Search criteria
18 vulnerabilities found for apple_remote_desktop by apple
FKIE_CVE-2013-5229
Vulnerability from fkie_nvd - Published: 2015-11-14 03:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | mac_os_x | * | |
| apple | apple_remote_desktop | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FE2D98EB-2249-45AC-B9E7-2CD57A845BF4",
"versionEndIncluding": "10.8.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "224FFDC7-9377-472D-880C-CC52D73F696B",
"versionEndIncluding": "3.6.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box."
},
{
"lang": "es",
"value": "La funcionalidad Remote Desktop full-screen en Apple OS X en versiones anteriores a 10.9 y Apple Remote Desktop en versiones anteriores a 3.7 env\u00eda el texto de cuadro de di\u00e1logo a un host remoto conectado tras ser despertado de suspensi\u00f3n, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos eludir las restricciones destinadas al acceso mediante la entrada de un comando en esta casilla."
}
],
"id": "CVE-2013-5229",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-11-14T03:59:00.127",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"source": "product-security@apple.com",
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"source": "product-security@apple.com",
"url": "http://www.securitytracker.com/id/1034187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id/1034187"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-254"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-5136
Vulnerability from fkie_nvd - Published: 2013-10-24 03:48 - Updated: 2025-04-11 00:51
Severity ?
Summary
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | apple_remote_desktop | * | |
| apple | apple_remote_desktop | 3.0.0 | |
| apple | apple_remote_desktop | 3.1 | |
| apple | apple_remote_desktop | 3.2 | |
| apple | apple_remote_desktop | 3.2.1 | |
| apple | apple_remote_desktop | 3.2.2 | |
| apple | apple_remote_desktop | 3.3 | |
| apple | apple_remote_desktop | 3.3.1 | |
| apple | apple_remote_desktop | 3.3.2 | |
| apple | apple_remote_desktop | 3.4 | |
| apple | apple_remote_desktop | 3.5 | |
| apple | apple_remote_desktop | 3.5.1 | |
| apple | apple_remote_desktop | 3.5.2 | |
| apple | apple_remote_desktop | 3.5.3 | |
| apple | apple_remote_desktop | 3.5.4 | |
| apple | apple_remote_desktop | 3.6 | |
| apple | apple_remote_desktop | 3.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "224FFDC7-9377-472D-880C-CC52D73F696B",
"versionEndIncluding": "3.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E315CDB-EABA-4632-A4E2-F207695D9139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6214BD-6D4B-4F32-B35A-D638723C240A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3EF0960-C1A7-4770-80AD-4324925F8966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69A47AAB-EC72-474E-A184-1E487D10B747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5509B564-A235-44B9-B0AB-A72AFF5D2837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52113D2A-3C14-4299-B4E9-0731630FC5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "043E86FA-CFD5-4845-BF5E-F42B81EE9C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA5FDCD-BF01-4BF3-8F4C-4E9829C2BD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72309021-65E6-43C0-993D-81F6FA0D16C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "00BA9937-8F14-4AED-B9DA-ABFA6837CCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B3B607B-3B0B-44CA-809E-CBC4A656D4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16C73945-1E37-4CFD-BA7D-0F43D339BC0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6C8B83-191B-481B-8B4A-E698160CF4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2D005E8A-3475-4240-ADEB-077FF1F86765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "24C0CA0D-152A-4C6F-87BF-028F09DF6EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B603229-6EE5-4217-9A3B-06130276A861",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session."
},
{
"lang": "es",
"value": "Apple Remote Desktop anteriores a 3.7 no utilizan apropiadamente la informaci\u00f3n de tipo de autenticaci\u00f3n de servidor durante decisiones sobre si presentar un mensaje de conexi\u00f3n no cifrada, lo cual permite a atacantes remotos obtener informaci\u00f3n sensible en circunstancias espec\u00edficas mediante la captura de tr\u00e1fico de red durante una sesi\u00f3n VNC no cifrada de manera no intencionada."
}
],
"id": "CVE-2013-5136",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-24T03:48:48.893",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-5135
Vulnerability from fkie_nvd - Published: 2013-10-24 03:48 - Updated: 2025-04-11 00:51
Severity ?
Summary
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | apple_remote_desktop | * | |
| apple | apple_remote_desktop | 3.0.0 | |
| apple | apple_remote_desktop | 3.1 | |
| apple | apple_remote_desktop | 3.2 | |
| apple | apple_remote_desktop | 3.2.1 | |
| apple | apple_remote_desktop | 3.2.2 | |
| apple | apple_remote_desktop | 3.3 | |
| apple | apple_remote_desktop | 3.3.1 | |
| apple | apple_remote_desktop | 3.3.2 | |
| apple | apple_remote_desktop | 3.4 | |
| apple | apple_remote_desktop | 3.5 | |
| apple | apple_remote_desktop | 3.5.1 | |
| apple | apple_remote_desktop | 3.5.2 | |
| apple | mac_os_x | * | |
| apple | mac_os_x | 10.8.0 | |
| apple | mac_os_x | 10.8.1 | |
| apple | mac_os_x | 10.8.2 | |
| apple | mac_os_x | 10.8.3 | |
| apple | mac_os_x | 10.8.4 | |
| apple | mac_os_x | 10.8.5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA6068E6-47A3-44C0-AAE7-25952E9B18CD",
"versionEndIncluding": "3.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E315CDB-EABA-4632-A4E2-F207695D9139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB6214BD-6D4B-4F32-B35A-D638723C240A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C3EF0960-C1A7-4770-80AD-4324925F8966",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69A47AAB-EC72-474E-A184-1E487D10B747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5509B564-A235-44B9-B0AB-A72AFF5D2837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "52113D2A-3C14-4299-B4E9-0731630FC5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "043E86FA-CFD5-4845-BF5E-F42B81EE9C64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2BA5FDCD-BF01-4BF3-8F4C-4E9829C2BD6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "72309021-65E6-43C0-993D-81F6FA0D16C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "00BA9937-8F14-4AED-B9DA-ABFA6837CCD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B3B607B-3B0B-44CA-809E-CBC4A656D4D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16C73945-1E37-4CFD-BA7D-0F43D339BC0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:supplemental_update:*:*:*:*:*:*",
"matchCriteriaId": "BA9ABDE2-A7F3-4D0B-9BBB-57F27AE14B1D",
"versionEndIncluding": "10.8.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2082D62-3821-4DBA-8690-67489F44C38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8F0DB1BC-DC16-423E-B0C7-8E9C996A50B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E59315BA-B9F1-46A5-86E7-8BE2ED97BA4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "55841123-F78F-42E0-8D40-C688C4B4D29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "252640D3-5CB8-4C3D-9E8B-ED452293C805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F3D30B4B-DA63-40B0-B0C9-F3992CF25706",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username."
},
{
"lang": "es",
"value": "Vulnerabilidad de format string en Screen Sharing Server de Apple Mac OS X anterior a 10.9 y Apple Remote Desktop anterior a 3.5.4 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s especificadores de formato de cadena en el nombre de usuario VNC."
}
],
"id": "CVE-2013-5135",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-24T03:48:48.877",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0681
Vulnerability from fkie_nvd - Published: 2012-08-22 10:42 - Updated: 2025-04-11 00:51
Severity ?
Summary
Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | apple_remote_desktop | 3.5.2 | |
| apple | apple_remote_desktop | 3.5.3 | |
| apple | apple_remote_desktop | 3.6.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "16C73945-1E37-4CFD-BA7D-0F43D339BC0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6C8B83-191B-481B-8B4A-E698160CF4DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98DB96B3-0B78-4C63-8343-5A6509D75F36",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop before 3.6.1 does not recognize the \"Encrypt all network data\" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network."
},
{
"lang": "es",
"value": "Apple Remote Desktop antes de v3.6.1 no reconoce la opci\u00f3n \"Cifrar todos los datos de red\" durante las conexiones a servidores VNC de terceros, lo que permite a atacantes remotos obtener contenido en claro de la sesi\u00f3n VNC espiando el tr\u00e1fico de red.\r\n"
}
],
"id": "CVE-2012-0681",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-22T10:42:04.507",
"references": [
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT5433"
},
{
"source": "product-security@apple.com",
"url": "http://www.securityfocus.com/bid/55100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://support.apple.com/kb/HT5433"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/55100"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-4887
Vulnerability from fkie_nvd - Published: 2006-09-19 21:07 - Updated: 2025-04-03 01:03
Severity ?
Summary
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | apple_remote_desktop | 2.0.0 | |
| apple | apple_remote_desktop | 2.1.0 | |
| apple | apple_remote_desktop | 3.0.0 | |
| apple | mac_os_x | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC05949B-1245-428D-AE4D-424AC2DE816C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41469972-986E-4AB0-BF44-F81FD786C4CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4E315CDB-EABA-4632-A4E2-F207695D9139",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "61DAEA2E-5E72-4997-8C8F-5C354B29A488",
"versionEndIncluding": "10.2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it."
},
{
"lang": "es",
"value": "Apple Remote Desktop (ARD) para Mac OS X 10.2.8 y posteriores no quita privilegios en la m\u00e1quina remota al instalar ciertas aplicaciones, lo cual permite a usuarios locales evitar la autenticaci\u00f3n y obtener privilegios seleccionando el icono durante la instalaci\u00f3n.\r\nNOTA: Se podr\u00eda discutir que esta vulnerabilidad no se produce en el mismo Remote Desktop, si no en aplicaciones que son instaladas cuando se est\u00e1 usando."
}
],
"id": "CVE-2006-4887",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-09-19T21:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/32260"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20092"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/32260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-0962
Vulnerability from fkie_nvd - Published: 2005-02-09 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apple | apple_remote_desktop | 2.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:apple_remote_desktop:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DC05949B-1245-428D-AE4D-424AC2DE816C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching."
}
],
"id": "CVE-2004-0962",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-02-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-5229 (GCVE-0-2013-5229)
Vulnerability from cvelistv5 – Published: 2015-11-14 02:00 – Updated: 2024-08-06 17:06
VLAI?
Summary
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2015-000177",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"name": "1034187",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034187"
},
{
"name": "JVN#56210048",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "JVNDB-2015-000177",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"name": "1034187",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034187"
},
{
"name": "JVN#56210048",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-5229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2015-000177",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"name": "http://jvn.jp/en/jp/JVN56210048/741993/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"name": "1034187",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034187"
},
{
"name": "JVN#56210048",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2013-5229",
"datePublished": "2015-11-14T02:00:00",
"dateReserved": "2013-08-15T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5135 (GCVE-0-2013-5135)
Vulnerability from cvelistv5 – Published: 2013-10-24 01:00 – Updated: 2024-09-17 01:36
VLAI?
Summary
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:51.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "APPLE-SA-2013-10-22-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"name": "APPLE-SA-2013-10-22-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T01:00:00Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "APPLE-SA-2013-10-22-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"name": "APPLE-SA-2013-10-22-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-5135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "APPLE-SA-2013-10-22-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"name": "APPLE-SA-2013-10-22-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2013-5135",
"datePublished": "2013-10-24T01:00:00Z",
"dateReserved": "2013-08-15T00:00:00Z",
"dateUpdated": "2024-09-17T01:36:47.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5136 (GCVE-0-2013-5136)
Vulnerability from cvelistv5 – Published: 2013-10-24 01:00 – Updated: 2024-09-17 02:15
VLAI?
Summary
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:51.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2013-10-22-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T01:00:00Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2013-10-22-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-5136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2013-10-22-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2013-5136",
"datePublished": "2013-10-24T01:00:00Z",
"dateReserved": "2013-08-15T00:00:00Z",
"dateUpdated": "2024-09-17T02:15:59.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0681 (GCVE-0-2012-0681)
Vulnerability from cvelistv5 – Published: 2012-08-22 10:00 – Updated: 2024-08-06 18:30
VLAI?
Summary
Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55100"
},
{
"name": "APPLE-SA-2012-08-20-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop before 3.6.1 does not recognize the \"Encrypt all network data\" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-30T09:00:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "55100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55100"
},
{
"name": "APPLE-SA-2012-08-20-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5433"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-0681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop before 3.6.1 does not recognize the \"Encrypt all network data\" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55100"
},
{
"name": "APPLE-SA-2012-08-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5433",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5433"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2012-0681",
"datePublished": "2012-08-22T10:00:00",
"dateReserved": "2012-01-12T00:00:00",
"dateUpdated": "2024-08-06T18:30:53.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4887 (GCVE-0-2006-4887)
Vulnerability from cvelistv5 – Published: 2006-09-19 21:00 – Updated: 2024-08-07 19:32
VLAI?
Summary
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20092"
},
{
"name": "20060918 Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"name": "20060920 Re: Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"name": "20060926 Re: Re: Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"name": "apple-remote-desktop-gain-privileges(29060)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
},
{
"name": "32260",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20092"
},
{
"name": "20060918 Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"name": "20060920 Re: Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"name": "20060926 Re: Re: Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"name": "apple-remote-desktop-gain-privileges(29060)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
},
{
"name": "32260",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20092"
},
{
"name": "20060918 Apple Remote Desktop root vulneravility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"name": "20060920 Re: Apple Remote Desktop root vulneravility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"name": "20060926 Re: Re: Apple Remote Desktop root vulneravility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"name": "apple-remote-desktop-gain-privileges(29060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
},
{
"name": "32260",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4887",
"datePublished": "2006-09-19T21:00:00",
"dateReserved": "2006-09-19T00:00:00",
"dateUpdated": "2024-08-07T19:32:22.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0962 (GCVE-0-2004-0962)
Vulnerability from cvelistv5 – Published: 2004-10-28 04:00 – Updated: 2024-09-17 03:38
VLAI?
Summary
Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:48.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2004-10-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-10-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2004-10-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2004-10-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0962",
"datePublished": "2004-10-28T04:00:00Z",
"dateReserved": "2004-10-18T00:00:00Z",
"dateUpdated": "2024-09-17T03:38:34.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5229 (GCVE-0-2013-5229)
Vulnerability from nvd – Published: 2015-11-14 02:00 – Updated: 2024-08-06 17:06
VLAI?
Summary
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:52.352Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2015-000177",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"name": "1034187",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034187"
},
{
"name": "JVN#56210048",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-13T09:57:01",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "JVNDB-2015-000177",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"name": "1034187",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034187"
},
{
"name": "JVN#56210048",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-5229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2015-000177",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000177"
},
{
"name": "http://jvn.jp/en/jp/JVN56210048/741993/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN56210048/741993/index.html"
},
{
"name": "1034187",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034187"
},
{
"name": "JVN#56210048",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN56210048/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2013-5229",
"datePublished": "2015-11-14T02:00:00",
"dateReserved": "2013-08-15T00:00:00",
"dateUpdated": "2024-08-06T17:06:52.352Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5135 (GCVE-0-2013-5135)
Vulnerability from nvd – Published: 2013-10-24 01:00 – Updated: 2024-09-17 01:36
VLAI?
Summary
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:51.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "APPLE-SA-2013-10-22-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"name": "APPLE-SA-2013-10-22-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T01:00:00Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "APPLE-SA-2013-10-22-6",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"name": "APPLE-SA-2013-10-22-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-5135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "APPLE-SA-2013-10-22-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00007.html"
},
{
"name": "APPLE-SA-2013-10-22-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2013-5135",
"datePublished": "2013-10-24T01:00:00Z",
"dateReserved": "2013-08-15T00:00:00Z",
"dateUpdated": "2024-09-17T01:36:47.689Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-5136 (GCVE-0-2013-5136)
Vulnerability from nvd – Published: 2013-10-24 01:00 – Updated: 2024-09-17 02:15
VLAI?
Summary
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:06:51.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2013-10-22-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T01:00:00Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "APPLE-SA-2013-10-22-7",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2013-5136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2013-10-22-7",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00008.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2013-5136",
"datePublished": "2013-10-24T01:00:00Z",
"dateReserved": "2013-08-15T00:00:00Z",
"dateUpdated": "2024-09-17T02:15:59.993Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0681 (GCVE-0-2012-0681)
Vulnerability from nvd – Published: 2012-08-22 10:00 – Updated: 2024-08-06 18:30
VLAI?
Summary
Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:30:53.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "55100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/55100"
},
{
"name": "APPLE-SA-2012-08-20-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5433"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop before 3.6.1 does not recognize the \"Encrypt all network data\" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-03-30T09:00:00",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"name": "55100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/55100"
},
{
"name": "APPLE-SA-2012-08-20-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5433"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-0681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop before 3.6.1 does not recognize the \"Encrypt all network data\" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55100"
},
{
"name": "APPLE-SA-2012-08-20-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Aug/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5433",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5433"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2012-0681",
"datePublished": "2012-08-22T10:00:00",
"dateReserved": "2012-01-12T00:00:00",
"dateUpdated": "2024-08-06T18:30:53.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-4887 (GCVE-0-2006-4887)
Vulnerability from nvd – Published: 2006-09-19 21:00 – Updated: 2024-08-07 19:32
VLAI?
Summary
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:32:22.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20092",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20092"
},
{
"name": "20060918 Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"name": "20060920 Re: Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"name": "20060926 Re: Re: Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"name": "apple-remote-desktop-gain-privileges(29060)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
},
{
"name": "32260",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/32260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20092",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20092"
},
{
"name": "20060918 Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"name": "20060920 Re: Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"name": "20060926 Re: Re: Apple Remote Desktop root vulneravility",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"name": "apple-remote-desktop-gain-privileges(29060)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
},
{
"name": "32260",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/32260"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4887",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20092",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20092"
},
{
"name": "20060918 Apple Remote Desktop root vulneravility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446371/100/0/threaded"
},
{
"name": "20060920 Re: Apple Remote Desktop root vulneravility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/446751/100/0/threaded"
},
{
"name": "20060926 Re: Re: Apple Remote Desktop root vulneravility",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/447043/100/0/threaded"
},
{
"name": "apple-remote-desktop-gain-privileges(29060)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29060"
},
{
"name": "32260",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/32260"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4887",
"datePublished": "2006-09-19T21:00:00",
"dateReserved": "2006-09-19T00:00:00",
"dateUpdated": "2024-08-07T19:32:22.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-0962 (GCVE-0-2004-0962)
Vulnerability from nvd – Published: 2004-10-28 04:00 – Updated: 2024-09-17 03:38
VLAI?
Summary
Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:31:48.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2004-10-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-10-28T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2004-10-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2004-10-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2004/Oct/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0962",
"datePublished": "2004-10-28T04:00:00Z",
"dateReserved": "2004-10-18T00:00:00Z",
"dateUpdated": "2024-09-17T03:38:34.292Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}