28 matches found
EUVD-2024-21364
Malicious code in bioql PyPI...
EUVD-2024-21398
Malicious code in bioql PyPI...
EUVD-2024-21363
Malicious code in bioql PyPI...
Sony XAV-AX5500 1.13 - Firmware Update Validation Remote Code Execution (RCE)
Exploit Title: Sony XAV-AX5500 Firmware Update Validation Remote Code Execution Date: 11-Feb-2025 Exploit Author: lkushinada Vendor Homepage: https://www.sony.com/et/electronics/in-car-receivers-players/xav-ax5500 Software Link: https://archive.org/details/xav-ax-5500-v-113 Version: 1.13 Tested o...
CVE-2024-23922
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The...
CVE-2024-23922
Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The...
CVE-2024-23972
Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. Th...
CVE-2024-23933
Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The...
CVE-2024-23922
Sony XAV-AX5500 is affected by CVE-2024-23922 due to insufficient validation of firmware update packages, enabling remote code execution when updates are processed. The flaw resides in the software update handling and can be exploited by physically present attackers without authentication. Public...
CVE-2024-23972
Summary: CVE-2024-23972 affects Sony XAV-AX5500. The issue is a buffer overflow in the USB host driver triggered by a crafted USB configuration descriptor, enabling remote code execution in the device process when a USB is connected by a physically present attacker. The vulnerability can be explo...
CVE-2024-23972 Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability
Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. Th...
CVE-2024-23972 Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability
Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. Th...
CVE-2024-23934 Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target...
CVE-2024-23933 Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability
Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The...
CVE-2024-23933 Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability
Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The...
CVE-2024-23933
CVE-2024-23933 affects Sony XAV-AX5500 cars units via a CarPlay TLV stack-based buffer overflow. The root cause is insufficient validation of user-supplied data length before copying to a fixed-size stack buffer, enabling remote code execution when a physically present attacker exploits the proto...
Sony XAV-AX5500 安全漏洞
The SONY XAV-AX5500 is a 7-inch in-vehicle center console with a wide range of functions and advanced technical features. The SONY XAV-AX5500 suffers from a stack buffer overflow vulnerability that stems from an extended content description object built in a WMV media file that can trigger an...
Sony XAV-AX5500 安全漏洞
The SONY XAV-AX5500 is a 7-inch in-vehicle center console with a wide range of functions and advanced technical features. A code execution vulnerability exists in the SONY XAV-AX5500 that stems from a lack of proper validation of software update packages and can be exploited by an attacker to...
Sony XAV-AX5500 安全漏洞
The SONY XAV-AX5500 is a 7-inch in-vehicle center console with a wide range of functions and advanced technical features. The SONY XAV-AX5500 suffers from a stack buffer overflow vulnerability that originates in the implementation of the Apple CarPlay protocol and can be exploited by an attacker ...
SONY XAV-AX5500 Buffer Overflow Vulnerability
The SONY XAV-AX5500 is a 7-inch in-vehicle center console with a wide range of functions and advanced technical features. The SONY XAV-AX5500 suffers from a buffer overflow vulnerability that originates from a constructed USB configuration descriptor that can trigger an overflow of a fixed-length...