CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3349 – Sony PS4/PS5 exFAT UVFAT_readupcasetable heap-based overflow
https://notcve.org/view.php?id=CVE-2022-3349
A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical device. • https://hackerone.com/reports/1340942 https://vuldb.com/?id.209679 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 2CVE-2022-23747
https://notcve.org/view.php?id=CVE-2022-23747
In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback. En las series Sony Xperia 1, 5 y Pro, puede producirse un acceso a la memoria fuera de límites debido a una falta de comprobación del número de fotogramas que son pasados durante la reproducción de música. • https://cpr-zero.checkpoint.com/vulns/cprid-2191 https://research.checkpoint.com/2022/bad-alac-one-codec-to-hack-the-whole-world • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27094
https://notcve.org/view.php?id=CVE-2022-27094
Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Sony PlayMemories Home versión v6.0, contiene una ruta de servicio no citada que permite a atacantes escalar privilegios al nivel del sistema • https://www.exploit-db.com/exploits/50817 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20793
https://notcve.org/view.php?id=CVE-2021-20793
Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no confiable en el instalador de Sony Audio USB Driver versiones V1.10 y anteriores y en el instalador de HAP Music Transfer versión Ver.1.3.0 y anteriores, permite a un atacante alcanzar privilegios y ejecutar código arbitrario por medio de una DLL de tipo caballo de Troya en un directorio no especificado. • https://jvn.jp/en/jp/JVN80288258/index.html https://www.sony.co.uk/electronics/support/software/00266642 https://www.sony.co.uk/electronics/support/software/00266749 https://www.sony.co.uk/electronics/support/software/00266758 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2021-38544
https://notcve.org/view.php?id=CVE-2021-38544
Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of the LEDs. By analyzing measurements obtained from an electro-optical sensor directed at the power indicator LEDs of the speakers, we can recover the sound played by them. Los dispositivos Sony SRS-XB33 y SRS-XB43 hasta 09-08-2021 permiten a atacantes remotos recuperar las señales de voz de un LED del dispositivo, por medio de un telescopio y un sensor electro-óptico, también se conoce como un ataque "Glowworm". • https://www.nassiben.com/glowworm-attack •