Total
171 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0189 | 1 Realnetworks | 2 Realone Player, Realplayer | 2023-12-10 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument. | |||||
| CVE-2005-0192 | 1 Realnetworks | 2 Realone Player, Realplayer | 2023-12-10 | 2.6 LOW | N/A |
| Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename. | |||||
| CVE-2004-0550 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 7.5 HIGH | N/A |
| Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters. | |||||
| CVE-2004-1798 | 1 Realnetworks | 3 Realone Enterprise Desktop, Realone Player, Realplayer | 2023-12-10 | 5.1 MEDIUM | N/A |
| RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726. | |||||
| CVE-2000-0280 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 2.6 LOW | N/A |
| Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 allows remote attackers to cause a denial of service via a long Location URL. | |||||
| CVE-2002-0415 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 1.7 LOW | N/A |
| Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a .. (dot dot) in an HTTP GET request to port 1275. | |||||
| CVE-2004-0387 | 1 Realnetworks | 2 Realone Player, Realplayer | 2023-12-10 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file. | |||||
| CVE-2002-1321 | 1 Realnetworks | 2 Realone Player, Realplayer | 2023-12-10 | 7.5 HIGH | N/A |
| Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename. | |||||
| CVE-2002-0337 | 1 Realnetworks | 1 Realplayer | 2023-12-10 | 5.4 MEDIUM | N/A |
| RealPlayer 8 allows remote attackers to cause a denial of service (CPU utilization) via malformed .mp3 files. | |||||
| CVE-2003-0141 | 1 Realnetworks | 3 Realone Enterprise Desktop, Realone Player, Realplayer | 2023-12-10 | 5.1 MEDIUM | N/A |
| The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length. | |||||
| CVE-2005-0190 | 1 Realnetworks | 2 Realone Player, Realplayer | 2023-12-10 | 2.6 LOW | N/A |
| Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension. | |||||