VYPR
Vendor

Ea

Products
5
CVEs
7
Across products
8
Status
Private

Products

5

Recent CVEs

7
  • CVE-2020-27708HigNov 2, 2020
    risk 0.51cvss 7.8epss 0.01

    A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. Once the user has obtained elevated access, they may be able to take control of the system and perform actions otherwise reserved for…

  • CVE-2020-15914MedNov 2, 2020
    risk 0.35cvss 5.4epss 0.01

    A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. An attacker could use this vulnerability to access sensitive data…

  • CVE-2008-6712Apr 10, 2009
    risk 0.04cvss epss 0.07

    The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference.

  • CVE-2010-2627Jul 2, 2010
    risk 0.03cvss epss 0.04

    Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash)…

  • CVE-2008-6737Apr 21, 2009
    risk 0.03cvss epss 0.03

    Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.

  • CVE-2008-1127Mar 3, 2008
    risk 0.03cvss epss 0.03

    Format string vulnerability in the cryactio function in Crysis 1.1.1.5879 allows remote authenticated users to execute arbitrary code via format string specifiers in the user name, which is triggered when the game character is killed.

  • CVE-2014-5921Sep 18, 2014
    risk 0.00cvss epss 0.00

    The Need for Speed Network (aka com.ea.nfsautolog.bv) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.