Filtered by vendor Sony
Subscribe
Total
62 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-5981 | 1 Sony | 1 Vaio Update | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors. | |||||
CVE-2018-16595 | 1 Sony | 105 Kd-43xe7000, Kd-43xe7002, Kd-43xe7003 and 102 more | 2024-02-28 | 3.3 LOW | 6.5 MEDIUM |
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices has a Buffer Overflow. | |||||
CVE-2018-16594 | 1 Sony | 105 Kd-43xe7000, Kd-43xe7002, Kd-43xe7003 and 102 more | 2024-02-28 | 4.8 MEDIUM | 8.1 HIGH |
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal. | |||||
CVE-2018-14983 | 1 Sony | 2 Xperia L1, Xperia L1 Firmware | 2024-02-28 | 2.1 LOW | 5.5 MEDIUM |
The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by Sony or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage. The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device. | |||||
CVE-2019-11336 | 1 Sony | 89 Kdl-50w800c, Kdl-50w805c, Kdl-50w807c and 86 more | 2024-02-28 | 4.3 MEDIUM | 8.1 HIGH |
Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886. | |||||
CVE-2018-3937 | 1 Sony | 28 Snc-eb600, Snc-eb600 Firmware, Snc-eb600b and 25 more | 2024-02-28 | 6.5 MEDIUM | 7.2 HIGH |
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2018-3938 | 1 Sony | 28 Snc-eb600, Snc-eb600 Firmware, Snc-eb600b and 25 more | 2024-02-28 | 7.5 HIGH | 10.0 CRITICAL |
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability. | |||||
CVE-2018-0690 | 1 Sony | 1 Music Center For Pc | 2024-02-28 | 5.1 MEDIUM | 7.5 HIGH |
An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files. | |||||
CVE-2018-0656 | 1 Sony | 1 Digital Paper App | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2018-0600 | 2 Microsoft, Sony | 2 Windows, Playmemories Home | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10892 | 1 Sony | 1 Music Center | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-17010 | 1 Sony | 1 Content Manager Assistant | 2024-02-28 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10909 | 1 Sony | 1 Music Center | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2276 | 1 Sony | 2 Wg-c10, Wg-c10 Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. | |||||
CVE-2016-7830 | 1 Sony | 10 Pcs-xc1, Pcs-xc1 Firmware, Pcs-xg100 and 7 more | 2024-02-28 | 5.8 MEDIUM | 8.8 HIGH |
Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. | |||||
CVE-2017-10891 | 1 Sony | 1 Media Go | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2287 | 1 Sony | 1 Nfc Port Software Remover | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2275 | 1 Sony | 2 Wg-c10, Wg-c10 Firmware | 2024-02-28 | 9.0 HIGH | 7.2 HIGH |
WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2017-2286 | 1 Sony | 12 Nfc Net Installer, Nfc Port Firmware, Pc\/sc Activator For Type B and 9 more | 2024-02-28 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2277 | 1 Sony | 2 Wg-c10, Wg-c10 Firmware | 2024-02-28 | 7.5 HIGH | 9.1 CRITICAL |
WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. |