Vulnerabilities > Sony

DATE CVE VULNERABILITY TITLE RISK
2020-06-09 CVE-2020-5589 Missing Authentication FOR Critical Function vulnerability in Sony products
SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product.
low complexity
sony CWE-306
8.3
2019-12-04 CVE-2019-19364 Untrusted Search Path vulnerability in Sony Catalyst Browse and Catalyst Production Suite
A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run.
local
sony CWE-426
4.4
2019-11-14 CVE-2019-15744 Externally Controlled Reference TO A Resource in Another Sphere vulnerability in Sony Xperia XZS Firmware
The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack.
local
low complexity
sony CWE-610
2.1
2019-11-14 CVE-2019-15743 Externally Controlled Reference TO A Resource in Another Sphere vulnerability in Sony Xperia Touch Firmware
The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack.
local
low complexity
sony CWE-610
2.1
2019-11-14 CVE-2019-15416 Unspecified vulnerability in Sony Xperia XZS Firmware
The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component.
local
low complexity
sony
4.6
2019-07-09 CVE-2019-11890 Resource Exhaustion vulnerability in Sony Bravia Firmware
Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN.
network
low complexity
sony CWE-400
7.8
2019-07-09 CVE-2019-11889 Unspecified vulnerability in Sony Bravia Firmware
Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV.
network
low complexity
sony
7.8
2019-07-05 CVE-2019-5982 Download of Code Without Integrity Check vulnerability in Sony Vaio Update 7.3.0.03150
Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point.
5.4
2019-07-05 CVE-2019-5981 Unspecified vulnerability in Sony Vaio Update 7.3.0.03150
Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors.
network
sony
6.8
2019-06-19 CVE-2018-16595 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Sony products
The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices has a Buffer Overflow.
low complexity
sony CWE-119
3.3