CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2013-5229
https://notcve.org/view.php?id=CVE-2013-5229
14 Nov 2015 — The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. La funcionalidad Remote Desktop full-screen en Apple OS X en versiones anteriores a 10.9 y Apple Remote Desktop en versiones anteriores a 3.7 envía el texto de cuadro de diálogo a un host remoto conectado tras ser d... • http://jvn.jp/en/jp/JVN56210048/741993/index.html • CWE-254: 7PK - Security Features •
CVSS: 9.8EPSS: 3%CPEs: 20EXPL: 0CVE-2013-5135
https://notcve.org/view.php?id=CVE-2013-5135
24 Oct 2013 — Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username. Vulnerabilidad de format string en Screen Sharing Server de Apple Mac OS X anterior a 10.9 y Apple Remote Desktop anterior a 3.5.4 permite a atacantes remotos ejecutar código arbitrario a través especificadores de formato de cadena en el nombre de usuario VNC. • http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 0CVE-2013-5136
https://notcve.org/view.php?id=CVE-2013-5136
24 Oct 2013 — Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session. Apple Remote Desktop anteriores a 3.7 no utilizan apropiadamente la información de tipo de autenticación de servidor durante decisiones sobre si presentar un mensaje de cone... • http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2012-0681
https://notcve.org/view.php?id=CVE-2012-0681
20 Aug 2012 — Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. Apple Remote Desktop antes de v3.6.1 no reconoce la opción "Cifrar todos los datos de red" durante las conexiones a servidores VNC de terceros, lo que permite a atacantes remotos obtener contenido en claro de la sesión VNC espiando el tráfico de red. • http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html • CWE-310: Cryptographic Issues •