VYPR

Vendor CVEs

RealNetworks

All CVEs

217 total · sorted by risk
  • CVE-2012-1984Apr 17, 2012
    risk 0.00cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2012-0942Apr 17, 2012
    risk 0.00cvss epss 0.04

    Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to execute arbitrary code via crafted authentication credentials.

  • CVE-2012-0928Feb 8, 2012
    risk 0.00cvss epss 0.04

    The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a crafted ATRAC audio file.

  • CVE-2012-0927Feb 8, 2012
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving the coded_frame_size value in a RealAudio audio stream.

  • CVE-2012-0926Feb 8, 2012
    risk 0.00cvss epss 0.04

    The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle height and width values, which allows remote attackers to execute arbitrary code via a crafted RV10 RealVideo video stream.

  • CVE-2012-0925Feb 8, 2012
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted RV40 RealVideo video stream.

  • CVE-2012-0924Feb 8, 2012
    risk 0.00cvss epss 0.04

    RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via vectors involving a VIDOBJ_START_CODE code in a header within a video stream.

  • CVE-2012-0923Feb 8, 2012
    risk 0.00cvss epss 0.05

    The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, does not properly handle the frame size array, which allows remote attackers to execute arbitrary code via a crafted RV20 RealVideo video stream.

  • CVE-2012-0922Feb 8, 2012
    risk 0.00cvss epss 0.05

    rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via crafted flags in an RMFF file.

  • CVE-2011-4262Nov 24, 2011
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted MP4 file.

  • CVE-2011-4261Nov 24, 2011
    risk 0.00cvss epss 0.03

    RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted video dimensions in an MP4 file.

  • CVE-2011-4260Nov 24, 2011
    risk 0.00cvss epss 0.03

    RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed header in an MP4 file.

  • CVE-2011-4259Nov 24, 2011
    risk 0.00cvss epss 0.03

    Integer underflow in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted width value in an MPG file.

  • CVE-2011-4258Nov 24, 2011
    risk 0.00cvss epss 0.04

    RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted length of an MLTI chunk in an IVR file.

  • CVE-2011-4257Nov 24, 2011
    risk 0.00cvss epss 0.03

    The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via crafted channel data.

  • CVE-2011-4256Nov 24, 2011
    risk 0.00cvss epss 0.04

    The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 does not initialize an unspecified index value, which allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2011-4255Nov 24, 2011
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via an invalid codec name.

  • CVE-2011-4254Nov 24, 2011
    risk 0.00cvss epss 0.04

    RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted RTSP SETUP request.

  • CVE-2011-4253Nov 24, 2011
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2011-4252Nov 24, 2011
    risk 0.00cvss epss 0.04

    The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via a crafted sample height.

  • CVE-2011-4251Nov 24, 2011
    risk 0.00cvss epss 0.03

    RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted sample size in a RealAudio file.

  • CVE-2011-4250Nov 24, 2011
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2011-4249Nov 24, 2011
    risk 0.00cvss epss 0.03

    Array index error in the RV30 codec in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2011-4248Nov 24, 2011
    risk 0.00cvss epss 0.04

    RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a malformed AAC file.

  • CVE-2011-4247Nov 24, 2011
    risk 0.00cvss epss 0.03

    RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via a crafted QCELP stream.

  • CVE-2011-4246Nov 24, 2011
    risk 0.00cvss epss 0.04

    The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

  • CVE-2011-4245Nov 24, 2011
    risk 0.00cvss epss 0.04

    The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and Mac RealPlayer before 12.0.0.1703 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

  • CVE-2011-4244Nov 24, 2011
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in the RealVideo renderer in RealNetworks RealPlayer before 15.0.0 allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2011-1221Oct 4, 2011
    risk 0.00cvss epss 0.01

    Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to inject arbitrary web script or…

  • CVE-2011-2955Aug 18, 2011
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via vectors…

  • CVE-2011-2954Aug 18, 2011
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in the AutoUpdate feature in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5, when an Embedded RealPlayer is used, allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2011-2953Aug 18, 2011
    risk 0.00cvss epss 0.03

    An unspecified ActiveX control in the browser plugin in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors,…

  • CVE-2011-2952Aug 18, 2011
    risk 0.00cvss epss 0.04

    Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via vectors related to a dialog box.

  • CVE-2011-2951Aug 18, 2011
    risk 0.00cvss epss 0.05

    Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.0.0.1569 allows remote attackers to execute arbitrary code via a crafted raw_data_frame field in an AAC file.

  • CVE-2011-2949Aug 18, 2011
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via crafted ID3v2 tags in an MP3 file.

  • CVE-2011-2948Aug 18, 2011
    risk 0.00cvss epss 0.04

    RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, RealPlayer Enterprise 2.0 through 2.1.5, and Mac RealPlayer 12.0.0.1569 do not properly handle DEFINEFONT fields in SWF files, which allows remote attackers to execute arbitrary…

  • CVE-2011-2947Aug 18, 2011
    risk 0.00cvss epss 0.01

    Cross-zone scripting vulnerability in the RealPlayer ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to inject arbitrary web script or HTML in the Local Zone via a local HTML…

  • CVE-2011-2946Aug 18, 2011
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in an ActiveX control in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.0 through 2.1.5 allows remote attackers to execute arbitrary code via unknown vectors.

  • CVE-2011-2945Aug 18, 2011
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a crafted SIPR stream.

  • CVE-2011-1426Apr 18, 2011
    risk 0.00cvss epss 0.05

    The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.2, and RealPlayer SP 1.0 through 1.1.5, launches a default handler for the filename specified in the first argument, which allows remote attackers to execute arbitrary code…

  • CVE-2010-4596Apr 4, 2011
    risk 0.00cvss epss 0.05

    Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request.

  • CVE-2010-4235Apr 4, 2011
    risk 0.00cvss epss 0.04

    Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.

  • CVE-2010-4397Dec 14, 2010
    risk 0.00cvss epss 0.06

    Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code via a crafted TIT2 atom in an AAC file.

  • CVE-2010-4396Dec 14, 2010
    risk 0.00cvss epss 0.01

    Cross-zone scripting vulnerability in the HandleAction method in a certain ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 allows remote attackers to inject arbitrary web script or HTML in the Local…

  • CVE-2010-4394Dec 14, 2010
    risk 0.00cvss epss 0.04

    Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.5 allows remote web servers to execute arbitrary code via a long Server header in a response to an HTTP request that occurs during parsing of a RealPix file.

  • CVE-2010-4390Dec 14, 2010
    risk 0.00cvss epss 0.03

    Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and Linux RealPlayer 11.0.2.1744 allow remote attackers to have an unspecified impact via a crafted header in an IVR file.

  • CVE-2010-4388Dec 14, 2010
    risk 0.00cvss epss 0.01

    The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.5, and RealPlayer Enterprise 2.1.2 and 2.1.3 allow remote attackers to inject code into the RealOneActiveXObject process, and…

  • CVE-2010-4387Dec 14, 2010
    risk 0.00cvss epss 0.04

    The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Mac RealPlayer 11.0 through 12.0.0.1444, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption)…

  • CVE-2010-4386Dec 14, 2010
    risk 0.00cvss epss 0.04

    RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted…

  • CVE-2010-4385Dec 14, 2010
    risk 0.00cvss epss 0.03

    Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.1.4, RealPlayer Enterprise 2.1.2, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to have an unspecified impact via crafted frame…