Vulnerabilities > EA > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-12-27 | CVE-2013-4867 | Improper Privilege Management vulnerability in EA Karotz Smart Rabbit Firmware 12.07.19.00 Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking | 6.2 |
| 2019-06-14 | CVE-2019-12828 | Data Processing Errors vulnerability in EA Origin 10.5.36/10.5.37 An issue was discovered in Electronic Arts Origin before 10.5.39. | 6.8 |
| 2019-04-19 | CVE-2019-11354 | Injection vulnerability in EA Origin 10.5.36 The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. | 6.8 |
| 2014-09-18 | CVE-2014-5921 | Cryptographic Issues vulnerability in EA Need for Speed Network 1.0.1 The Need for Speed Network (aka com.ea.nfsautolog.bv) application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | 5.4 |
| 2010-07-02 | CVE-2010-2627 | Path Traversal vulnerability in EA Battlefield 2 and Battlefield 2142 Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers to overwrite arbitrary files on the client via "..\" (dot dot backslash) sequences in URLs for the (1) sponsor or (2) community logos, and other URLs related to (3) DemoDownloadURL, (4) DemoIndexURL and (5) CustomMapsURL. | 6.8 |
| 2009-04-10 | CVE-2008-6712 | Remote Denial of Service vulnerability in EA Crysis 1.1/1.2 The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and earlier allows remote attackers to cause a denial of service (crash) via a long HTTP request, which triggers a NULL pointer dereference. | 5.0 |