CVSS: 8.8EPSS: 0%CPEs: 22EXPL: 0CVE-2020-5589
https://notcve.org/view.php?id=CVE-2020-5589
09 Jun 2020 — SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N and WI-SP600N with firmware versions prior to 4.5.2 have vulnerability that someone within the Bluetooth range can make the Bluetooth pairing and operate such as changing volume of the product. SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, WH-CH700N, WH-H900N, WH-XB700, WH-XB900N, WI-1000X, WI-C600N y WI-SP600N con versiones de firmware anteriores a la 4.... • https://jvn.jp/en/jp/JVN67447798 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-19364
https://notcve.org/view.php?id=CVE-2019-19364
04 Dec 2019 — A weak malicious user can escalate its privilege whenever CatalystProductionSuite.2019.1.exe (version 1.1.0.21) and CatalystBrowseSuite.2019.1.exe (version 1.1.0.21) installers run. The vulnerability is in the form of DLL Hijacking. The installers try to load DLLs that don’t exist from its current directory; by doing so, an attacker can quickly escalate its privileges. Un usuario malintencionado débil puede escalar sus privilegios siempre que se ejecuten los instaladores CatalystProductionSuite.2019.1.exe (... • https://gist.github.com/Eli-Paz/482b514320009f3e76ea712cde3bc350 • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15743
https://notcve.org/view.php?id=CVE-2019-15743
14 Nov 2019 — The Sony Xperia Touch Android device with a build fingerprint of Sony/blanc_windy/blanc_windy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app (versionCode=24, versionName=7.0) that allows unauthorized microphone audio recording via a confused deputy attack. This capability can be accessed by any app co-located on the device. This app allows a third-party app to use its open interface to record audi... • https://www.kryptowire.com/android-firmware-2019 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15416
https://notcve.org/view.php?id=CVE-2019-15416
14 Nov 2019 — The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by... • https://www.kryptowire.com/android-firmware-2019 •
CVSS: 3.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15744
https://notcve.org/view.php?id=CVE-2019-15744
14 Nov 2019 — The Sony Xperia Xperia XZs Android device with a build fingerprint of Sony/keyaki_softbank/keyaki_softbank:7.1.1/TONE3-3.0.0-SOFTBANK-170517-0323/1:user/dev-keys contains a pre-installed app with a package name of jp.softbank.mb.tdrl app (versionCode=1413005, versionName=1.3.0) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device. El dispositivo Sony Xperia Xperia XZs Android con una huella digital de compil... • https://www.kryptowire.com/android-firmware-2019 • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 7.8EPSS: 5%CPEs: 2EXPL: 1CVE-2019-11889 – Sony BRAVIA Smart TV Denial of Service
https://notcve.org/view.php?id=CVE-2019-11889
08 Jul 2019 — Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV. Los dispositivos BRAVIA Smart TV de Sony, permite a los atacantes remotos causar una denegación de servicio (suspensión del dispositivo) por medio de una página web diseñada sobre HbbTV. Sony BRAVIA Smart TVs suffer from multiple denial of service vulnerabilities. • https://packetstorm.news/files/id/153547 •
CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 1CVE-2019-11890 – Sony BRAVIA Smart TV Denial of Service
https://notcve.org/view.php?id=CVE-2019-11890
08 Jul 2019 — Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN. Los dispositivos Bravia Smart TV de Sony, permiten a los atacantes remotos causar una denegación de servicio (suspensión o reinicio del dispositivo) por medio de un ataque de inundación SYN sobre una LAN con cable o Wi-Fi. Sony BRAVIA Smart TVs suffer from multiple denial of service vulnerabilities. • https://packetstorm.news/files/id/153547 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5982
https://notcve.org/view.php?id=CVE-2019-5982
05 Jul 2019 — Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed. Una vulnerabilidad de comprobación inapropiada de archivos de descarga en VAIO Update versión 7.3.0.03150 y anteriores, permite a los atacantes remotos conducir un ataque de tipo "man-in-the-middle" por medio de un punto de acceso LAN ... • https://jvn.jp/en/jp/JVN13555032/index.html • CWE-494: Download of Code Without Integrity Check •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-5981
https://notcve.org/view.php?id=CVE-2019-5981
05 Jul 2019 — Improper authorization vulnerability in VAIO Update 7.3.0.03150 and earlier allows an attackers to execute arbitrary executable file with administrative privilege via unspecified vectors. Una vulnerabilidad de autorización inapropiada en VAIO Update versión 7.3.0.03150 y anteriores, permite a los atacantes ejecutar archivos ejecutables arbitrarios con privilegios administrativos por medio de vectores no especificados. • https://jvn.jp/en/jp/JVN13555032/index.html •
CVSS: 8.8EPSS: 0%CPEs: 105EXPL: 0CVE-2018-16593
https://notcve.org/view.php?id=CVE-2018-16593
19 Jun 2019 — The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Shell Metacharacter Injection. El componente Photo Sharing Plus en los dispositivos Sony Bravia TV hasta 8.587 permite la inyección de metacaracteres shell. • https://fortiguard.com/zeroday/FG-VD-18-036 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •