Skip to main content

Overwolf

5 CVEs product

Monthly

CVE-2024-7834 HIGH This Week

A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Overwolf
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-33501 CRITICAL POC Act Now

Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Overwolf
NVD GitHub
CVSS 3.1
9.6
EPSS
7.9%
CVE-2021-20726 HIGH This Week

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Overwolf
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2020-25214 HIGH POC This Week

In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Overwolf
NVD GitHub
CVSS 3.1
8.1
EPSS
3.8%
CVE-2020-15932 HIGH This Week

Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Overwolf
NVD GitHub
CVSS 3.1
8.8
EPSS
3.3%
EPSS 0% CVSS 7.8
HIGH This Week

A local privilege escalation is caused by Overwolf loading and executing certain dynamic link library files from a user-writeable folder in SYSTEM context on launch. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation RCE Overwolf
NVD
EPSS 8% CVSS 9.6
CRITICAL POC Act Now

Overwolf Client 0.169.0.22 allows XSS, with resultant Remote Code Execution, via an overwolfstore:// URL. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE XSS Overwolf
NVD GitHub
EPSS 0% CVSS 7.8
HIGH This Week

Untrusted search path vulnerability in The Installer of Overwolf 2.168.0.n and earlier allows an attacker to gain privileges and execute arbitrary code with the privilege of the user invoking the. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Overwolf
NVD
EPSS 4% CVSS 8.1
HIGH POC This Week

In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Information Disclosure Overwolf
NVD GitHub
EPSS 3% CVSS 8.8
HIGH This Week

Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, causing elevation of privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Overwolf
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy