National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:apple:apple_remote_desktop:3.0.0
There are 4 matching records.
Vuln ID Summary CVSS Severity
CVE-2013-5229

The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.

Published: November 13, 2015; 10:59:00 PM -05:00
V2: 3.7 LOW
CVE-2013-5136

Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.

Published: October 23, 2013; 11:48:48 PM -04:00
V2: 4.3 MEDIUM
CVE-2013-5135

Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.

Published: October 23, 2013; 11:48:48 PM -04:00
V2: 7.5 HIGH
CVE-2006-4887

Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.

Published: September 19, 2006; 05:07:00 PM -04:00
V2: 7.2 HIGH