Sony Security Vulnerabilities
Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail.
6.7AI Score
0.006EPSS
Sony Ericsson P900 Beamer allows remote attackers to cause a denial of service (panic) via an obexftp session with a long filename in an OBEX File Transfer or OBEX Object Push.
7.1AI Score
0.002EPSS
Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image.
7.3AI Score
0.002EPSS
The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP.
6.9AI Score
0.001EPSS
Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file.
8.1AI Score
0.353EPSS
Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors.
8.4AI Score
0.143EPSS
Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors.
7AI Score
0.028EPSS
Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues suc...
6.8AI Score
0.362EPSS
The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets.
6.7AI Score
0.014EPSS
Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC...
8.1AI Score
0.263EPSS
Sony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory.
6.7AI Score
0.21EPSS
Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 allows remote attackers to execute arbitrary code via a long file name in an M3U file.
8AI Score
0.213EPSS
Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method. NOTE: some of these details are obtained ...
7.9AI Score
0.308EPSS
Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks.
6.3AI Score
0.017EPSS
The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
6.4AI Score
0.033EPSS
Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details are obtained from thir...
6.7AI Score
0.0004EPSS
Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 ...
7.9AI Score
0.242EPSS
The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116.
6.6AI Score
0.097EPSS
Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2) CFHDDecoder.dll file in the current working directory, as demonstrated by a directory that contain...
6.7AI Score
0.001EPSS
Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by a directory that contains a .mvz file. NOTE: the provenance of this information is unknown; the details...
6.4AI Score
0.0004EPSS
Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for...
7.4AI Score
0.003EPSS
Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspeci...
8.8CVSS
8.7AI Score
0.001EPSS
SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-...
8.8CVSS
8.1AI Score
0.002EPSS
Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
7.8CVSS
7.7AI Score
0.001EPSS
Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
7.8CVSS
7.7AI Score
0.001EPSS
Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
7.8CVSS
7.7AI Score
0.001EPSS
Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
7.8CVSS
7.7AI Score
0.001EPSS
WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.
7.2CVSS
7.2AI Score
0.001EPSS
Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.
7.2CVSS
7.3AI Score
0.001EPSS
WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.
9.1CVSS
8.8AI Score
0.002EPSS
Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and earlier, SFCard Viewe...
7.8CVSS
7.7AI Score
0.001EPSS
Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
7.8CVSS
7.7AI Score
0.001EPSS
Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
7.8CVSS
7.7AI Score
0.001EPSS
Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
7.8CVSS
7.7AI Score
0.001EPSS
An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files.
7.5CVSS
7.3AI Score
0.002EPSS
The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by Sony or another entity in the s...
5.5CVSS
5.2AI Score
0.0004EPSS
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection.
8.8CVSS
8.6AI Score
0.001EPSS
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal.
8.1CVSS
8.1AI Score
0.001EPSS
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices has a Buffer Overflow.
6.5CVSS
6.5AI Score
0.001EPSS
An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerabilit...
9.1CVSS
7.2AI Score
0.006EPSS
An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST ...
10CVSS
9.8AI Score
0.015EPSS
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.
9.8CVSS
9.4AI Score
0.002EPSS
An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is ...
5.9CVSS
6.6AI Score
0.003EPSS
Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.
8.1CVSS
6.6AI Score
0.005EPSS
Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV.
7.5CVSS
7.3AI Score
0.023EPSS
Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN.
7.5CVSS
7.4AI Score
0.018EPSS
Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch.
4.2CVSS
4.6AI Score
0.0004EPSS
The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-i...
7.8CVSS
7.3AI Score
0.0004EPSS
The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows ...
5.5CVSS
5.2AI Score
0.0004EPSS
The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthor...
3.3CVSS
4AI Score
0.0004EPSS