Lucene search
K
RazerSynapse

12 matches found

CVE
CVE
added 2022/03/23 12:0 a.m.103 views

CVE-2021-44226

CVE-2021-44226 affects Razer Synapse prior to 3.7.0228.022817. The vulnerability arises from relying on the directory %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer was created by an unprivileged user before installation, allowing an unprivileged user to place trojan horse D...

7.3CVSS7.4AI score0.00889EPSS
CVE
CVE
added 2017/08/02 7:0 p.m.92 views

CVE-2017-9769

CVE-2017-9769 affects Razer Synapse, where a crafted IOCTL sent to the rzpnk.sys driver is forwarded to ZwOpenProcess, allowing opening a handle to an arbitrary process and enabling local privilege escalation. Public materials describe reading/writing memory and potential code execution via a hoo...

10CVSS9.2AI score0.85539EPSS
CVE
CVE
added 2017/09/13 8:0 a.m.60 views

CVE-2017-14398

The CVE-2017-14398 entry affects Razer Synapse using rzpnk.sys (v2.20.15.1104). The vulnerability enables local elevation of privilege by a local attacker who uses a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection to read/write arbitrary memory locations. This results in ...

7.8CVSS7.4AI score0.00288EPSS
CVE
CVE
added 2021/04/14 2:50 p.m.53 views

CVE-2021-30494

The CVE-2021-30494 entry concerns Razer Synapse 3 and the Razer Chroma SDK. The connected documents describe that multiple system services installed with the Razer Synapse 3 suite perform privileged operations on entries within the Chroma SDK subkey, specifically involving file name concatenation...

5.5CVSS5.4AI score0.00495EPSS
CVE
CVE
added 2017/08/18 5:0 p.m.51 views

CVE-2017-11653

CVE-2017-11653 affects Razer Synapse 2.20.15.1104 and earlier. The vulnerability arises from weak permissions on the Devices directory, enabling local privilege escalation via a trojan horse using one of two DLLs: RazerConfigNative.dll or RazerConfigNativeLOC.dll. The impact is local privilege es...

7.8CVSS7.6AI score0.00358EPSS
CVE
CVE
added 2023/01/27 12:0 a.m.50 views

CVE-2022-47632

CVE-2022-47632 affects Razer Synapse pre-3.7.0830.081906. The vulnerability stems from an unsafe installation path, improper privilege management, and improper certificate validation that enables DLL hijacking via a malicious DLL placed in %PROGRAMDATA%\Razer\Synapse3\Service\bin before the servi...

6.8CVSS6.9AI score0.00633EPSS
CVE
CVE
added 2017/08/18 5:0 p.m.44 views

CVE-2017-11652

Razer Synapse 2.20.15.1104 and earlier suffer weak permissions on the CrashReporter directory, enabling local attackers to gain privileges by dropping a malicious dbghelp.dll. Affected component: CrashReporter handling in Razer Synapse; root cause: insecure directory permissions facilitating DLL ...

8.4CVSS8.1AI score0.00411EPSS
CVE
CVE
added 2021/04/14 2:49 p.m.41 views

CVE-2021-30493

CVE-2021-30493 describes a vulnerability in the Razer Synapse 3 software where multiple system services perform privileged operations on entries within the ChromaBroadcast subkey, specifically involving file name concatenation of a runtime log file used to store runtime log information. The resul...

5.5CVSS5.4AI score0.00515EPSS
CVE
CVE
added 2023/09/14 12:0 a.m.39 views

CVE-2022-47631

CVE-2022-47631 affects Razer Synapse up to version 3.7.1209.121307 (and earlier). The issue is a time‑of‑check/time‑of‑use race involving an unsafe installation path and improper privilege management that allows local users to escalate to administrator by replacing a legitimate DLL in %PROGRAMDAT...

7.8CVSS7.6AI score0.00378EPSS
CVE
CVE
added 2025/10/29 7:33 p.m.21 views

CVE-2025-9871

CVE-2025-9871 describes a local privilege escalation in Razer Synapse 3 via the Razer Chroma SDK installer. The root cause is a symbolic link abuse in the installer that can be leveraged to delete arbitrary files, enabling an attacker who already has low-privilege code execution to escalate to SY...

7.8CVSS7.7AI score0.00175EPSS
CVE
CVE
added 2025/10/29 7:33 p.m.16 views

CVE-2025-9869

CVE-2025-9869 concerns a local privilege escalation in Razer Synapse 3 Macro Module . The flaw exists in the Razer Synapse Service where an attacker can abuse a created symbolic link to delete arbitrary files. This may allow an attacker to escalate privileges and execute arbitrary code in the con...

7.8CVSS7.7AI score0.00175EPSS
CVE
CVE
added 2025/10/29 7:34 p.m.12 views

CVE-2025-9870

CVE-2025-9870 : Local privilege escalation in Razer Synapse 3 via the Philips Hue module installer. The flaw arises from a symbolic link in the Philips Hue installer that allows an attacker with low-privilege code execution to abuse the installer and delete arbitrary files, enabling code executio...

7.8CVSS7.7AI score0.00175EPSS