Vulnerabilities > Sony > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-19 | CVE-2019-10886 | Missing Authentication for Critical Function vulnerability in Sony Photo Sharing Plus An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). | 4.3 |
| 2018-11-15 | CVE-2018-0690 | Unspecified vulnerability in Sony Music Center FOR PC An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files. | 5.1 |
| 2018-09-04 | CVE-2018-0656 | Untrusted Search Path vulnerability in Sony Digital Paper APP 1.4.0.16050 Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.8 |
| 2018-08-14 | CVE-2018-3937 | OS Command Injection vulnerability in Sony products An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. | 6.5 |
| 2018-06-26 | CVE-2018-0600 | Untrusted Search Path vulnerability in Sony Playmemories Home 5.5.01 Untrusted search path vulnerability in the installer of PlayMemories Home for Windows ver.5.5.01 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.8 |
| 2017-12-27 | CVE-2017-17010 | Untrusted Search Path vulnerability in Sony Content Manager Assistant Untrusted search path vulnerability in Content Manager Assistant for PlayStation version 3.55.7671.0901 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | 6.8 |
| 2017-06-09 | CVE-2016-7830 | Missing Authentication for Critical Function vulnerability in Sony products Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker on the same network segment to bypass authentication to perform administrative operations via unspecified vectors. | 5.8 |
| 2013-10-01 | CVE-2013-3539 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users. | 6.8 |
| 2012-09-07 | CVE-2012-4881 | Unspecified vulnerability in Sony Moviez HD 1.0 Untrusted search path vulnerability in moviEZ HD 1.0 Build 2554-29894-A allows local users to gain privileges via a Trojan horse avrt.dll file in the current working directory, as demonstrated by a directory that contains a .mvz file. local sony | 6.9 |
| 2012-09-07 | CVE-2012-4880 | Unspecified vulnerability in Sony DVD Architect PRO and DVD Architect Studio Multiple untrusted search path vulnerabilities in DVD Architect Pro 5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2) CFHDDecoder.dll file in the current working directory, as demonstrated by a directory that contains a .dar file. local sony | 6.9 |