CPE-D5F3A5B8-D603-455F-ABC0-2F0ECA8B1448 Détail

CPE Details

Razer Synapse 2.20.15.1031

Vendor

razer

Product

synapse

Version

2.20.15.1031

Created

2021-07-23
12h39 +00:00

Modifié

2021-07-26
15h39 +00:00

Liens officiels

CPE NVD

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Gestion des notifications

Liste des Notifications

Alerte pour un CPE

Restez informé de toutes modifications pour un CPE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

CPE ID

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

CPE Name: cpe:2.3:a:razer:synapse:2.20.15.1031:::::::*

Informations

Vendor

razer

Product

synapse

Version

2.20.15.1031

Related CVE

Open and find in CVE List

CVE ID	Publié	Description	Score	Gravité
CVE-2022-47631	2023-09-13 22h00 +00:00	Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if it detects malicious DLLs in this directory, attackers can exploit a race condition and replace a valid DLL (i.e., a copy of a legitimate Razer DLL) with a malicious DLL after the service has already checked the file. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.	7.8	Haute
CVE-2022-47632	2023-01-26 23h00 +00:00	Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.	6.8	Moyen
CVE-2021-44226	2022-03-22 23h00 +00:00	Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.	7.3	Haute
CVE-2017-11652	2017-08-18 15h00 +00:00	Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file.	8.4	Haute
CVE-2017-11653	2017-08-18 15h00 +00:00	Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file.	7.8	Haute

Razer Synapse 2.20.15.1031

CPE Details

CPE Name: cpe:2.3:a:razer:synapse:2.20.15.1031:*:*:*:*:*:*:*

Informations

Vendor

Product

Version

Related CVE

CPE Name: cpe:2.3:a:razer:synapse:2.20.15.1031:::::::*