Vulnerabilities > Sony
|2022-10-24||CVE-2022-41796|| Untrusted Search Path vulnerability in Sony Content Transfer 1.3 |
Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
| 7.8 |
|2022-09-28||CVE-2022-3349|| Out-of-bounds Write vulnerability in Sony Playstation 4 Firmware and Playstation 5 Firmware |
A vulnerability was found in Sony PS4 and PS5.
| 6.8 |
|2022-05-20||CVE-2022-27094|| Unquoted Search Path or Element vulnerability in Sony Playmemories Home 6.0 |
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.
| 7.2 |
|2021-08-26||CVE-2021-20793|| Uncontrolled Search Path Element vulnerability in Sony Audio USB Driver and HAP Music Transfer |
Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory.
| 4.4 |
|2021-08-11||CVE-2021-38544|| Unspecified vulnerability in Sony Srs-Xb33 Firmware and Srs-Xb43 Firmware |
Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack.
| 4.3 |
|2020-06-09||CVE-2020-5589|| Missing Authentication for Critical Function vulnerability in Sony products |
SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product.
| 8.3 |
|2019-12-04||CVE-2019-19364|| Uncontrolled Search Path Element vulnerability in Sony Catalyst Browse and Catalyst Production Suite |
A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 188.8.131.52) and CatalystBrowseSuite.2019.1.exe (version 184.108.40.206) installers run.
| 4.4 |
|2019-11-14||CVE-2019-15744|| Externally Controlled Reference to a Resource in Another Sphere vulnerability in Sony Xperia XZS Firmware |
The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack.
| 2.1 |
|2019-11-14||CVE-2019-15743|| Externally Controlled Reference to a Resource in Another Sphere vulnerability in Sony Xperia Touch Firmware |
The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack.
| 2.1 |
|2019-11-14||CVE-2019-15416|| Unspecified vulnerability in Sony Xperia XZS Firmware |
The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component.
| 4.6 |