CVSS: 7.2EPSS: 3%CPEs: 1EXPL: 0CVE-2024-23972 – Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-23972
21 Jun 2024 — Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the USB host driver. A crafted USB configuration descriptor can trigger an overflow of a fixed-length buffer. • https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players-xav-series/xav-ax5500/software/00274156 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41796
https://notcve.org/view.php?id=CVE-2022-41796
24 Oct 2022 — Untrusted search path vulnerability in the installer of Content Transfer (for Windows) Ver.1.3 and prior allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de la ruta de búsqueda no confiable en el instalador de Content Transfer (para Windows) Versiones 1.3 y anteriores, permite a un atacante conseguir privilegios por medio de una DLL troyana en un directorio no especificado • https://jvn.jp/en/jp/JVN40620121/index.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1CVE-2022-3349 – Sony PS4/PS5 exFAT UVFAT_readupcasetable heap-based overflow
https://notcve.org/view.php?id=CVE-2022-3349
28 Sep 2022 — A vulnerability was found in Sony PS4 and PS5. It has been classified as critical. This affects the function UVFAT_readupcasetable of the component exFAT Handler. The manipulation of the argument dataLength leads to heap-based buffer overflow. It is possible to launch the attack on the physical device. • https://hackerone.com/reports/1340942 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 2CVE-2022-23747
https://notcve.org/view.php?id=CVE-2022-23747
17 Aug 2022 — In Sony Xperia series 1, 5, and Pro, an out of bound memory access can occur due to lack of validation of the number of frames being passed during music playback. En las series Sony Xperia 1, 5 y Pro, puede producirse un acceso a la memoria fuera de límites debido a una falta de comprobación del número de fotogramas que son pasados durante la reproducción de música. • https://cpr-zero.checkpoint.com/vulns/cprid-2191 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-27094
https://notcve.org/view.php?id=CVE-2022-27094
20 May 2022 — Sony PlayMemories Home v6.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. Sony PlayMemories Home versión v6.0, contiene una ruta de servicio no citada que permite a atacantes escalar privilegios al nivel del sistema • https://www.exploit-db.com/exploits/50817 • CWE-428: Unquoted Search Path or Element •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-20793
https://notcve.org/view.php?id=CVE-2021-20793
26 Aug 2021 — Untrusted search path vulnerability in the installer of Sony Audio USB Driver V1.10 and prior and the installer of HAP Music Transfer Ver.1.3.0 and prior allows an attacker to gain privileges and execute arbitrary code via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no confiable en el instalador de Sony Audio USB Driver versiones V1.10 y anteriores y en el instalador de HAP Music Transfer versión Ver.1.3.0 y anteriores, permite a un atacante alcanzar privilegios y ... • https://jvn.jp/en/jp/JVN80288258/index.html • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 1CVE-2021-38544
https://notcve.org/view.php?id=CVE-2021-38544
11 Aug 2021 — Sony SRS-XB33 and SRS-XB43 devices through 2021-08-09 allow remote attackers to recover speech signals from an LED on the device, via a telescope and an electro-optical sensor, aka a "Glowworm" attack. The power indicator LED of the speakers is connected directly to the power line, as a result, the intensity of a device's power indicator LED is correlative to the power consumption. The sound played by the speakers affects their power consumption and as a result is also correlative to the light intensity of ... • https://www.nassiben.com/glowworm-attack •
CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-5589
https://notcve.org/view.php?id=CVE-2020-5589
09 Jun 2020 — SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product. SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N y WI-SP600N con versiones de firmware anteriores a la 4.... • https://jvn.jp/en/jp/JVN67447798 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-19364
https://notcve.org/view.php?id=CVE-2019-19364
04 Dec 2019 — A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges. Un usuario malintencionado débil puede escalar sus privilegios siempre que se ejecuten los instaladores CatalystProductionSuite.2019.1.exe (... • https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15743
https://notcve.org/view.php?id=CVE-2019-15743
14 Nov 2019 — The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audi... • https://www.kryptowire.com/android-firmware-2019 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •