Vulnerabilities > Realnetworks > Realplayer
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-05 | CVE-2022-32291 | Unspecified vulnerability in Realnetworks Realplayer In Real Player through 20.1.0.312, attackers can execute arbitrary code by placing a UNC share pathname (for a DLL file) in a RAM file. network realnetworks | 6.8 |
| 2022-06-03 | CVE-2022-32269 | Cross-site Scripting vulnerability in Realnetworks Realplayer 20.0.8.310 In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). | 9.8 |
| 2022-06-03 | CVE-2022-32270 | Path Traversal vulnerability in Realnetworks Realplayer 20.0.7.309/20.0.8.310 In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution. | 7.5 |
| 2022-06-03 | CVE-2022-32271 | Cross-site Scripting vulnerability in Realnetworks Realplayer 20.0.8.310 In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability. | 6.8 |
| 2017-05-29 | CVE-2017-9302 | Divide By Zero vulnerability in Realnetworks Realplayer 16.0.2.32 RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file. | 4.3 |
| 2016-10-28 | CVE-2016-9018 | NULL Pointer Dereference vulnerability in Realnetworks Realplayer 18.1.5.705 Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file. | 4.3 |
| 2014-07-07 | CVE-2014-3113 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file. | 9.3 |
| 2014-05-20 | CVE-2014-3444 | Code Injection vulnerability in Realnetworks Realplayer The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer 16.0.3.51 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (write access violation and application crash) via a malformed .3gp file. | 9.3 |
| 2014-01-03 | CVE-2013-7260 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks Realplayer Multiple stack-based buffer overflows in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allow remote attackers to execute arbitrary code via a long (1) version number or (2) encoding declaration in the XML declaration of an RMP file, a different issue than CVE-2013-6877. | 7.5 |
| 2013-12-19 | CVE-2013-6877 | Buffer Errors vulnerability in Realnetworks Realplayer 16.0.2.32/16.0.3.51 Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 on Windows, and Mac RealPlayer before 12.0.1.1738, allows remote attackers to execute arbitrary code via a long string in the TRACKID element of an RMP file, a different vulnerability than CVE-2013-7260. | 9.3 |