Lucene search
K

41 matches found

EUVD
EUVD
added 2021/07/19 11:37 a.m.4 views

EUVD-2021-20202

Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL...

9.6CVSS9.5AI score0.07912EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/07/19 12:0 a.m.3 views

Overwolf 跨站脚本漏洞

Overwolf is a framework from the Israeli company Overwolf that supports building games using HTML and JavaScript. A security vulnerability exists in Overwolf Client 0.169.0.22, which originates from overwolfstore: UR can L generate remote code execution...

9.6CVSS8.8AI score0.07912EPSS
Exploits1References4
OSV
OSV
added 2021/05/24 4:15 a.m.2 views

CVE-2021-20726

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory...

7.8CVSS6AI score0.00292EPSS
Exploits0References2
NVD
NVD
added 2021/05/24 4:15 a.m.24 views

CVE-2021-20726

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory...

7.8CVSS0.00292EPSS
Exploits0References2
Prion
Prion
added 2021/05/24 4:15 a.m.12 views

Design/Logic Flaw

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory...

4.4CVSS8AI score0.00292EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/05/24 3:20 a.m.25 views

CVE-2021-20726

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory...

8.2AI score0.00292EPSS
Exploits0References2
CVE
CVE
added 2021/05/24 3:20 a.m.74 views

CVE-2021-20726

The CVE-2021-20726 entry concerns Overwolf’s Installer. A CWE-427-like issue in the DLL search path allows an attacker to place a Trojan DLL in the installer directory and execute arbitrary code with the user’s privileges, affecting The Installer of Overwolf up to version 2.168.0.n and earlier. D...

7.8CVSS8AI score0.00292EPSS
Exploits0References2Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 7:7 a.m.3 views

Installer of Overwolf may insecurely load Dynamic Link Libraries

Overview Overwolf is a software framework for creating applications for games. The Overwolf Installer contains an issue with the DLL search path CWE-427, which may lead to insecurely loading Dynamic Link Libraries stored in the same directory where the installer resides. Shogo kumamaru of LAC Co....

7.8CVSS6.8AI score0.00292EPSS
Exploits0References6
CNNVD
CNNVD
added 2021/05/21 12:0 a.m.4 views

Overwolf 代码问题漏洞

Overwolf is a framework from the Israeli company Overwolf that supports building games using HTML and JavaScript. Overwolf Installer 2.168.0 suffers from a code issue vulnerability that stems from the application loading DLL libraries in an insecure manner. A remote attacker could exploit the...

7.8CVSS7.9AI score0.00292EPSS
Exploits0References3
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2021/05/21 12:0 a.m.62 views

JVN#78254777: Installer of Overwolf may insecurely load Dynamic Link Libraries

Overwolf is a software framework for creating applications for games. The Overwolf Installer contains an issue with the DLL search path CWE-427, which may lead to insecurely loading Dynamic Link Libraries stored in the same directory where the installer resides. Impact Arbitrary code may be...

7.8CVSS7.7AI score0.00292EPSS
Exploits0
OSV
OSV
added 2020/10/16 8:15 p.m.4 views

CVE-2020-25214

In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint...

8.1CVSS7.2AI score0.03706EPSS
Exploits1References1
NVD
NVD
added 2020/10/16 8:15 p.m.10 views

CVE-2020-25214

In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint...

9.3CVSS0.03706EPSS
Exploits1References1
Prion
Prion
added 2020/10/16 8:15 p.m.13 views

Code injection

In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint...

9.3CVSS8AI score0.03706EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/10/16 7:38 p.m.17 views

CVE-2020-25214

In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint...

8.1AI score0.03706EPSS
Exploits1References1
CVE
CVE
added 2020/10/16 7:38 p.m.36 views

CVE-2020-25214

The CVE-2020-25214 entry affects the Overwolf client version 0.149.2.30, where a channel can be accessed or influenced by an actor that is not an endpoint. The NVD CVSS vectors indicate HIGH impact to confidentiality, integrity, and availability (C/H; I/H; A/H) with NETWORK attack vector and no u...

9.3CVSS8AI score0.03706EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2020/07/24 5:15 p.m.21 views

CVE-2020-15932

Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges...

9CVSS8.8AI score0.03252EPSS
Exploits0References1
OSV
OSV
added 2020/07/24 5:15 p.m.2 views

CVE-2020-15932

Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges...

8.8CVSS7.3AI score0.03252EPSS
Exploits0References1
Prion
Prion
added 2020/07/24 5:15 p.m.14 views

Privilege escalation

Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges...

9CVSS8.7AI score0.03252EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/07/24 4:15 p.m.48 views

CVE-2020-15932

CVE-2020-15932 concerns Overwolf versions before 0.149.2.30, where updates mishandle symbolic links, leading to elevation of privileges. Public documents consistently describe this as a privilege-escalation issue affecting the updater process. The exact vulnerable component is the update mechanis...

9CVSS8.6AI score0.03252EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/07/24 4:15 p.m.23 views

CVE-2020-15932

Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges...

8.8AI score0.03252EPSS
Exploits0References1
Rows per page
Query Builder