Vendor CVEs
Sony
All CVEs
75 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-11889 | 0.00 | — | 0.04 | Jul 9, 2019 | Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV. | |||
| CVE-2019-5982 | 0.00 | — | 0.00 | Jul 5, 2019 | Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed. | |||
| CVE-2019-5981 | 0.00 | — | 0.01 | Jul 5, 2019 | Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors. | |||
| CVE-2018-16593 | 0.00 | — | 0.01 | Jun 19, 2019 | The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection. | |||
| CVE-2018-16594 | 0.00 | — | 0.01 | Jun 19, 2019 | The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal. | |||
| CVE-2018-16595 | 0.00 | — | 0.01 | Jun 19, 2019 | The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices has a Buffer Overflow. | |||
| CVE-2019-11336 | 0.00 | — | 0.03 | May 14, 2019 | Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886. | |||
| CVE-2018-14983 | 0.00 | — | 0.00 | Apr 25, 2019 | The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by Sony or… | |||
| CVE-2019-10886 | 0.00 | — | 0.03 | Apr 19, 2019 | An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing… | |||
| CVE-2019-10844 | 0.00 | — | 0.02 | Apr 4, 2019 | nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted. | |||
| CVE-2018-0690 | 0.00 | — | 0.02 | Nov 15, 2018 | An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files. | |||
| CVE-2012-4881 | 0.00 | — | 0.00 | Sep 7, 2012 | Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by a directory that contains a .mvz file. NOTE: the provenance of this information is… | |||
| CVE-2012-4880 | 0.00 | — | 0.00 | Sep 7, 2012 | Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2) CFHDDecoder.dll file in the current working directory, as demonstrated by a… | |||
| CVE-2010-5242 | 0.00 | — | 0.00 | Sep 7, 2012 | Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details… | |||
| CVE-2008-1938 | 0.00 | — | 0.01 | Apr 25, 2008 | Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks. | |||
| CVE-2007-4785 | 0.00 | — | 0.02 | Sep 10, 2007 | Sony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory. | |||
| CVE-2007-1728 | 0.00 | — | 0.02 | Mar 28, 2007 | The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets. | |||
| CVE-2006-4507 | 0.00 | — | 0.00 | Aug 31, 2006 | Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related… | |||
| CVE-2006-4290 | 0.00 | — | 0.02 | Aug 22, 2006 | Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors. | |||
| CVE-2006-4289 | 0.00 | — | 0.06 | Aug 22, 2006 | Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2006-4235 | 0.00 | — | 0.05 | Aug 21, 2006 | Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file. | |||
| CVE-2005-3474 | 0.00 | — | 0.00 | Nov 3, 2005 | The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP. | |||
| CVE-2005-3084 | 0.00 | — | 0.01 | Sep 27, 2005 | Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image. | |||
| CVE-2005-1809 | 0.00 | — | 0.02 | Jun 1, 2005 | Sony Ericsson P900 Beamer allows remote attackers to cause a denial of service (panic) via an obexftp session with a long filename in an OBEX File Transfer or OBEX Object Push. | |||
| CVE-2002-2108 | 0.00 | — | 0.02 | Dec 31, 2002 | Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail. |
- CVE-2019-11889Jul 9, 2019risk 0.00cvss —epss 0.04
Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV.
- CVE-2019-5982Jul 5, 2019risk 0.00cvss —epss 0.00
Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed.
- CVE-2019-5981Jul 5, 2019risk 0.00cvss —epss 0.01
Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.
- CVE-2018-16593Jun 19, 2019risk 0.00cvss —epss 0.01
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection.
- CVE-2018-16594Jun 19, 2019risk 0.00cvss —epss 0.01
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal.
- CVE-2018-16595Jun 19, 2019risk 0.00cvss —epss 0.01
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices has a Buffer Overflow.
- CVE-2019-11336May 14, 2019risk 0.00cvss —epss 0.03
Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886.
- CVE-2018-14983Apr 25, 2019risk 0.00cvss —epss 0.00
The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by Sony or…
- CVE-2019-10886Apr 19, 2019risk 0.00cvss —epss 0.03
An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing…
- CVE-2019-10844Apr 4, 2019risk 0.00cvss —epss 0.02
nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted.
- CVE-2018-0690Nov 15, 2018risk 0.00cvss —epss 0.02
An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files.
- CVE-2012-4881Sep 7, 2012risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by a directory that contains a .mvz file. NOTE: the provenance of this information is…
- CVE-2012-4880Sep 7, 2012risk 0.00cvss —epss 0.00
Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2) CFHDDecoder.dll file in the current working directory, as demonstrated by a…
- CVE-2010-5242Sep 7, 2012risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 allows local users to gain privileges via a Trojan horse MtxParhVegasPreview.dll file in the current working directory, as demonstrated by a directory that contains a .sfw file. NOTE: some of these details…
- CVE-2008-1938Apr 25, 2008risk 0.00cvss —epss 0.01
Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks.
- CVE-2007-4785Sep 10, 2007risk 0.00cvss —epss 0.02
Sony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory.
- CVE-2007-1728Mar 28, 2007risk 0.00cvss —epss 0.02
The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets.
- CVE-2006-4507Aug 31, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related…
- CVE-2006-4290Aug 22, 2006risk 0.00cvss —epss 0.02
Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors.
- CVE-2006-4289Aug 22, 2006risk 0.00cvss —epss 0.06
Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2006-4235Aug 21, 2006risk 0.00cvss —epss 0.05
Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file.
- CVE-2005-3474Nov 3, 2005risk 0.00cvss —epss 0.00
The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP.
- CVE-2005-3084Sep 27, 2005risk 0.00cvss —epss 0.01
Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image.
- CVE-2005-1809Jun 1, 2005risk 0.00cvss —epss 0.02
Sony Ericsson P900 Beamer allows remote attackers to cause a denial of service (panic) via an obexftp session with a long filename in an OBEX File Transfer or OBEX Object Push.
- CVE-2002-2108Dec 31, 2002risk 0.00cvss —epss 0.02
Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail.
Page 2 of 2