Vulnerabilities (CVE)

Filtered by vendor Mids\' Reborn Hero Designer Project Subscribe
Filtered by product Mids\' Reborn Hero Designer
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11614 1 Mids\' Reborn Hero Designer Project 1 Mids\' Reborn Hero Designer 2024-11-21 6.8 MEDIUM 8.1 HIGH
Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer.
CVE-2020-11613 1 Mids\' Reborn Hero Designer Project 1 Mids\' Reborn Hero Designer 2024-11-21 4.4 MEDIUM 7.8 HIGH
Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulnerability due to default and insecure permissions being set for the installation folder. By default, the Authenticated Users group has Modify permissions to the installation folder. Because of this, any user on the system can replace binaries or plant malicious DLLs to obtain elevated, or different, privileges, depending on the context of the user that runs the application.