Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Synapse Security Vulnerabilities

cve
cve

CVE-2017-11652

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file.

8.4CVSS

8.1AI Score

0.001EPSS

2017-08-18 05:29 PM
26
cve
cve

CVE-2017-11653

Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.

7.8CVSS

7.6AI Score

0.0004EPSS

2017-08-18 05:29 PM
30
cve
cve

CVE-2017-14398

rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection.

7.8CVSS

7.4AI Score

0.0004EPSS

2017-09-13 08:29 AM
33
cve
cve

CVE-2017-9769

A specially crafted IOCTL can be issued to the rzpnk.sys driver in Razer Synapse 2.20.15.1104 that is forwarded to ZwOpenProcess allowing a handle to be opened to an arbitrary process.

9.8CVSS

9.2AI Score

0.232EPSS

2017-08-02 07:29 PM
61
cve
cve

CVE-2021-30493

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the ChromaBroadcast subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other wo...

5.5CVSS

5.4AI Score

0.001EPSS

2021-04-14 03:15 PM
19
4
cve
cve

CVE-2021-30494

Multiple system services installed alongside the Razer Synapse 3 software suite perform privileged operations on entries within the Razer Chroma SDK subkey. These privileged operations consist of file name concatenation of a runtime log file that is used to store runtime log information. In other w...

5.5CVSS

5.4AI Score

0.001EPSS

2021-04-14 03:15 PM
26
4
cve
cve

CVE-2021-44226

Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.

7.3CVSS

7.4AI Score

0.001EPSS

2022-03-23 10:15 PM
67
cve
cve

CVE-2022-47631

Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM u...

7.8CVSS

7.6AI Score

0.0004EPSS

2023-09-14 10:15 PM
12
cve
cve

CVE-2022-47632

Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and...

6.8CVSS

6.9AI Score

0.001EPSS

2023-01-27 03:15 PM
25