Search

Find a vulnerability

Search criteria

    3 vulnerabilities found for Music Center by Sony Video & Sound Products Inc.

    JVNDB-2018-000103

    Vulnerability from jvndb - Published: 2018-10-09 16:22 - Updated:2019-07-26 15:57
    Severity
    Summary
    Music Center for PC improperly verifies software update files
    Details
    Music Center for PC provided by Sony Video & Sound Products Inc. contains an issue in software update process (CWE-669). As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed. DigiGnome reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000103.html",
      "dc:date": "2019-07-26T15:57+09:00",
      "dcterms:issued": "2018-10-09T16:22+09:00",
      "dcterms:modified": "2019-07-26T15:57+09:00",
      "description": "Music Center for PC provided by Sony Video \u0026 Sound Products Inc. contains an issue in software update process (CWE-669). As a result, under a man-in-the-middle attack, a specially crafted executable file may be downloaded and executed.\r\n\r\nDigiGnome reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000103.html",
      "sec:cpe": {
        "#text": "cpe:/a:sony:music_center",
        "@product": "Music Center",
        "@vendor": "Sony Video \u0026 Sound Products Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "5.1",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.5",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2018-000103",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN36623716/",
          "@id": "JVN#36623716",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0690",
          "@id": "CVE-2018-0690",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0690",
          "@id": "CVE-2018-0690",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "Music Center for PC improperly verifies software update files"
    }

    JVNDB-2017-000250

    Vulnerability from jvndb - Published: 2017-12-22 15:50 - Updated:2018-04-04 13:53
    Severity
    Summary
    The installer of Music Center for PC may insecurely load Dynamic Link Libraries
    Details
    Music Center for PC provided by Sony Video & Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Note that this vulnerability is different from JVN#08517069. DigiGnome(@biz4g) reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Impacted products
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000250.html",
      "dc:date": "2018-04-04T13:53+09:00",
      "dcterms:issued": "2017-12-22T15:50+09:00",
      "dcterms:modified": "2018-04-04T13:53+09:00",
      "description": "Music Center for PC provided by Sony Video \u0026 Sound Products Inc. is a file management tool. The installer of Music Center for PC contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nNote that this vulnerability is different from JVN#08517069.\r\n\r\nDigiGnome(@biz4g) reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000250.html",
      "sec:cpe": {
        "#text": "cpe:/a:sony:music_center",
        "@product": "Music Center",
        "@vendor": "Sony Video \u0026 Sound Products Inc.",
        "@version": "2.2"
      },
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000250",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN60695371/index.html",
          "@id": "JVN#60695371",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10909",
          "@id": "CVE-2017-10909",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10909",
          "@id": "CVE-2017-10909",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "The installer of Music Center for PC may insecurely load Dynamic Link Libraries"
    }

    JVNDB-2017-000239

    Vulnerability from jvndb - Published: 2017-11-21 15:40 - Updated:2018-03-14 14:25
    Severity
    Summary
    The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries
    Details
    Media Go and Music Center for PC provided by Sony Group are file management tools. The installer of Media Go and Music Center for PC contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427). Eili Masami of Tachibana Lab. and Shun Suzaki reported CVE-2017-10891 vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
    Show details on JVN DB website

    {
      "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000239.html",
      "dc:date": "2018-03-14T14:25+09:00",
      "dcterms:issued": "2017-11-21T15:40+09:00",
      "dcterms:modified": "2018-03-14T14:25+09:00",
      "description": "Media Go and Music Center for PC provided by Sony Group are file management tools. The installer of Media Go and Music Center for PC contain an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries (CWE-427).\r\n\r\nEili Masami of Tachibana Lab. and Shun Suzaki reported CVE-2017-10891 vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
      "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000239.html",
      "sec:cpe": [
        {
          "#text": "cpe:/a:sony:media-go",
          "@product": "Media Go",
          "@vendor": "Sony Video \u0026 Sound Products Inc.",
          "@version": "2.2"
        },
        {
          "#text": "cpe:/a:sony:music_center",
          "@product": "Music Center",
          "@vendor": "Sony Video \u0026 Sound Products Inc.",
          "@version": "2.2"
        }
      ],
      "sec:cvss": [
        {
          "@score": "6.8",
          "@severity": "Medium",
          "@type": "Base",
          "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "@version": "2.0"
        },
        {
          "@score": "7.8",
          "@severity": "High",
          "@type": "Base",
          "@vector": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "@version": "3.0"
        }
      ],
      "sec:identifier": "JVNDB-2017-000239",
      "sec:references": [
        {
          "#text": "http://jvn.jp/en/jp/JVN08517069/index.html",
          "@id": "JVN#08517069",
          "@source": "JVN"
        },
        {
          "#text": "https://jvn.jp/en/ta/JVNTA91240916/index.html",
          "@id": "JVNTA#91240916",
          "@source": "JVN"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10891",
          "@id": "CVE-2017-10891",
          "@source": "CVE"
        },
        {
          "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10892",
          "@id": "CVE-2017-10892",
          "@source": "CVE"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10891",
          "@id": "CVE-2017-10891",
          "@source": "NVD"
        },
        {
          "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10892",
          "@id": "CVE-2017-10892",
          "@source": "NVD"
        },
        {
          "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
          "@id": "CWE-Other",
          "@title": "No Mapping(CWE-Other)"
        }
      ],
      "title": "The installer of Media Go and Music Center for PC may insecurely load Dynamic Link Libraries"
    }