Vulnerabilities > EA
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-27708 | Improper Privilege Management vulnerability in EA Origin A vulnerability exists in the Origin Client that could allow a non-Administrative user to elevate their access to either Administrator or System. | 7.2 |
| 2020-11-02 | CVE-2020-15914 | Cross-site Scripting vulnerability in EA Origin Client A cross-site scripting (XSS) vulnerability exists in the Origin Client for Mac and PC 10.5.86 or earlier that could allow a remote attacker to execute arbitrary Javascript in a target user’s Origin client. | 3.5 |
| 2020-02-20 | CVE-2019-19741 | Unspecified vulnerability in EA Origin 10.5.36/10.5.55.33574 Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege escalation due to arbitrary directory DACL manipulation, a different issue than CVE-2019-19247 and CVE-2019-19248. | 7.8 |
| 2019-12-27 | CVE-2013-4867 | Improper Privilege Management vulnerability in EA Karotz Smart Rabbit Firmware 12.07.19.00 Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking | 6.2 |
| 2019-12-12 | CVE-2019-19248 | Unspecified vulnerability in EA Origin 10.5.36/10.5.37/10.5.55.33574 Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 2 of 2). | 7.2 |
| 2019-12-12 | CVE-2019-19247 | Unspecified vulnerability in EA Origin Electronic Arts Origin through 10.5.x allows Elevation of Privilege (issue 1 of 2). | 7.2 |
| 2019-06-14 | CVE-2019-12828 | Data Processing Errors vulnerability in EA Origin 10.5.36/10.5.37 An issue was discovered in Electronic Arts Origin before 10.5.39. | 6.8 |
| 2019-04-19 | CVE-2019-11354 | Injection vulnerability in EA Origin 10.5.36 The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. | 6.8 |
| 2014-09-18 | CVE-2014-5921 | Cryptographic Issues vulnerability in EA Need for Speed Network 1.0.1 The Need for Speed Network (aka com.ea.nfsautolog.bv) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2010-07-02 | CVE-2010-2627 | Path Traversal vulnerability in EA Battlefield 2 and Battlefield 2142 Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL. | 6.8 |