Vulnerabilities > Apple > Apple Remote Desktop > 3.5.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-11-14 | CVE-2013-5229 | 7PK - Security Features vulnerability in Apple Remote Desktop and mac OS X The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box. | 3.7 |
2013-10-24 | CVE-2013-5136 | Information Exposure vulnerability in Apple Remote Desktop Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session. | 4.3 |
2013-10-24 | CVE-2013-5135 | USE of Externally-Controlled Format String vulnerability in Apple Remote Desktop and mac OS X Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username. | 7.5 |
2012-08-22 | CVE-2012-0681 | Cryptographic Issues vulnerability in Apple Remote Desktop 3.5.2/3.5.3/3.6.0 Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. | 4.3 |