Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
windows media player vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2019-5859
Insufficient filtering in URI schemes in Google Chrome on Windows before 76.0.3809.87 allowed a remote malicious user to bypass navigation restrictions via a crafted HTML page.
Google Chrome
8.8
CVSSv3
CVE-2019-5806
Integer overflow in ANGLE in Google Chrome on Windows before 74.0.3729.108 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.
Google Chrome
Opensuse Leap 42.3
Debian Debian Linux 10.0
Opensuse Leap 15.0
Fedoraproject Fedora 29
Fedoraproject Fedora 30
Opensuse Backports Sle-15
Opensuse Leap 15.1
8
CVSSv3
CVE-2018-11529
VideoLAN VLC media player 2.2.x is prone to a use after free vulnerability which an attacker can leverage to execute arbitrary code via crafted MKV files. Failed exploit attempts will likely result in denial of service conditions.
Debian Debian Linux 9.0
Videolan Vlc Media Player
1 EDB exploit
1 Article
7.8
CVSSv3
CVE-2023-46814
A binary hijacking vulnerability exists within the VideoLAN VLC media player prior to 3.0.19 on Windows. The uninstaller attempts to execute code with elevated privileges out of a standard user writable location. Standard users may use this to gain arbitrary code execution as SYS...
Videolan Vlc Media Player
7.8
CVSSv3
CVE-2023-21802
Windows Media Remote Code Execution Vulnerability
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2016 -
Microsoft Windows Server 2008 -
Microsoft Windows Server 2012 -
Microsoft Windows Server 2019 -
Microsoft Windows Server 2022 -
Microsoft Windows 10 1809
Microsoft Windows 10 20h2
Microsoft Windows 11 21h2
Microsoft Windows 10 21h2
Microsoft Windows 11 22h2
Microsoft Windows 10 22h2
Microsoft Windows 10 1607
Microsoft Windows 10
7.8
CVSSv3
CVE-2019-18278
When executing VideoLAN VLC media player 3.0.8 with libqt on Windows, Data from a Faulting Address controls Code Flow starting at libqt_plugin!vlc_entry_license__3_0_0f+0x00000000003b9aba. NOTE: the VideoLAN security team indicates that they have not been contacted, and have no w...
Videolan Vlc Media Player 3.0.8
7.8
CVSSv3
CVE-2002-1844
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges.
Microsoft Windows Media Player 6.3
7.5
CVSSv3
CVE-2017-3730
In OpenSSL 1.1.0 prior to 1.1.0d, if a malicious server supplies bad parameters for a DHE or ECDHE key exchange then this can result in the client attempting to dereference a NULL pointer leading to a client crash. This could be exploited in a Denial of Service attack.
Openssl Openssl 1.1.0c
Openssl Openssl 1.1.0
Openssl Openssl 1.1.0b
Openssl Openssl 1.1.0a
Oracle Agile Engineering Data Management 6.2.0
Oracle Jd Edwards World Security A9.2
Oracle Communications Eagle Lnp Application Processor 10.1
Oracle Communications Application Session Controller 3.7.1
Oracle Jd Edwards World Security A9.4
Oracle Jd Edwards Enterpriseone Tools 9.2
Oracle Communications Operations Monitor 3.4
Oracle Communications Operations Monitor 4.0
Oracle Agile Engineering Data Management 6.1.3
Oracle Jd Edwards World Security A9.1
Oracle Jd Edwards World Security A9.3
Oracle Communications Eagle Lnp Application Processor 10.0
Oracle Communications Eagle Lnp Application Processor 10.2
Oracle Communications Application Session Controller 3.8.0
1 EDB exploit
1 Github repository
1 Article
7.5
CVSSv3
CVE-2017-3733
During a renegotiation handshake if the Encrypt-Then-Mac extension is negotiated where it was not in the original handshake (or vice-versa) then this can cause OpenSSL 1.1.0 prior to 1.1.0e to crash (dependent on ciphersuite). Both clients and servers are affected.
Openssl Openssl 1.1.0
Openssl Openssl 1.1.0c
Openssl Openssl 1.1.0d
Openssl Openssl 1.1.0a
Openssl Openssl 1.1.0b
Hp Operations Agent 11.15
Hp Operations Agent 11.14
1 Github repository
7.5
CVSSv3
CVE-2016-2180
The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 Public Key Infrastructure Time-Stamp Protocol (TSP) implementation in OpenSSL up to and including 1.0.2h allows remote malicious users to cause a denial of service (out-of-bounds read and application crash) via a cr...
Openssl Openssl 1.0.1m
Openssl Openssl 1.0.2a
Openssl Openssl 1.0.1j
Openssl Openssl 1.0.1h
Openssl Openssl 1.0.2e
Openssl Openssl 1.0.1r
Openssl Openssl 1.0.2b
Openssl Openssl 1.0.1c
Openssl Openssl 1.0.1g
Openssl Openssl 1.0.2g
Openssl Openssl 1.0.1a
Openssl Openssl 1.0.2h
Openssl Openssl 1.0.1d
Openssl Openssl 1.0.1t
Openssl Openssl 1.0.2c
Openssl Openssl 1.0.1p
Openssl Openssl 1.0.1k
Openssl Openssl 1.0.1b
Openssl Openssl 1.0.1n
Openssl Openssl 1.0.1q
Openssl Openssl 1.0.1e
Openssl Openssl 1.0.1l
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »