FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  496547
Date:      2019-03-22
Time:      04:08:55Z
Committer: zeising

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
fe4c84fc-bdb5-11da-b7d4-00123ffe8333linux-realplayer -- heap overflow

iDefense Reports:

Remote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user.

In order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a malicious server. Once the user visits a website under the control of an attacker, it is possible in a default install of RealPlayer to force a web-browser to use RealPlayer to connect to an arbitrary server, even when it is not the default application for handling those types, by the use of embedded object tags in a webpage. This may allow automated exploitation when the page is viewed.


Discovery 2006-03-23
Entry 2006-03-27
linux-realplayer
ge 10.0.1 lt 10.0.6

CVE-2005-2922
http://service.real.com/realplayer/security/03162006_player/en/
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404
http://secunia.com/advisories/19358/
02274fd9-6bc5-11d9-8edb-000a95bc6faerealplayer -- arbitrary file deletion and other vulnerabilities

An NGSSoftware Insight Security Research Advisory reports:

Two vulnerabilities have been discovered in RealPlayer which may potentially be leveraged to allow remote code execution, or may used in combination with the Real Metadata Package File Deletion vulnerability to reliably delete files from a users system.


Discovery 2004-10-06
Entry 2005-01-21
linux-realplayer
lt 10.0.2

http://www.ngssoftware.com/advisories/real-02full.txt
http://www.ngssoftware.com/advisories/real-03full.txt
http://service.real.com/help/faq/security/040928_player/EN/
25858c37-bdab-11da-b7d4-00123ffe8333linux-realplayer -- buffer overrun

Secunia Advisories Reports:

A boundary error when processing SWF files can be exploited to cause a buffer overflow. This may allow execution of arbitrary code on the user's system.


Discovery 2006-03-23
Entry 2006-03-27
linux-realplayer
ge 10.0.1 lt 10.0.7.785.20060201

CVE-2006-0323
http://service.real.com/realplayer/security/03162006_player/en/
http://secunia.com/advisories/19358/
fe4c84fc-bdb5-11da-b7d4-00123ffe8333linux-realplayer -- heap overflow

iDefense Reports:

Remote exploitation of a heap-based buffer overflow in RealNetwork Inc's RealPlayer could allow the execution of arbitrary code in the context of the currently logged in user.

In order to exploit this vulnerability, an attacker would need to entice a user to follow a link to a malicious server. Once the user visits a website under the control of an attacker, it is possible in a default install of RealPlayer to force a web-browser to use RealPlayer to connect to an arbitrary server, even when it is not the default application for handling those types, by the use of embedded object tags in a webpage. This may allow automated exploitation when the page is viewed.


Discovery 2006-03-23
Entry 2006-03-27
linux-realplayer
ge 10.0.1 lt 10.0.6

CVE-2005-2922
http://service.real.com/realplayer/security/03162006_player/en/
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=404
http://secunia.com/advisories/19358/
95ee96f2-e488-11d9-bf22-080020c11455linux-realplayer -- RealText parsing heap overflow

An iDEFENSE Security Advisory reports:

Remote exploitation of a heap-based buffer overflow vulnerability in the RealText file format parser within various versions of RealNetworks Inc.'s RealPlayer could allow attackers to execute arbitrary code.


Discovery 2005-06-23
Entry 2005-06-24
linux-realplayer
le 10.0.4_1

CVE-2005-1277
http://www.idefense.com/application/poi/display?id=250&type=vulnerabilities&flashstatus=false
http://service.real.com/help/faq/security/050623_player/EN/
25858c37-bdab-11da-b7d4-00123ffe8333linux-realplayer -- buffer overrun

Secunia Advisories Reports:

A boundary error when processing SWF files can be exploited to cause a buffer overflow. This may allow execution of arbitrary code on the user's system.


Discovery 2006-03-23
Entry 2006-03-27
linux-realplayer
ge 10.0.1 lt 10.0.7.785.20060201

CVE-2006-0323
http://service.real.com/realplayer/security/03162006_player/en/
http://secunia.com/advisories/19358/
c73305ae-8cd7-11d9-9873-000a95bc6faerealplayer -- remote heap overflow

Two exploits have been identified in the Linux RealPlayer client. RealNetworks states:

RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously.

The specific exploits were:

  • Exploit 1: To fashion a malicious WAV file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.
  • Exploit 2: To fashion a malicious SMIL file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.

Discovery 2005-03-01
Entry 2005-03-04
linux-realplayer
le 10.0.2

CVE-2005-0611
http://marc.theaimsgroup.com/?l=vulnwatch&m=110977858619314
http://service.real.com/help/faq/security/050224_player/EN/
95ee96f2-e488-11d9-bf22-080020c11455linux-realplayer -- RealText parsing heap overflow

An iDEFENSE Security Advisory reports:

Remote exploitation of a heap-based buffer overflow vulnerability in the RealText file format parser within various versions of RealNetworks Inc.'s RealPlayer could allow attackers to execute arbitrary code.


Discovery 2005-06-23
Entry 2005-06-24
linux-realplayer
le 10.0.4_1

CVE-2005-1277
http://www.idefense.com/application/poi/display?id=250&type=vulnerabilities&flashstatus=false
http://service.real.com/help/faq/security/050623_player/EN/
02274fd9-6bc5-11d9-8edb-000a95bc6faerealplayer -- arbitrary file deletion and other vulnerabilities

An NGSSoftware Insight Security Research Advisory reports:

Two vulnerabilities have been discovered in RealPlayer which may potentially be leveraged to allow remote code execution, or may used in combination with the Real Metadata Package File Deletion vulnerability to reliably delete files from a users system.


Discovery 2004-10-06
Entry 2005-01-21
linux-realplayer
lt 10.0.2

http://www.ngssoftware.com/advisories/real-02full.txt
http://www.ngssoftware.com/advisories/real-03full.txt
http://service.real.com/help/faq/security/040928_player/EN/
c73305ae-8cd7-11d9-9873-000a95bc6faerealplayer -- remote heap overflow

Two exploits have been identified in the Linux RealPlayer client. RealNetworks states:

RealNetworks, Inc. has addressed recently discovered security vulnerabilities that offered the potential for an attacker to run arbitrary or malicious code on a customer's machine. RealNetworks has received no reports of machines compromised as a result of the now-remedied vulnerabilities. RealNetworks takes all security vulnerabilities very seriously.

The specific exploits were:

  • Exploit 1: To fashion a malicious WAV file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.
  • Exploit 2: To fashion a malicious SMIL file to cause a buffer overflow which could have allowed an attacker to execute arbitrary code on a customer's machine.

Discovery 2005-03-01
Entry 2005-03-04
linux-realplayer
le 10.0.2

CVE-2005-0611
http://marc.theaimsgroup.com/?l=vulnwatch&m=110977858619314
http://service.real.com/help/faq/security/050224_player/EN/