Filtered by vendor Realnetworks
Subscribe
Total
217 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-3747 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, and RealPlayer Enterprise 2.1.2 does not properly initialize an unspecified object component during parsing of a CDDA URI, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and application crash) via a long URI. | |||||
CVE-2010-4385 | 2 Linux, Realnetworks | 3 Linux Kernel, Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via crafted frame dimensions in an SIPR stream. | |||||
CVE-2011-2955 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors related to a modal dialog. | |||||
CVE-2012-0926 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream. | |||||
CVE-2010-0416 | 1 Realnetworks | 2 Helix Player, Realplayer | 2023-12-10 | 7.5 HIGH | N/A |
Buffer overflow in the Unescape function in common/util/hxurl.cpp and player/hxclientkit/src/CHXClientSink.cpp in Helix Player 1.0.6 and RealPlayer allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a URL argument containing a % (percent) character that is not followed by two hex digits. | |||||
CVE-2010-4392 | 2 Linux, Realnetworks | 3 Linux Kernel, Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.1.2 and 2.1.3, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via crafted ImageMap data in a RealMedia file, related to certain improper integer calculations. | |||||
CVE-2012-0928 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file. | |||||
CVE-2011-1221 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML document, a different vulnerability than CVE-2011-2947. | |||||
CVE-2011-2945 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream. | |||||
CVE-2010-4386 | 2 Linux, Realnetworks | 3 Linux Kernel, Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted RealMedia video file. | |||||
CVE-2011-4257 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 9.3 HIGH | N/A |
The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data. | |||||
CVE-2011-4252 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 9.3 HIGH | N/A |
The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height. | |||||
CVE-2010-4391 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allows remote attackers to execute arbitrary code via a crafted value in an unspecified header field in an RMX file. | |||||
CVE-2011-4248 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 9.3 HIGH | N/A |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file. | |||||
CVE-2011-4259 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 9.3 HIGH | N/A |
Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file. | |||||
CVE-2011-4247 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 9.3 HIGH | N/A |
RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream. | |||||
CVE-2009-4246 | 3 Apple, Microsoft, Realnetworks | 6 Mac Os X, Windows, Helix Player and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values. | |||||
CVE-2010-4384 | 3 Apple, Linux, Realnetworks | 3 Mac Os X, Linux Kernel, Realplayer | 2023-12-10 | 9.3 HIGH | N/A |
Array index error in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer Enterprise 2.1.2, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code via a malformed Media Properties Header (aka MDPR) in a RealMedia file. | |||||
CVE-2010-4396 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local Zone by specifying a local file in a NavigateToURL action, as demonstrated by a local skin file. | |||||
CVE-2011-2954 | 1 Realnetworks | 2 Realplayer, Realplayer Sp | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors. |