Vulnerabilities > Sony > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-23 | CVE-2024-23922 | Insufficient Verification of Data Authenticity vulnerability in Sony Xav-Ax5500 Firmware 1.13 Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. | 6.8 |
| 2024-09-23 | CVE-2024-23972 | Classic Buffer Overflow vulnerability in Sony Xav-Ax5500 Firmware 1.13 Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. | 6.8 |
| 2022-09-28 | CVE-2022-3349 | Out-of-bounds Write vulnerability in Sony Playstation 4 Firmware and Playstation 5 Firmware A vulnerability was found in Sony PS4 and PS5. | 6.8 |
| 2022-05-20 | CVE-2022-27094 | Unquoted Search Path or Element vulnerability in Sony Playmemories Home 6.0 Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | 6.7 |
| 2021-08-11 | CVE-2021-38544 | Unspecified vulnerability in Sony Srs-Xb33 Firmware and Srs-Xb43 Firmware Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. | 5.9 |
| 2019-11-14 | CVE-2019-15743 | Externally Controlled Reference to a Resource in Another Sphere vulnerability in Sony Xperia Touch Firmware The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. | 5.5 |
| 2019-06-19 | CVE-2018-16595 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Sony products The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices has a Buffer Overflow. | 6.5 |
| 2019-06-06 | CVE-2019-12762 | Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. | 4.2 |
| 2019-04-25 | CVE-2018-14983 | Improper Input Validation vulnerability in Sony Xperia L1 Firmware The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by Sony or another entity in the supply chain. | 5.5 |
| 2019-04-19 | CVE-2019-10886 | Missing Authentication for Critical Function vulnerability in Sony Photo Sharing Plus 6.5830 An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). | 5.9 |