Remote Desktop
by Apple Inc.
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-5135 | 0.01 | — | 0.11 | Oct 24, 2013 | Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username. | |||
| CVE-2023-32043 | 0.00 | — | 0.00 | Jul 11, 2023 | Windows Remote Desktop Security Feature Bypass Vulnerability | |||
| CVE-2023-28290 | 0.00 | — | 0.01 | May 9, 2023 | Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability | |||
| CVE-2017-2488 | 0.00 | — | 0.01 | Dec 23, 2021 | A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords. | |||
| CVE-2021-30813 | 0.00 | — | 0.00 | Oct 28, 2021 | This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS. | |||
| CVE-2013-5229 | 0.00 | — | 0.00 | Nov 14, 2015 | The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a… | |||
| CVE-2013-5136 | 0.00 | — | 0.01 | Oct 24, 2013 | Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by… | |||
| CVE-2012-0681 | 0.00 | — | 0.02 | Aug 22, 2012 | Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network. | |||
| CVE-2006-4413 | 0.00 | — | 0.00 | Nov 18, 2006 | Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages. | |||
| CVE-2006-4887 | 0.00 | — | 0.00 | Sep 19, 2006 | Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be… | |||
| CVE-2004-0962 | 0.00 | — | 0.03 | Feb 9, 2005 | Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching. |
- CVE-2013-5135Oct 24, 2013risk 0.01cvss —epss 0.11
Format string vulnerability in Screen Sharing Server in Apple Mac OS X before 10.9 and Apple Remote Desktop before 3.5.4 allows remote attackers to execute arbitrary code via format string specifiers in a VNC username.
- CVE-2023-32043Jul 11, 2023risk 0.00cvss —epss 0.00
Windows Remote Desktop Security Feature Bypass Vulnerability
- CVE-2023-28290May 9, 2023risk 0.00cvss —epss 0.01
Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability
- CVE-2017-2488Dec 23, 2021risk 0.00cvss —epss 0.01
A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords.
- CVE-2021-30813Oct 28, 2021risk 0.00cvss —epss 0.00
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS.
- CVE-2013-5229Nov 14, 2015risk 0.00cvss —epss 0.00
The Remote Desktop full-screen feature in Apple OS X before 10.9 and Apple Remote Desktop before 3.7 sends dialog-box text to a connected remote host upon being woken from sleep, which allows physically proximate attackers to bypass intended access restrictions by entering a…
- CVE-2013-5136Oct 24, 2013risk 0.00cvss —epss 0.01
Apple Remote Desktop before 3.7 does not properly use server authentication-type information during decisions about whether to present an unencrypted-connection warning message, which allows remote attackers to obtain sensitive information in opportunistic circumstances by…
- CVE-2012-0681Aug 22, 2012risk 0.00cvss —epss 0.02
Apple Remote Desktop before 3.6.1 does not recognize the "Encrypt all network data" setting during connections to third-party VNC servers, which allows remote attackers to obtain cleartext VNC session content by sniffing the network.
- CVE-2006-4413Nov 18, 2006risk 0.00cvss —epss 0.00
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages.
- CVE-2006-4887Sep 19, 2006risk 0.00cvss —epss 0.00
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be…
- CVE-2004-0962Feb 9, 2005risk 0.00cvss —epss 0.03
Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching.