03
Severity ?
Summary
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | apple_remote_desktop | 2.0.0 | |
| apple | apple_remote_desktop | 2.1.0 | |
| apple | apple_remote_desktop | 3.0.0 | |
| apple | mac_os_x | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC05949B-1245-428D-AE4D-424AC2DE816C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41469972-986E-4AB0-BF44-F81FD786C4CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E315CDB-EABA-4632-A4E2-F207695D9139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61DAEA2E-5E72-4997-8C8F-5C354B29A488",
"versionEndIncluding": "10.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it."
},
{
"lang": "es",
"value": "Apple Remote Desktop (ARD) para Mac OS X 10.2.8 y posteriores no quita privilegios en la m\u00e1quina remota al instalar ciertas aplicaciones, lo cual permite a usuarios locales evitar la autenticaci\u00f3n y obtener privilegios seleccionando el icono durante la instalaci\u00f3n.\r\nNOTA: Se podr\u00eda discutir que esta vulnerabilidad no se produce en el mismo Remote Desktop, si no en aplicaciones que son instaladas cuando se est\u00e1 usando."
}
],
"id": "CVE-2006-4887",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-19T21:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/32260"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20092"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/32260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-24 03:48
Modified
2025-04-11 00:51
Severity ?
Summary
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | apple_remote_desktop | * | |
| apple | apple_remote_desktop | 3.0.0 | |
| apple | apple_remote_desktop | 3.1 | |
| apple | apple_remote_desktop | 3.2 | |
| apple | apple_remote_desktop | 3.2.1 | |
| apple | apple_remote_desktop | 3.2.2 | |
| apple | apple_remote_desktop | 3.3 | |
| apple | apple_remote_desktop | 3.3.1 | |
| apple | apple_remote_desktop | 3.3.2 | |
| apple | apple_remote_desktop | 3.4 | |
| apple | apple_remote_desktop | 3.5 | |
| apple | apple_remote_desktop | 3.5.1 | |
| apple | apple_remote_desktop | 3.5.2 | |
| apple | apple_remote_desktop | 3.5.3 | |
| apple | apple_remote_desktop | 3.5.4 | |
| apple | apple_remote_desktop | 3.6 | |
| apple | apple_remote_desktop | 3.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "224FFDC7-9377-472D-880C-CC52D73F696B",
"versionEndIncluding": "3.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E315CDB-EABA-4632-A4E2-F207695D9139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6214BD-6D4B-4F32-B35A-D638723C240A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3EF0960-C1A7-4770-80AD-4324925F8966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69A47AAB-EC72-474E-A184-1E487D10B747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5509B564-A235-44B9-B0AB-A72AFF5D2837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52113D2A-3C14-4299-B4E9-0731630FC5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "043E86FA-CFD5-4845-BF5E-F42B81EE9C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA5FDCD-BF01-4BF3-8F4C-4E9829C2BD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72309021-65E6-43C0-993D-81F6FA0D16C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "00BA9937-8F14-4AED-B9DA-ABFA6837CCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B3B607B-3B0B-44CA-809E-CBC4A656D4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16C73945-1E37-4CFD-BA7D-0F43D339BC0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6C8B83-191B-481B-8B4A-E698160CF4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D005E8A-3475-4240-ADEB-077FF1F86765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0CA0D-152A-4C6F-87BF-028F09DF6EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B603229-6EE5-4217-9A3B-06130276A861",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session."
},
{
"lang": "es",
"value": "Apple Remote Desktop anteriores a 3.7 no utilizan apropiadamente la informaci\u00f3n de tipo de autenticaci\u00f3n de servidor durante decisiones sobre si presentar un mensaje de conexi\u00f3n no cifrada, lo cual permite a atacantes remotos obtener informaci\u00f3n sensible en circunstancias espec\u00edficas mediante la captura de tr\u00e1fico de red durante una sesi\u00f3n VNC no cifrada de manera no intencionada."
}
],
"id": "CVE-2013-5136",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-24T03:48:48.893",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-11-14 03:59
Modified
2025-04-12 10:46
Severity ?
Summary
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| apple | apple_remote_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE2D98EB-2249-45AC-B9E7-2CD57A845BF4",
"versionEndIncluding": "10.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "224FFDC7-9377-472D-880C-CC52D73F696B",
"versionEndIncluding": "3.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box."
},
{
"lang": "es",
"value": "La funcionalidad Remote Desktop full-screen en Apple OS X en versiones anteriores a 10.9 y Apple Remote Desktop en versiones anteriores a 3.7 env\u00eda el texto de cuadro de di\u00e1logo a un host remoto conectado tras ser despertado de suspensi\u00f3n, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos eludir las restricciones destinadas al acceso mediante la entrada de un comando en esta casilla."
}
],
"id": "CVE-2013-5229",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-14T03:59:00.127",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"source": "product-security@apple.com",
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1034187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034187"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-02-09 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | apple_remote_desktop | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC05949B-1245-428D-AE4D-424AC2DE816C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching."
}
],
"id": "CVE-2004-0962",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-24 03:48
Modified
2025-04-11 00:51
Severity ?
Summary
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | apple_remote_desktop | * | |
| apple | apple_remote_desktop | 3.0.0 | |
| apple | apple_remote_desktop | 3.1 | |
| apple | apple_remote_desktop | 3.2 | |
| apple | apple_remote_desktop | 3.2.1 | |
| apple | apple_remote_desktop | 3.2.2 | |
| apple | apple_remote_desktop | 3.3 | |
| apple | apple_remote_desktop | 3.3.1 | |
| apple | apple_remote_desktop | 3.3.2 | |
| apple | apple_remote_desktop | 3.4 | |
| apple | apple_remote_desktop | 3.5 | |
| apple | apple_remote_desktop | 3.5.1 | |
| apple | apple_remote_desktop | 3.5.2 | |
| apple | mac_os_x | * | |
| apple | mac_os_x | 10.8.0 | |
| apple | mac_os_x | 10.8.1 | |
| apple | mac_os_x | 10.8.2 | |
| apple | mac_os_x | 10.8.3 | |
| apple | mac_os_x | 10.8.4 | |
| apple | mac_os_x | 10.8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6068E6-47A3-44C0-AAE7-25952E9B18CD",
"versionEndIncluding": "3.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E315CDB-EABA-4632-A4E2-F207695D9139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6214BD-6D4B-4F32-B35A-D638723C240A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3EF0960-C1A7-4770-80AD-4324925F8966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69A47AAB-EC72-474E-A184-1E487D10B747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5509B564-A235-44B9-B0AB-A72AFF5D2837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52113D2A-3C14-4299-B4E9-0731630FC5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "043E86FA-CFD5-4845-BF5E-F42B81EE9C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA5FDCD-BF01-4BF3-8F4C-4E9829C2BD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72309021-65E6-43C0-993D-81F6FA0D16C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "00BA9937-8F14-4AED-B9DA-ABFA6837CCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B3B607B-3B0B-44CA-809E-CBC4A656D4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16C73945-1E37-4CFD-BA7D-0F43D339BC0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:supplemental_update:*:*:*:*:*:*",
"matchCriteriaId": "BA9ABDE2-A7F3-4D0B-9BBB-57F27AE14B1D",
"versionEndIncluding": "10.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2082D62-3821-4DBA-8690-67489F44C38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0DB1BC-DC16-423E-B0C7-8E9C996A50B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E59315BA-B9F1-46A5-86E7-8BE2ED97BA4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55841123-F78F-42E0-8D40-C688C4B4D29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "252640D3-5CB8-4C3D-9E8B-ED452293C805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D30B4B-DA63-40B0-B0C9-F3992CF25706",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username."
},
{
"lang": "es",
"value": "Vulnerabilidad de format string en Screen Sharing Server de Apple Mac OS X anterior a 10.9 y Apple Remote Desktop anterior a 3.5.4 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s especificadores de formato de cadena en el nombre de usuario VNC."
}
],
"id": "CVE-2013-5135",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-24T03:48:48.877",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-08-22 10:42
Modified
2025-04-11 00:51
Severity ?
Summary
Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | apple_remote_desktop | 3.5.2 | |
| apple | apple_remote_desktop | 3.5.3 | |
| apple | apple_remote_desktop | 3.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16C73945-1E37-4CFD-BA7D-0F43D339BC0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6C8B83-191B-481B-8B4A-E698160CF4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98DB96B3-0B78-4C63-8343-5A6509D75F36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop before 3.6.1 does not recognize the \"Encrypt all network data\" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network."
},
{
"lang": "es",
"value": "Apple Remote Desktop antes de v3.6.1 no reconoce la opci\u00f3n \"Cifrar todos los datos de red\" durante las conexiones a servidores VNC de terceros, lo que permite a atacantes remotos obtener contenido en claro de la sesi\u00f3n VNC espiando el tr\u00e1fico de red.\r\n"
}
],
"id": "CVE-2012-0681",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-22T10:42:04.507",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT5433"
},
{
"source": "product-security@apple.com",
"url": "http://www.securityfocus.com/bid/55100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT5433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55100"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-5229 (GCVE-0-2013-5229)
Vulnerability from cvelistv5
Published
2015-11-14 02:00
Modified
2024-08-06 17:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2015-000177",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"name": "1034187",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034187"
},
{
"name": "JVN#56210048",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "JVNDB-2015-000177",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"name": "1034187",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034187"
},
{
"name": "JVN#56210048",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-5229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2015-000177",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"name": "http://jvn.jp/en/jp/JVN56210048/741993/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"name": "1034187",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034187"
},
{
"name": "JVN#56210048",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2013-5229",
"datePublished": "2015-11-14T02:00:00",
"dateReserved": "2013-08-15T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0962 (GCVE-0-2004-0962)
Vulnerability from cvelistv5
Published
2004-10-28 04:00
Modified
2024-09-17 03:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:48.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2004-10-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-10-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2004-10-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2004-10-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0962",
"datePublished": "2004-10-28T04:00:00Z",
"dateReserved": "2004-10-18T00:00:00Z",
"dateUpdated": "2024-09-17T03:38:34.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4887 (GCVE-0-2006-4887)
Vulnerability from cvelistv5
Published
2006-09-19 21:00
Modified
2024-08-07 19:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20092"
},
{
"name": "20060918 Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"name": "20060920 Re: Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"name": "20060926 Re: Re: Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"name": "apple-remote-desktop-gain-privileges(29060)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
},
{
"name": "32260",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20092"
},
{
"name": "20060918 Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"name": "20060920 Re: Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"name": "20060926 Re: Re: Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"name": "apple-remote-desktop-gain-privileges(29060)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
},
{
"name": "32260",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20092"
},
{
"name": "20060918 Apple Remote Desktop root vulneravility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"name": "20060920 Re: Apple Remote Desktop root vulneravility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"name": "20060926 Re: Re: Apple Remote Desktop root vulneravility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"name": "apple-remote-desktop-gain-privileges(29060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
},
{
"name": "32260",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4887",
"datePublished": "2006-09-19T21:00:00",
"dateReserved": "2006-09-19T00:00:00",
"dateUpdated": "2024-08-07T19:32:22.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5135 (GCVE-0-2013-5135)
Vulnerability from cvelistv5
Published
2013-10-24 01:00
Modified
2024-09-17 01:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:51.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "APPLE-SA-2013-10-22-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"name": "APPLE-SA-2013-10-22-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T01:00:00Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "APPLE-SA-2013-10-22-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"name": "APPLE-SA-2013-10-22-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-5135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "APPLE-SA-2013-10-22-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"name": "APPLE-SA-2013-10-22-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2013-5135",
"datePublished": "2013-10-24T01:00:00Z",
"dateReserved": "2013-08-15T00:00:00Z",
"dateUpdated": "2024-09-17T01:36:47.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5136 (GCVE-0-2013-5136)
Vulnerability from cvelistv5
Published
2013-10-24 01:00
Modified
2024-09-17 02:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:51.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2013-10-22-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T01:00:00Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2013-10-22-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-5136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2013-10-22-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2013-5136",
"datePublished": "2013-10-24T01:00:00Z",
"dateReserved": "2013-08-15T00:00:00Z",
"dateUpdated": "2024-09-17T02:15:59.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0681 (GCVE-0-2012-0681)
Vulnerability from cvelistv5
Published
2012-08-22 10:00
Modified
2024-08-06 18:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55100"
},
{
"name": "APPLE-SA-2012-08-20-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop before 3.6.1 does not recognize the \"Encrypt all network data\" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-30T09:00:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "55100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55100"
},
{
"name": "APPLE-SA-2012-08-20-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5433"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-0681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop before 3.6.1 does not recognize the \"Encrypt all network data\" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55100"
},
{
"name": "APPLE-SA-2012-08-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5433",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5433"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2012-0681",
"datePublished": "2012-08-22T10:00:00",
"dateReserved": "2012-01-12T00:00:00",
"dateUpdated": "2024-08-06T18:30:53.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}