Filtered by vendor Realnetworks
Subscriptions
Filtered by product Realplayer
Subscriptions
Total
171 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1321 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | N/A |
| Multiple buffer overflows in RealOne and RealPlayer allow remote attackers to execute arbitrary code via (1) a Synchronized Multimedia Integration Language (SMIL) file with a long parameter, (2) a long long filename in a rtsp:// request, e.g. from a .m3u file, or (3) certain "Now Playing" options on a downloaded file with a long filename. | ||||
| CVE-2005-2052 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | N/A |
| Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value. | ||||
| CVE-2005-0191 | 2 Realnetworks, Redhat | 3 Realone Player, Realplayer, Rhel Extras | 2025-04-03 | N/A |
| Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag. | ||||
| CVE-2005-0189 | 2 Realnetworks, Redhat | 3 Realone Player, Realplayer, Rhel Extras | 2025-04-03 | N/A |
| Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument. | ||||
| CVE-2005-0192 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | N/A |
| Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename. | ||||
| CVE-2005-0190 | 1 Realnetworks | 2 Realone Player, Realplayer | 2025-04-03 | N/A |
| Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension. | ||||
| CVE-2005-0755 | 2 Realnetworks, Redhat | 5 Helix Player, Realone Player, Realplayer and 2 more | 2025-04-03 | N/A |
| Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player before 10.0.4, and RealOne Player v1 and v2 allows remote attackers to execute arbitrary code via a long hostname in a RAM file. | ||||
| CVE-2022-32291 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 8.8 High |
| In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. | ||||
| CVE-2022-32271 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.6 Critical |
| In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. This is an internal URL Protocol used by Real Player to reference a file that contains an URL. It is possible to inject script code to arbitrary domains. It is also possible to reference arbitrary local files. | ||||
| CVE-2022-32270 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.8 Critical |
| In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. This occurs because it is possible to plant executables in the startup folder (DLL planting could also occur). | ||||
| CVE-2022-32269 | 1 Realnetworks | 1 Realplayer | 2024-11-21 | 9.8 Critical |
| In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution. | ||||