Sony : Security Vulnerabilities, CVEs, (Denial of service)
Sony Bravia Smart TV devices allow remote attackers to cause a denial of service (device hang or reboot) via a SYN flood attack over a wired or Wi-Fi LAN.
Max CVSS
7.8
EPSS Score
5.01%
Published
2019-07-09
Updated
2020-08-24
Sony BRAVIA Smart TV devices allow remote attackers to cause a denial of service (device hang) via a crafted web page over HbbTV.
Max CVSS
7.8
EPSS Score
1.92%
Published
2019-07-09
Updated
2020-08-24
The Sony Xperia L1 Android device with a build fingerprint of Sony/G3313/G3313:7.0/43.0.A.6.49/2867558199:user/release-keys contains the android framework (i.e., system_server) with a package name of android (versionCode=24, versionName=7.0) that has been modified by Sony or another entity in the supply chain. The system_server process in the core android package has an exported broadcast receiver that allows any app co-located on the device to programmatically initiate the taking of a screenshot and have the resulting screenshot be written to external storage. The taking of a screenshot is not transparent to the user; the device has a screen animation as the screenshot is taken and there is a notification indicating that a screenshot occurred. If the attacking app also requests the EXPAND_STATUS_BAR permission, it can wake the device up using certain techniques and expand the status bar to take a screenshot of the user's notifications even if the device has an active screen lock. The notifications may contain sensitive data such as text messages used in two-factor authentication. The system_server process that provides this capability cannot be disabled, as it is part of the Android framework. The notification can be removed by a local Denial of Service (DoS) attack to reboot the device.
Max CVSS
5.5
EPSS Score
0.04%
Published
2019-04-25
Updated
2019-05-02
The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116.
Max CVSS
7.8
EPSS Score
9.73%
Published
2012-04-11
Updated
2017-12-20
Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.
Max CVSS
9.3
EPSS Score
22.24%
Published
2012-06-07
Updated
2017-08-29
The web browser on the Sony PLAYSTATION 3 (PS3) allows remote attackers to cause a denial of service (memory consumption and console hang) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
Max CVSS
7.8
EPSS Score
3.07%
Published
2009-07-20
Updated
2018-10-10
The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and Playstation Portable (PSP) 3.10 OE-A allows remote attackers to cause a denial of service via a flood of UDP packets.
Max CVSS
7.8
EPSS Score
1.28%
Published
2007-03-28
Updated
2018-10-16
Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image.
Max CVSS
5.0
EPSS Score
0.16%
Published
2005-09-27
Updated
2008-09-05
Sony Ericsson P900 Beamer allows remote attackers to cause a denial of service (panic) via an obexftp session with a long filename in an OBEX File Transfer or OBEX Object Push.
Max CVSS
5.0
EPSS Score
0.17%
Published
2005-06-01
Updated
2020-12-08
9 vulnerabilities found