Vulnerabilities > Realnetworks > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-06-03 CVE-2022-32269 Cross-site Scripting vulnerability in Realnetworks Realplayer 20.0.8.310
In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core).
network
low complexity
realnetworks CWE-79
critical
 9.8
9.8
2022-06-03 CVE-2022-32270 Path Traversal vulnerability in Realnetworks Realplayer 20.0.7.309/20.0.8.310
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file types and Directory Traversal, leading to Remote Code Execution.
network
low complexity
realnetworks CWE-22
critical
 9.8
9.8
2022-06-03 CVE-2022-32271 Cross-site Scripting vulnerability in Realnetworks Realplayer 20.0.8.310
In Real Player 20.0.8.310, there is a DCP:// URI Remote Arbitrary Code Execution Vulnerability.
network
low complexity
realnetworks CWE-79
critical
 9.6
9.6