Filtered by vendor Realnetworks
Subscribe
Total
217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1766 | 1 Realnetworks | 1 Realplayer | 2025-04-03 | 5.1 MEDIUM | N/A |
| Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 6.0.12.1056 on Windows, and 10, 10.0.1.436, and other versions before 10.0.5 on Linux, allows remote attackers to execute arbitrary code via a RealMedia file with a long RealText string, such as an SMIL file. | |||||
| CVE-2004-0273 | 1 Realnetworks | 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player | 2025-04-03 | 9.3 HIGH | N/A |
| Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file. | |||||
| CVE-2002-1321 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | 7.5 HIGH | N/A |
| Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename. | |||||
| CVE-1999-1045 | 1 Realnetworks | 1 Realserver | 2025-04-03 | 7.8 HIGH | N/A |
| pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request. | |||||
| CVE-2004-1416 | 2 Microsoft, Realnetworks | 2 Internet Explorer, Realone Player | 2025-04-03 | 5.1 MEDIUM | N/A |
| pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted embed tag. | |||||
| CVE-2000-0001 | 1 Realnetworks | 1 Realserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| RealMedia server allows remote attackers to cause a denial of service via a long ramgen request. | |||||
| CVE-2002-1015 | 1 Realnetworks | 3 Realjukebox 2, Realjukebox 2 Plus, Realone Player | 2025-04-03 | 7.5 HIGH | N/A |
| RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers. | |||||
| CVE-2000-1181 | 1 Realnetworks | 1 Realserver | 2025-04-03 | 5.0 MEDIUM | N/A |
| Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL. | |||||
| CVE-2003-0726 | 1 Realnetworks | 3 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player | 2025-04-03 | 5.1 MEDIUM | N/A |
| RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag. | |||||
| CVE-2003-0141 | 1 Realnetworks | 3 Realone Enterprise Desktop, Realone Player, Realplayer | 2025-04-03 | 5.1 MEDIUM | N/A |
| The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length. | |||||
| CVE-2005-0347 | 1 Realnetworks | 1 Realarcade | 2025-04-03 | 5.1 MEDIUM | N/A |
| Integer overflow in RealArcade 1.2.0.994 and earlier allows remote attackers to execute arbitrary code via an RGS file with an invalid size string for the GUID and game name, which leads to a buffer overflow. | |||||
| CVE-2005-4126 | 1 Realnetworks | 1 Realplayer | 2025-04-03 | 7.5 HIGH | N/A |
| ** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows attackers to execute arbitrary code. NOTE: the information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED. | |||||
| CVE-2022-32291 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. | |||||
| CVE-2022-32271 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files. | |||||
| CVE-2022-32270 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). | |||||
| CVE-2022-32269 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution. | |||||
| CVE-2018-13121 | 1 Realnetworks | 1 Realone Player | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| RealOne Player 2.0 Build 6.0.11.872 allows remote attackers to cause a denial of service (array out-of-bounds access and application crash) via a crafted .aiff file. | |||||