Apple: >> Apple Remote Desktop >> 3.5.2 Security Vulnerabilities
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a command in this box.
CVSS Score
3.7
EPSS Score
0.001
Published
2015-11-14
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
CVSS Score
7.5
EPSS Score
0.05
Published
2013-10-24
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by sniffing the network during an unintended cleartext VNC session.
CVSS Score
4.3
EPSS Score
0.003
Published
2013-10-24
Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.
CVSS Score
4.3
EPSS Score
0.005
Published
2012-08-22