Filtered by vendor Sony
Subscribe
Total
74 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-0748 | 1 Sony | 2 Axruploadserver Activex Control, Imagestation | 2026-04-23 | 10.0 HIGH | N/A |
| Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3488 | 1 Sony | 1 Sony Network Camera Snc-p5 | 2026-04-23 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method. | |||||
| CVE-2008-1938 | 1 Sony | 1 Mylo Com 2 | 2026-04-23 | 6.4 MEDIUM | N/A |
| Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly verify web server SSL certificates, which allows remote attackers to obtain sensitive information and conduct spoofing attacks. | |||||
| CVE-2007-4785 | 1 Sony | 1 Micro Vault Fingerprint Access Software | 2026-04-23 | 6.8 MEDIUM | N/A |
| Sony Micro Vault Fingerprint Access Software, as distributed with Sony Micro Vault USM-F USB flash drives, installs a driver that hides a directory under %WINDIR%, which might allow remote attackers to bypass malware detection by placing files in this directory. | |||||
| CVE-2006-4289 | 1 Sony | 1 Vaio Media Server | 2026-04-16 | 10.0 HIGH | N/A |
| Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2006-4290 | 1 Sony | 1 Vaio Media Server | 2026-04-16 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors. | |||||
| CVE-2006-4235 | 1 Sony | 1 Sonicstage Mastering Studio | 2026-04-16 | 7.5 HIGH | N/A |
| Buffer overflow in the import project functionality in Sony SonicStage Mastering Studio 1.1.00 through 2.2.01 allows remote attackers to execute arbitrary code via a crafted SMP file. | |||||
| CVE-2005-1809 | 1 Sony | 2 P900, P900 Firmware | 2026-04-16 | 5.0 MEDIUM | N/A |
| Sony Ericsson P900 Beamer allows remote attackers to cause a denial of service (panic) via an obexftp session with a long filename in an OBEX File Transfer or OBEX Object Push. | |||||
| CVE-2002-2108 | 1 Sony | 1 Vaio Manual Cybersupport | 2026-04-16 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the "VAIO Manual" software in certain Sony VAIO personal computers sold from November 2001 to January 2002, allows remote attackers to modify data via a web page or HTML e-mail. | |||||
| CVE-2005-3474 | 1 Sony | 1 First4internet Xcp Content Management | 2026-04-16 | 4.6 MEDIUM | N/A |
| The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP. | |||||
| CVE-2005-3084 | 1 Sony | 1 Playstation Portable | 2026-04-16 | 5.0 MEDIUM | N/A |
| Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image. | |||||
| CVE-2006-4507 | 1 Sony | 1 Playstation Portable | 2026-04-16 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the Photo Viewer in the Sony PlaystationPortable (PSP) 2.00 through 2.80 allows local users to execute arbitrary code via crafted TIFF images. NOTE: due to lack of details, it is not clear whether this is related to other issues such as CVE-2006-3464 or CVE-2006-3465. | |||||
| CVE-2020-36924 | 1 Sony | 1 Bravia Signage | 2026-01-26 | N/A | 6.1 MEDIUM |
| Sony BRAVIA Digital Signage 1.7.8 contains a remote file inclusion vulnerability that allows attackers to inject arbitrary client-side scripts through the content material URL parameter. Attackers can exploit this vulnerability to hijack user sessions, execute cross-site scripting code, and modify display content by manipulating the input material type. | |||||
| CVE-2020-36922 | 1 Sony | 1 Bravia Signage | 2026-01-22 | N/A | 7.5 HIGH |
| Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests to the exposed system API. | |||||
| CVE-2020-36923 | 1 Sony | 1 Bravia Signage | 2026-01-22 | N/A | 9.8 CRITICAL |
| Sony BRAVIA Digital Signage 1.7.8 contains an insecure direct object reference vulnerability that allows attackers to bypass authorization controls. Attackers can access hidden system resources like '/#/content-creation' by manipulating client-side access restrictions. | |||||
| CVE-2020-36885 | 1 Sony | 2 Snc-dh120t, Snc-dh120t Firmware | 2026-01-02 | N/A | 9.8 CRITICAL |
| Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality, potentially causing remote code execution or denial of service. | |||||
| CVE-2025-62497 | 1 Sony | 2 Snc-cx600w, Snc-cx600w Firmware | 2025-12-01 | N/A | 6.5 MEDIUM |
| Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user accesses a specially crafted webpage while logged in, unintended operations may be performed. | |||||
| CVE-2025-64730 | 1 Sony | 2 Snc-cx600w, Snc-cx600w Firmware | 2025-12-01 | N/A | 6.1 MEDIUM |
| Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the product. | |||||
| CVE-2025-5475 | 1 Sony | 2 Xav-ax8500, Xav-ax8500 Firmware | 2025-07-08 | N/A | 7.5 HIGH |
| Sony XAV-AX8500 Bluetooth Packet Handling Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sony XAV-AX8500 devices. An attacker must first obtain the ability to pair a malicious Bluetooth device with the target system in order to exploit this vulnerability. The specific flaw exists within the handling of Bluetooth packets. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the elysian-bt-service process. Was ZDI-CAN-26283. | |||||
| CVE-2025-5476 | 1 Sony | 2 Xav-ax8500, Xav-ax8500 Firmware | 2025-07-08 | N/A | 8.8 HIGH |
| Sony XAV-AX8500 Bluetooth Improper Isolation Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected Sony XAV-AX8500 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of ACL-U links. The issue results from the lack of L2CAP channel isolation. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-26284. | |||||