VYPR

Vendor CVEs

Sony

All CVEs

75 total · sorted by risk
  • CVE-2018-3937CriAug 14, 2018
    risk 0.60cvss 9.1epss 0.10

    An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to…

  • CVE-2018-3938CriAug 14, 2018
    risk 0.59cvss 9.1epss 0.03

    An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can…

  • CVE-2017-2277CriJul 22, 2017
    risk 0.59cvss 9.1epss 0.01

    WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.

  • CVE-2016-7834HigApr 13, 2017
    risk 0.58cvss 8.8epss 0.04

    SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H,…

  • CVE-2024-23934HigSep 23, 2024
    risk 0.57cvss 8.8epss 0.01

    Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability…

  • CVE-2016-7830HigJun 9, 2017
    risk 0.57cvss 8.8epss 0.01

    Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative…

  • CVE-2025-5124HigMay 24, 2025
    risk 0.53cvss 8.1epss 0.01

    A vulnerability classified as critical has been found in Sony SNC-M1, SNC-M3, SNC-RZ25N, SNC-RZ30N, SNC-DS10, SNC-CS3N and SNC-RX570N up to 1.30. This affects an unknown part of the component Administrative Interface. The manipulation leads to use of default credentials. It is…

  • CVE-2025-64772HigDec 1, 2025
    risk 0.51cvss 7.8epss 0.00

    The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.

  • CVE-2018-0656HigSep 4, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2018-0600HigJun 26, 2018
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-17010HigDec 27, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-10909HigDec 22, 2017
    risk 0.51cvss 7.8epss 0.02

    Untrusted search path vulnerability in Music Center for PC version 1.0.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-10892HigDec 1, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Music Center for PC version 1.0.00 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-10891HigDec 1, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in Media Go version 3.2.0.191 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2287HigAug 2, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in NFC Port Software remover Ver.1.3.0.1 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2017-2286HigAug 2, 2017
    risk 0.51cvss 7.8epss 0.01

    Untrusted search path vulnerability in NFC Port Software Version 5.5.0.6 and earlier (for RC-S310, RC-S320, RC-S330, RC-S370, RC-S380, RC-S380/S), NFC Port Software Version 5.3.6.7 and earlier (for RC-S320, RC-S310/J1C, RC-S310/ED4C), PC/SC Activator for Type B Ver.1.2.1.0 and…

  • CVE-2009-2541HigJul 20, 2009
    risk 0.49cvss 7.5epss 0.03

    The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.

  • CVE-2025-64390HigJun 2, 2026
    risk 0.48cvss 7.4epss 0.00

    A privilege escalation vulnerability exists in PlayStation 4 firmware versions 13.00 through 13.02. The BD-J (Blu-ray Disc Java) sandbox can be escaped through a malformed JAR file.

  • CVE-2025-64444HigNov 14, 2025
    risk 0.47cvss 7.2epss 0.01

    Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute…

  • CVE-2017-2276HigJul 22, 2017
    risk 0.47cvss 7.2epss 0.02

    Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.

  • CVE-2017-2275HigJul 22, 2017
    risk 0.47cvss 7.2epss 0.02

    WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors.

  • CVE-2024-23933MedSep 23, 2024
    risk 0.45cvss 6.8epss 0.01

    Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this…

  • CVE-2026-50255MedJun 16, 2026
    risk 0.44cvss 6.7epss 0.00

    Incorrect default permissions issue exists in Optical Disc Archive Software for Windows 5.5.3 and earlier. If this vulnerability is exploited, arbitrary code may be executed with SYSTEM privileges.

  • CVE-2025-62225MedNov 5, 2025
    risk 0.44cvss 6.7epss 0.00

    Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root directory of the system drive may execute arbitrary code with SYSTEM privilege.

  • CVE-2013-3539Oct 1, 2013
    risk 0.04cvss epss 0.09

    Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication…

  • CVE-2012-0985Jun 7, 2012
    risk 0.04cvss epss 0.13

    Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect…

  • CVE-2012-2210Apr 11, 2012
    risk 0.04cvss epss 0.09

    The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116.

  • CVE-2008-0748Feb 13, 2008
    risk 0.04cvss epss 0.16

    Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method. NOTE: some of these…

  • CVE-2007-5709Oct 30, 2007
    risk 0.04cvss epss 0.11

    Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 allows remote attackers to execute arbitrary code via a long file name in an M3U file.

  • CVE-2007-3488Jun 29, 2007
    risk 0.04cvss epss 0.16

    Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N…

  • CVE-2024-23922Sep 23, 2024
    risk 0.03cvss epss 0.02

    Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this…

  • CVE-2020-36885Dec 10, 2025
    risk 0.00cvss epss 0.01

    Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client…

  • CVE-2025-5475Jun 21, 2025
    risk 0.00cvss epss 0.00

    Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious…

  • CVE-2025-5477Jun 21, 2025
    risk 0.00cvss epss 0.00

    Sony XAV-AX8500 Bluetooth L2CAP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a…

  • CVE-2025-5478Jun 21, 2025
    risk 0.00cvss epss 0.00

    Sony XAV-AX8500 Bluetooth SDP Protocol Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. Authentication is not required to exploit this…

  • CVE-2025-5479Jun 21, 2025
    risk 0.00cvss epss 0.00

    Sony XAV-AX8500 Bluetooth AVCTP Protocol Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sony XAV-AX8500 devices. An attacker must first obtain the ability…

  • CVE-2025-5476Jun 21, 2025
    risk 0.00cvss epss 0.00

    Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw…

  • CVE-2025-5820Jun 21, 2025
    risk 0.00cvss epss 0.00

    Sony XAV-AX8500 Bluetooth ERTM Channel Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists…

  • CVE-2024-23972Sep 23, 2024
    risk 0.00cvss epss 0.01

    Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this…

  • CVE-2022-41796Oct 24, 2022
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

  • CVE-2022-3349Sep 28, 2022
    risk 0.00cvss epss 0.01

    A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack…

  • CVE-2022-23747Aug 17, 2022
    risk 0.00cvss epss 0.10

    In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback.

  • CVE-2022-27094May 20, 2022
    risk 0.00cvss epss 0.00

    Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.

  • CVE-2021-20793Aug 26, 2021
    risk 0.00cvss epss 0.00

    Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.

  • CVE-2021-38544Aug 11, 2021
    risk 0.00cvss epss 0.01

    Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power…

  • CVE-2020-5589Jun 9, 2020
    risk 0.00cvss epss 0.01

    SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and…

  • CVE-2019-15743Nov 14, 2019
    risk 0.00cvss epss 0.00

    The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24,…

  • CVE-2019-15416Nov 14, 2019
    risk 0.00cvss epss 0.00

    The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03)…

  • CVE-2019-15744Nov 14, 2019
    risk 0.00cvss epss 0.00

    The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0)…

  • CVE-2019-11890Jul 9, 2019
    risk 0.00cvss epss 0.04

    Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN.

Page 1 of 2