The esets_daemon service in ESET Endpoint Antivirus for macOS before 6.4.168.0 and Endpoint Security for macOS before 6.4.168.0 does not properly verify X.509 certificates from the edf.eset.com SSL server, which allows man-in-the-middle attackers to spoof this server and provide crafted responses to license activation requests via a self-signed certificate. NOTE: this issue can be combined with CVE-2016-0718 to execute arbitrary code remotely as root.

References

packetstormsecurity.com/files/141350/ESET-Endpoint-Antivirus-6-Remote-Code-Execution.html

seclists.org/fulldisclosure/2017/Feb/68

support.eset.com/ca6333/

www.securityfocus.com/bid/96462

packetstorm 1

cve 3

nvd 3

thn 1

prion 3

zdt 1

seebug 1

jvn 1

nessus 45

openvas 40

freebsd 4

ibm 22

ubuntu 4

redhatcve 1

veracode 2

redhat 2

amazon 1

debiancve 1

cvelist 1

debian 3

osv 3

f5 1

cloudfoundry 1

centos 1

ubuntucve 1

mageia 1

oraclelinux 1

alpinelinux 1

mozilla 1

suse 8

archlinux 3

fedora 3

slackware 3

gentoo 1

apple 6

androidsecurity 1

oracle 1

packetstorm

ESET Endpoint Antivirus 6 Remote Code Execution

2017-02-27 00:00:00

cve

CVE-2016-9892

2017-03-02 23:59:00

CVE-2016-0718

2016-05-26 16:59:00

CVE-2016-0719

2016-05-18 15:59:00

nvd

CVE-2016-9892

2017-03-02 23:59:00

CVE-2016-0718

2016-05-26 16:59:00

CVE-2016-0719

2016-05-18 15:59:00

thn

Critical Flaw in ESET Antivirus Exposes Mac Users to Remote Hacking

2017-02-28 03:06:00

prion

Code injection

2017-03-02 23:59:00

Buffer overflow

2016-05-26 16:59:00

Design/Logic Flaw

2016-05-18 15:59:00

zdt

ESET Endpoint Antivirus 6 Remote Code Execution Exploit

2017-02-28 00:00:00

seebug

Remote Code Execution as Root via ESET Endpoint Antivirus 6（CVE-2016-9892）

2017-02-28 00:00:00

jvn

JVN#95898697: Multiple ESET products for macOS vulnerable to improper server certificate verification

2022-02-07 00:00:00

nessus

FreeBSD : expat -- denial of service vulnerability on malformed input (57b3aba7-1e25-11e6-8dd3-002590263bf5)

2016-05-20 00:00:00

EulerOS 2.0 SP1 : expat (EulerOS-SA-2017-1002)

2017-05-01 00:00:00

F5 Networks BIG-IP : Expat vulnerability (K52320548)

2017-09-19 00:00:00

openvas

RedHat Update for expat RHSA-2016:2824-01

2016-11-29 00:00:00

Huawei EulerOS: Security Advisory for expat (EulerOS-SA-2017-1002)

2020-01-23 00:00:00

Mageia: Security Advisory (MGASA-2016-0193)

2022-01-28 00:00:00

freebsd

expat -- denial of service vulnerability on malformed input

2016-05-17 00:00:00

Python 2.7 -- multiple vulnerabilities

2017-08-26 00:00:00

python 2.7 -- multiple vulnerabilities

2018-05-01 00:00:00

ibm

Security Bulletin: A vulnerability in expat affects PowerKVM

2018-06-18 01:34:46

Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the Expat XML parser (CVE-2016-0718)

2018-06-16 21:50:27

Security Bulletin: A vulnerability in Expat XML parser affects IBM Security Network Protection (CVE-2016-0718)

2018-06-16 21:48:37

ubuntu

Expat vulnerability

2016-05-18 00:00:00

XML-RPC for C and C++ vulnerabilities

2016-06-20 00:00:00

xmltok library vulnerabilities

2022-07-19 00:00:00

redhatcve

CVE-2016-0718

2020-04-05 04:55:48

veracode

Denial Of Service (DoS) Or Arbitrary Code Execution

2019-01-15 09:14:45

Denial Of Service (DoS) Or Arbitrary Code Execution

2017-02-01 03:14:43

redhat

(RHSA-2016:2824) Moderate: expat security update

2016-11-28 17:50:20

(RHSA-2018:2486) Important: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update

2018-08-16 16:05:21

amazon

Medium: expat

2016-12-15 00:38:00

debiancve

CVE-2016-0718

2016-05-26 16:59:00

cvelist

CVE-2016-0718

2016-05-26 16:00:00

debian

[SECURITY] [DLA 483-1] expat security update

2016-05-19 20:04:46

[SECURITY] [DSA 3582-1] expat security update

2016-05-18 05:18:57

[SECURITY] [DSA 3582-1] expat security update

2016-05-18 05:18:57

osv

CVE-2016-0718

2016-05-26 16:59:00

expat - security update

2016-05-19 00:00:00

libxmltok vulnerabilities

2022-07-19 17:11:00

K52320548 : Expat vulnerability CVE-2016-0718

2017-09-18 00:00:00

cloudfoundry

USN-2983-1 Expat vulnerability | Cloud Foundry

2016-06-13 00:00:00

centos

expat security update

2016-11-28 22:32:29

ubuntucve

CVE-2016-0718

2016-05-17 00:00:00

mageia

Updated expat packages fix security vulnerability

2016-05-20 14:38:30

oraclelinux

expat security update

2016-11-28 00:00:00

alpinelinux

CVE-2016-0718

2016-05-26 16:59:00

mozilla

Out-of-bounds read during XML parsing in Expat library — Mozilla

2016-08-02 00:00:00

suse

Security update for expat (important)

2016-06-07 13:08:02

Security update for expat (important)

2016-06-07 17:08:51

Security update for expat (important)

2016-05-30 14:09:21

archlinux

expat: arbitrary code execution

2016-05-18 00:00:00

lib32-expat: arbitrary code execution

2016-05-18 00:00:00

firefox: multiple issues

2016-08-05 00:00:00

fedora

[SECURITY] Fedora 24 Update: expat-2.1.1-2.fc24

2016-06-21 19:27:49

[SECURITY] Fedora 23 Update: expat-2.1.1-2.fc23

2016-06-19 07:27:54

[SECURITY] Fedora 22 Update: expat-2.1.1-2.fc22

2016-07-12 02:27:38

slackware

[slackware-security] python

2017-09-23 06:33:04

[slackware-security] expat

2016-12-24 19:24:21

[slackware-security] python

2018-05-04 20:53:50

gentoo

Expat: Multiple vulnerabilities

2017-01-11 00:00:00

apple

About the security content of iTunes 12.6

2017-03-21 00:00:00

About the security content of iTunes 12.6 - Apple Support

2017-03-22 07:40:40

About the security content of iTunes 12.6 for Windows

2017-03-21 00:00:00

androidsecurity

Android Security Bulletin—November 2016

2016-11-07 00:00:00

oracle

CPU July 2018

2018-07-17 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.2 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

JSON

Related for CVELIST:CVE-2016-9892