VYPR

Reborn Hero Designer

by Mids

CVEs (2)

  • CVE-2020-11614HigJun 11, 2020
    risk 0.53cvss 8.1epss 0.00

    Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this…

  • CVE-2020-11613HigJun 11, 2020
    risk 0.51cvss 7.8epss 0.00

    Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on…