CVSS: 8.1EPSS: 0%CPEs: 105EXPL: 0CVE-2018-16594
https://notcve.org/view.php?id=CVE-2018-16594
19 Jun 2019 — The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices allows Directory Traversal. El componente Photo Sharing Plus en Sony Bravia TV a través de 8.587 dispositivos permite el recorrido de directorios. • https://fortiguard.com/zeroday/FG-VD-18-036 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.5EPSS: 0%CPEs: 105EXPL: 0CVE-2018-16595
https://notcve.org/view.php?id=CVE-2018-16595
19 Jun 2019 — The Photo Sharing Plus component on Sony Bravia TV through 8.587 devices has a Buffer Overflow. El componente Photo Sharing Plus en Sony Bravia TV a través de 8.587 dispositivos tiene un Desbordamiento de Búfer. • https://fortiguard.com/zeroday/FG-VD-18-036 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.2EPSS: 0%CPEs: 16EXPL: 0CVE-2019-12762
https://notcve.org/view.php?id=CVE-2019-12762
06 Jun 2019 — Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. Los dispositivos Xiaomi Mi 5s Plus permiten a los atacantes desencadenar anomalías de la pantalla táctil a través de una señal de radio entre 198 kHz y 203 kHz, como lo demuestra un transmisor y una antena ocultos justo debajo de la superficie de una mesa de cafetería, t... • https://hackercombat.com/nfc-vulnerability-may-promote-ghost-screen-taps •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-14983
https://notcve.org/view.php?id=CVE-2018-14983
25 Apr 2019 — The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by Sony or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have t... • https://www.kryptowire.com • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 3%CPEs: 89EXPL: 5CVE-2019-11336 – Sony Smart TV Information Disclosure / File Read
https://notcve.org/view.php?id=CVE-2019-11336
24 Apr 2019 — Sony Bravia Smart TV devices allow remote attackers to retrieve the static Wi-Fi password (used when the TV is acting as an access point) by using the Photo Sharing Plus application to execute a backdoor API command, a different vulnerability than CVE-2019-10886. Los dispositivos Sony Bravia Smart TV permiten a los atacantes remotos recuperar la contraseña estática de Wi-Fi (utilizada cuando el televisor está funcionando como un punto de acceso) mediante el uso de la aplicación Photo Sharing Plus para ejecu... • https://packetstorm.news/files/id/152612 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 2%CPEs: 89EXPL: 3CVE-2019-10886 – Sony Smart TV Information Disclosure / File Read
https://notcve.org/view.php?id=CVE-2019-10886
19 Apr 2019 — An incorrect access control exists in the Sony Photo Sharing Plus application in the firmware before PKG6.5629 version (for the X7500D TV and other applicable TVs). This vulnerability allows an attacker to read arbitrary files without authentication over HTTP when Photo Sharing Plus application is running. This may allow an attacker to browse a particular directory (e.g. images) inside the private network. Un control de acceso incorrecto en la aplicación Photo Sharing Plus de Sony en versiones de firmware a... • https://packetstorm.news/files/id/152612 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-10844
https://notcve.org/view.php?id=CVE-2019-10844
04 Apr 2019 — nbla/logger.cpp in libnnabla.a in Sony Neural Network Libraries (aka nnabla) through v1.0.14 relies on the HOME environment variable, which might be untrusted. nbla/logger.cpp en libnnabla.a en Sony Neural Network Librries (también conocido como nnabla), hasta la versión v1.0.14, depende de la variable de entorno HOME, que podría no ser fiable. • https://github.com/sony/nnabla/issues/209 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0690
https://notcve.org/view.php?id=CVE-2018-0690
15 Nov 2018 — An unvalidated software update vulnerability in Music Center for PC version 1.0.02 and earlier could allow a man-in-the-middle attacker to tamper with an update file and inject executable files. Una vulnerabilidad de actualización de software no validada en Music Center for PC en versiones 1.0.02 y anteriores podría permitir que un atacante Man-in-the-Middle (MitM) falsifique un archivo de actualización e inyecte archivos ejecutables. • http://jvn.jp/en/jp/JVN36623716/index.html •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0656
https://notcve.org/view.php?id=CVE-2018-0656
04 Sep 2018 — Untrusted search path vulnerability in The installer of Digital Paper App version 1.4.0.16050 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Vulnerabilidad de ruta de búsqueda no confiable en el instalador de Digital Paper App 1.4.0.16050 y anteriores permite que un atacante consiga privilegios utilizando un archivo DLL troyano en un directorio no especificado. • http://jvn.jp/en/jp/JVN75700242/index.html • CWE-426: Untrusted Search Path •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2018-3938
https://notcve.org/view.php?id=CVE-2018-3938
14 Aug 2018 — An exploitable stack-based buffer overflow vulnerability exists in the 802dot1xclientcert.cgi functionality of Sony IPELA E Series Camera G5 firmware 1.87.00. A specially crafted POST can cause a stack-based buffer overflow, resulting in remote code execution. An attacker can send a malicious POST request to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer basado en pila explotable en la funcionalidad 802dot1xclientcert.cgi de Sony IPELA E Series Camera G5 con la versión 1.87... • https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0605 • CWE-787: Out-of-bounds Write •