CVSS: 3.7EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5229
https://notcve.org/view.php?id=CVE-2013-5229
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. La funcionalidad Remote Desktop full-screen en Apple OS X en versiones anteriores a 10.9 y Apple Remote Desktop en versiones anteriores a 3.7 envía el texto de cuadro de diálogo a un host remoto conectado tras ser despertado de suspensión, lo que permite a atacantes físicamente próximos eludir las restricciones destinadas al acceso mediante la entrada de un comando en esta casilla. • http://jvn.jp/en/jp/JVN56210048/741993/index.html http://jvn.jp/en/jp/JVN56210048/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177 http://www.securitytracker.com/id/1034187 • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 1%CPEs: 20EXPL: 0CVE-2013-5135
https://notcve.org/view.php?id=CVE-2013-5135
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username. Vulnerabilidad de format string en Screen Sharing Server de Apple Mac OS X anterior a 10.9 y Apple Remote Desktop anterior a 3.5.4 permite a atacantes remotos ejecutar código arbitrario a través especificadores de formato de cadena en el nombre de usuario VNC. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.3EPSS: 0%CPEs: 17EXPL: 0CVE-2013-5136
https://notcve.org/view.php?id=CVE-2013-5136
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session. Apple Remote Desktop anteriores a 3.7 no utilizan apropiadamente la información de tipo de autenticación de servidor durante decisiones sobre si presentar un mensaje de conexión no cifrada, lo cual permite a atacantes remotos obtener información sensible en circunstancias específicas mediante la captura de tráfico de red durante una sesión VNC no cifrada de manera no intencionada. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0CVE-2012-0681
https://notcve.org/view.php?id=CVE-2012-0681
Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. Apple Remote Desktop antes de v3.6.1 no reconoce la opción "Cifrar todos los datos de red" durante las conexiones a servidores VNC de terceros, lo que permite a atacantes remotos obtener contenido en claro de la sesión VNC espiando el tráfico de red. • http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html http://support.apple.com/kb/HT5433 http://www.securityfocus.com/bid/55100 • CWE-310: Cryptographic Issues •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2006-4887
https://notcve.org/view.php?id=CVE-2006-4887
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it. Apple Remote Desktop (ARD) para Mac OS X 10.2.8 y posteriores no quita privilegios en la máquina remota al instalar ciertas aplicaciones, lo cual permite a usuarios locales evitar la autenticación y obtener privilegios seleccionando el icono durante la instalación. NOTA: Se podría discutir que esta vulnerabilidad no se produce en el mismo Remote Desktop, si no en aplicaciones que son instaladas cuando se está usando. • http://www.osvdb.org/32260 http://www.securityfocus.com/archive/1/446371/100/0/threaded http://www.securityfocus.com/archive/1/446751/100/0/threaded http://www.securityfocus.com/archive/1/447043/100/0/threaded http://www.securityfocus.com/bid/20092 https://exchange.xforce.ibmcloud.com/vulnerabilities/29060 •