Vulnerabilities > Sony
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-23 | CVE-2024-23922 | Insufficient Verification of Data Authenticity vulnerability in Sony Xav-Ax5500 Firmware 1.13 Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. | 6.8 |
| 2024-09-23 | CVE-2024-23972 | Classic Buffer Overflow vulnerability in Sony Xav-Ax5500 Firmware 1.13 Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. | 6.8 |
| 2022-10-24 | CVE-2022-41796 | Uncontrolled Search Path Element vulnerability in Sony Content Transfer 1.3 Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2022-09-28 | CVE-2022-3349 | Out-of-bounds Write vulnerability in Sony Playstation 4 Firmware and Playstation 5 Firmware A vulnerability was found in Sony PS4 and PS5. | 6.8 |
| 2022-08-17 | CVE-2022-23747 | Classic Buffer Overflow vulnerability in Sony products In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback. | 9.8 |
| 2022-05-20 | CVE-2022-27094 | Unquoted Search Path or Element vulnerability in Sony Playmemories Home 6.0 Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | 6.7 |
| 2021-08-26 | CVE-2021-20793 | Uncontrolled Search Path Element vulnerability in Sony Audio USB Driver and HAP Music Transfer Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | 7.8 |
| 2021-08-11 | CVE-2021-38544 | Unspecified vulnerability in Sony Srs-Xb33 Firmware and Srs-Xb43 Firmware Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | 5.9 |
| 2020-06-09 | CVE-2020-5589 | Missing Authentication for Critical Function vulnerability in Sony products SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product. | 8.8 |
| 2019-12-04 | CVE-2019-19364 | Uncontrolled Search Path Element vulnerability in Sony Catalyst Browse and Catalyst Production Suite A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. | 7.8 |