41 matches found
EUVD-2021-20202
Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL...
Overwolf 跨站脚本漏洞
Overwolf is a framework from the Israeli company Overwolf that supports building games using HTML and JavaScript. A security vulnerability exists in Overwolf Client 0.169.0.22, which originates from overwolfstore: UR can L generate remote code execution...
CVE-2021-20726
Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory...
CVE-2021-20726
Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory...
Design/Logic Flaw
Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory...
CVE-2021-20726
Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the installer via a Trojan horse DLL in an unspecified directory...
CVE-2021-20726
The CVE-2021-20726 entry concerns Overwolf’s Installer. A CWE-427-like issue in the DLL search path allows an attacker to place a Trojan DLL in the installer directory and execute arbitrary code with the user’s privileges, affecting The Installer of Overwolf up to version 2.168.0.n and earlier. D...
Installer of Overwolf may insecurely load Dynamic Link Libraries
Overview Overwolf is a software framework for creating applications for games. The Overwolf Installer contains an issue with the DLL search path CWE-427, which may lead to insecurely loading Dynamic Link Libraries stored in the same directory where the installer resides. Shogo kumamaru of LAC Co....
Overwolf 代码问题漏洞
Overwolf is a framework from the Israeli company Overwolf that supports building games using HTML and JavaScript. Overwolf Installer 2.168.0 suffers from a code issue vulnerability that stems from the application loading DLL libraries in an insecure manner. A remote attacker could exploit the...
JVN#78254777: Installer of Overwolf may insecurely load Dynamic Link Libraries
Overwolf is a software framework for creating applications for games. The Overwolf Installer contains an issue with the DLL search path CWE-427, which may lead to insecurely loading Dynamic Link Libraries stored in the same directory where the installer resides. Impact Arbitrary code may be...
CVE-2020-25214
In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint...
CVE-2020-25214
In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint...
Code injection
In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint...
CVE-2020-25214
In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint...
CVE-2020-25214
The CVE-2020-25214 entry affects the Overwolf client version 0.149.2.30, where a channel can be accessed or influenced by an actor that is not an endpoint. The NVD CVSS vectors indicate HIGH impact to confidentiality, integrity, and availability (C/H; I/H; A/H) with NETWORK attack vector and no u...
CVE-2020-15932
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges...
CVE-2020-15932
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges...
Privilege escalation
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges...
CVE-2020-15932
CVE-2020-15932 concerns Overwolf versions before 0.149.2.30, where updates mishandle symbolic links, leading to elevation of privileges. Public documents consistently describe this as a privilege-escalation issue affecting the updater process. The exact vulnerable component is the update mechanis...
CVE-2020-15932
Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges...