Nero
Products
8- 4 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-63680 | Hig | 0.56 | 8.6 | 0.00 | Nov 14, 2025 | Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder… | ||
| CVE-2017-15383 | Hig | 0.51 | 7.8 | 0.00 | Oct 16, 2017 | Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory. | ||
| CVE-2012-5877 | 0.04 | — | 0.08 | May 30, 2014 | Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name. | |||
| CVE-2008-0619 | 0.04 | — | 0.11 | Feb 6, 2008 | Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file. | |||
| CVE-2012-5876 | 0.03 | — | 0.04 | May 30, 2014 | Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer… | |||
| CVE-2008-7079 | 0.03 | — | 0.06 | Aug 25, 2009 | Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619. | |||
| CVE-2008-1905 | 0.00 | — | 0.02 | Apr 22, 2008 | NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322. | |||
| CVE-2007-2322 | 0.00 | — | 0.05 | Apr 27, 2007 | NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are… | |||
| CVE-2005-3484 | 0.00 | — | 0.02 | Nov 3, 2005 | Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via ".." and hex-encoded (1) slash "/" ("%2f") or (2) backslash "\" ("%5c") sequences. |
- risk 0.56cvss 8.6epss 0.00
Nero BackItUp in the Nero Productline is vulnerable to a path parsing/UI rendering flaw (CWE-22) that, in combination with Windows ShellExecuteW fallback extension resolution, leads to arbitrary code execution when a user clicks a crafted entry. By creating a trailing-dot folder…
- risk 0.51cvss 7.8epss 0.00
Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, exploitable via a Trojan horse Nero.exe file in the %PROGRAMFILES(x86)%\Nero directory.
- CVE-2012-5877May 30, 2014risk 0.04cvss —epss 0.08
Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name.
- CVE-2008-0619Feb 6, 2008risk 0.04cvss —epss 0.11
Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file.
- CVE-2012-5876May 30, 2014risk 0.03cvss —epss 0.04
Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer…
- CVE-2008-7079Aug 25, 2009risk 0.03cvss —epss 0.06
Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619.
- CVE-2008-1905Apr 22, 2008risk 0.00cvss —epss 0.02
NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in Nero 8.3.2.1 and earlier, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long HTTP request to TCP port 54444, a different vector than CVE-2007-2322.
- CVE-2007-2322Apr 27, 2007risk 0.00cvss —epss 0.05
NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows remote attackers to cause a denial of service (NULL dereference and application crash) via a crafted packet that contains two CRLF sequences. NOTE: the provenance of this information is unknown; the details are…
- CVE-2005-3484Nov 3, 2005risk 0.00cvss —epss 0.02
Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via ".." and hex-encoded (1) slash "/" ("%2f") or (2) backslash "\" ("%5c") sequences.