CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23922 – Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23922
21 Jun 2024 — Sony XAV-AX5500 Insufficient Firmware Update Validation Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of software updates. The issue results from the lack of proper validation of software update packages. • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23933 – Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23933
21 Jun 2024 — Sony XAV-AX5500 CarPlay TLV Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the Apple CarPlay protocol. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based b... • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23934 – Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23934
21 Jun 2024 — Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fix... • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-121: Stack-based Buffer Overflow •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-23972 – Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23972
21 Jun 2024 — Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41796
https://notcve.org/view.php?id=CVE-2022-41796
24 Oct 2022 — Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de la ruta de búsqueda no confiable en el instalador de Content Transfer (para Windows) Versiones 1.3 y anteriores, permite a un atacante conseguir privilegios por medio de una DLL troyana en un directorio no especificado • https://jvn.jp/en/jp/JVN40620121/index.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3349 – Sony PS4/PS5 exFAT UVFAT_readupcasetable heap-based overflow
https://notcve.org/view.php?id=CVE-2022-3349
28 Sep 2022 — A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical device. • https://hackerone.com/reports/1340942 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 2CVE-2022-23747
https://notcve.org/view.php?id=CVE-2022-23747
17 Aug 2022 — In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback. En las series Sony Xperia 1, 5 y Pro, puede producirse un acceso a la memoria fuera de límites debido a una falta de comprobación del número de fotogramas que son pasados durante la reproducción de música. • https://cpr-zero.checkpoint.com/vulns/cprid-2191 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27094
https://notcve.org/view.php?id=CVE-2022-27094
20 May 2022 — Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Sony PlayMemories Home versión v6.0, contiene una ruta de servicio no citada que permite a atacantes escalar privilegios al nivel del sistema • https://www.exploit-db.com/exploits/50817 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20793
https://notcve.org/view.php?id=CVE-2021-20793
26 Aug 2021 — Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no confiable en el instalador de Sony Audio USB Driver versiones V1.10 y anteriores y en el instalador de HAP Music Transfer versión Ver.1.3.0 y anteriores, permite a un atacante alcanzar privilegios y ... • https://jvn.jp/en/jp/JVN80288258/index.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2021-38544
https://notcve.org/view.php?id=CVE-2021-38544
11 Aug 2021 — Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of ... • https://www.nassiben.com/glowworm-attack •