Filtered by vendor Sony
Subscriptions
Total
74 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-4235 | 1 Sony | 1 Sonicstage Mastering Studio | 2025-04-03 | N/A |
| Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file. | ||||
| CVE-2006-4290 | 1 Sony | 1 Vaio Media Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors. | ||||
| CVE-2006-4507 | 1 Sony | 1 Playstation Portable | 2025-04-03 | N/A |
| Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465. | ||||
| CVE-2005-1809 | 1 Sony | 2 P900, P900 Firmware | 2025-04-03 | N/A |
| Sony Ericsson P900 Beamer allows remote attackers to cause a denial of service (panic) via an obexftp session with a long filename in an OBEX File Transfer or OBEX Object Push. | ||||
| CVE-2005-3474 | 1 Sony | 1 First4internet Xcp Content Management | 2025-04-03 | N/A |
| The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP. | ||||
| CVE-2006-4289 | 1 Sony | 1 Vaio Media Server | 2025-04-03 | N/A |
| Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors. | ||||
| CVE-2022-27094 | 1 Sony | 1 Playmemories Home | 2024-11-21 | 6.7 Medium |
| Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | ||||
| CVE-2022-23747 | 1 Sony | 6 Xperia 1, Xperia 1 Firmware, Xperia 5 and 3 more | 2024-11-21 | 9.8 Critical |
| In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback. | ||||
| CVE-2021-38544 | 1 Sony | 4 Srs-xb33, Srs-xb33 Firmware, Srs-xb43 and 1 more | 2024-11-21 | 5.9 Medium |
| Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them. | ||||
| CVE-2021-20793 | 1 Sony | 2 Audio Usb Driver, Hap Music Transfer | 2024-11-21 | 7.8 High |
| Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | ||||
| CVE-2020-5589 | 1 Sony | 22 Wf-1000x, Wf-1000x Firmware, Wf-sp700n and 19 more | 2024-11-21 | 8.8 High |
| SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product. | ||||
| CVE-2019-5982 | 1 Sony | 1 Vaio Update | 2024-11-21 | N/A |
| Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed. | ||||
| CVE-2019-5981 | 1 Sony | 1 Vaio Update | 2024-11-21 | N/A |
| Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors. | ||||
| CVE-2019-19364 | 1 Sony | 2 Catalyst Browse, Catalyst Production Suite | 2024-11-21 | 7.8 High |
| A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges. | ||||
| CVE-2019-15744 | 1 Sony | 2 Xperia Xzs, Xperia Xzs Firmware | 2024-11-21 | 3.3 Low |
| The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. | ||||
| CVE-2019-15743 | 1 Sony | 2 Xperia Touch, Xperia Touch Firmware | 2024-11-21 | 5.5 Medium |
| The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audio to external storage. | ||||
| CVE-2019-15416 | 1 Sony | 2 Xperia Xzs, Xperia Xzs Firmware | 2024-11-21 | 7.8 High |
| The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app. | ||||
| CVE-2019-12762 | 6 Fujitsu, Google, Mi and 3 more | 16 Arrows Nx F05-f, Arrows Nx F05-f Firmware, Nexus 7 and 13 more | 2024-11-21 | 4.2 Medium |
| Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. | ||||
| CVE-2019-11890 | 1 Sony | 2 Bravia, Bravia Firmware | 2024-11-21 | N/A |
| Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN. | ||||
| CVE-2019-11889 | 1 Sony | 2 Bravia, Bravia Firmware | 2024-11-21 | N/A |
| Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV. | ||||