Vulnerabilities > Sony > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-28 | CVE-2022-3349 | Out-of-bounds Write vulnerability in Sony Playstation 4 Firmware and Playstation 5 Firmware A vulnerability was found in Sony PS4 and PS5. | 6.8 |
| 2021-08-26 | CVE-2021-20793 | Uncontrolled Search Path Element vulnerability in Sony Audio USB Driver and HAP Music Transfer Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. | 4.4 |
| 2021-08-11 | CVE-2021-38544 | Unspecified vulnerability in Sony Srs-Xb33 Firmware and Srs-Xb43 Firmware Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. network sony | 4.3 |
| 2019-12-04 | CVE-2019-19364 | Uncontrolled Search Path Element vulnerability in Sony Catalyst Browse and Catalyst Production Suite A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. | 4.4 |
| 2019-11-14 | CVE-2019-15416 | Unspecified vulnerability in Sony Xperia XZS Firmware The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component. | 4.6 |
| 2019-07-05 | CVE-2019-5982 | Download of Code Without Integrity Check vulnerability in Sony Vaio Update 7.3.0.03150 Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. | 5.4 |
| 2019-07-05 | CVE-2019-5981 | Unspecified vulnerability in Sony Vaio Update 7.3.0.03150 Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors. network sony | 6.8 |
| 2019-06-19 | CVE-2018-16594 | Path Traversal vulnerability in Sony products The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal. | 4.8 |
| 2019-06-06 | CVE-2019-12762 | Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. | 4.2 |
| 2019-05-14 | CVE-2019-11336 | Information Exposure Through Log Files vulnerability in Sony Photo Sharing Plus Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886. | 4.3 |