132 matches found
Race condition
Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM...
CVE-2022-47631
Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM...
CVE-2022-47631
Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM...
CVE-2022-47631
CVE-2022-47631 affects Razer Synapse up to version 3.7.1209.121307 (and earlier). The issue is a time‑of‑check/time‑of‑use race involving an unsafe installation path and improper privilege management that allows local users to escalate to administrator by replacing a legitimate DLL in %PROGRAMDAT...
PT-2023-15443 · Razer · Razer Synapse
Name of the Vulnerable Software and Affected Versions: Razer Synapse versions 3.7.1209.121307 and earlier Description: The issue allows for privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%RazerSynapse3Servicebin...
Razer Synapse 3.7.0731.072516 Local Privilege Escalation Vulnerability
Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions before 3.7.0830.081906 Tested Versions: 3.7.0731.072516 Vulnerability Type: Improper Certificate Validation CWE-295 Risk Level: High Solution Status: Open Manufacturer Notification: 2022-08-02 Solution Date: 2022-09-06...
CVE-2022-47632
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed a...
CVE-2022-47632
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed a...
Privilege escalation
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed a...
CVE-2022-47632
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed a...
Razer Synapse 3.7.0731.072516 Local Privilege Escalation
Advisory ID: SYSS-2022-047 Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions before 3.7.0830.081906 Tested Versions: 3.7.0731.072516 Vulnerability Type: Improper Certificate Validation CWE-295 Risk Level: High Solution Status: Open Manufacturer Notification: 2022-08-02...
CVE-2022-47632
Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed a...
Razer Synapse 代码问题漏洞
Razer Synapse is an application from Razer, Inc. designed to configure and customize Razer's line of hardware. A security vulnerability exists in versions prior to Razer Synapse 3.7.0830.081906 that stems from its insecure installation path, improper privilege management, and improper certificate...
CVE-2022-47632
CVE-2022-47632 affects Razer Synapse pre-3.7.0830.081906. The vulnerability stems from an unsafe installation path, improper privilege management, and improper certificate validation that enables DLL hijacking via a malicious DLL placed in %PROGRAMDATA%\Razer\Synapse3\Service\bin before the servi...
Razer Synapse 安全漏洞
Razer Synapse is an application from Razer, Inc. designed to configure and customize Razer's line of hardware. A security vulnerability exists in Razer Synapse. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the manufacturer's announcement...
Razer Synapse 3.6.x DLL Hijacking
Advisory ID: SYSS-2021-058 Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions prior to 3.7.0228.022817 Tested Versions: 3.6.0920.091710, 3.6.1010.101113, 3.6.1018.101823, 3.6.1130.111217, 3.6.1201.111814, 3.7.0131.011810 Vulnerability Type: Improper Privilege Management...
CVE-2021-44226
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there...
Privilege escalation
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there...
Razer Synapse 3 代码问题漏洞
Razer Synapse 3 is an application from Razer USA, Inc. A cloud-based unified hardware configuration tool. A security vulnerability exists in Razer Synapse prior to version 3.7.0228.022817 that stems from the fact that Razer Synapse prior to version 3.7.0228.022817 allows privilege escalation...
CVE-2021-44226
CVE-2021-44226 affects Razer Synapse prior to 3.7.0228.022817. The vulnerability arises from relying on the directory %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer was created by an unprivileged user before installation, allowing an unprivileged user to place trojan horse D...