Filtered by vendor Sony
Subscribe
Total
61 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-5982 | 1 Sony | 1 Vaio Update | 2024-02-04 | 5.4 MEDIUM | 7.5 HIGH |
Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed. | |||||
CVE-2019-12762 | 6 Fujitsu, Google, Samsung and 3 more | 16 Arrows Nx F05-f, Arrows Nx F05-f Firmware, Nexus 7 and 13 more | 2024-02-04 | 1.9 LOW | 4.2 MEDIUM |
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. | |||||
CVE-2018-14983 | 1 Sony | 2 Xperia L1, Xperia L1 Firmware | 2024-02-04 | 2.1 LOW | 5.5 MEDIUM |
The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by Sony or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage. The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device. | |||||
CVE-2019-11889 | 1 Sony | 2 Bravia, Bravia Firmware | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV. | |||||
CVE-2018-3937 | 1 Sony | 28 Snc-eb600, Snc-eb600 Firmware, Snc-eb600b and 25 more | 2024-02-04 | 6.5 MEDIUM | 7.2 HIGH |
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability. | |||||
CVE-2018-0690 | 1 Sony | 1 Music Center For Pc | 2024-02-04 | 5.1 MEDIUM | 7.5 HIGH |
An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files. | |||||
CVE-2018-0656 | 1 Sony | 1 Digital Paper App | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2018-3938 | 1 Sony | 28 Snc-eb600, Snc-eb600 Firmware, Snc-eb600b and 25 more | 2024-02-04 | 7.5 HIGH | 10.0 CRITICAL |
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability. | |||||
CVE-2018-0600 | 2 Microsoft, Sony | 2 Windows, Playmemories Home | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10909 | 1 Sony | 1 Music Center | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-10892 | 1 Sony | 1 Music Center | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2277 | 1 Sony | 2 Wg-c10, Wg-c10 Firmware | 2024-02-04 | 7.5 HIGH | 9.1 CRITICAL |
WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. | |||||
CVE-2017-2287 | 1 Sony | 1 Nfc Port Software Remover | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2275 | 1 Sony | 2 Wg-c10, Wg-c10 Firmware | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. | |||||
CVE-2017-2286 | 1 Sony | 12 Nfc Net Installer, Nfc Port Firmware, Pc\/sc Activator For Type B and 9 more | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewer 2 Ver.2.5.0.0 and earlier, NFC Net Installer Ver.1.1.0.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-17010 | 1 Sony | 1 Content Manager Assistant | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2017-2276 | 1 Sony | 2 Wg-c10, Wg-c10 Firmware | 2024-02-04 | 9.0 HIGH | 7.2 HIGH |
Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. | |||||
CVE-2017-10891 | 1 Sony | 1 Media Go | 2024-02-04 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2016-7830 | 1 Sony | 10 Pcs-xc1, Pcs-xc1 Firmware, Pcs-xg100 and 7 more | 2024-02-04 | 5.8 MEDIUM | 8.8 HIGH |
Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. | |||||
CVE-2016-7834 | 1 Sony | 81 Snc-ch115, Snc-ch120, Snc-ch160 and 78 more | 2024-02-04 | 3.3 LOW | 8.8 HIGH |
SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, SNC-ER521C network cameras with firmware before Ver.1.86.00 and SONY SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC-EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL network cameras with firmware before Ver.2.7.2 are prone to sensitive information disclosure. This may allow an attacker on the same local network segment to login to the device with administrative privileges and perform operations on the device. |