Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Synaptics Security Vulnerabilities

cve
cve

CVE-2019-18618

Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.

6CVSS

6.4AI Score

0.0004EPSS

2020-07-22 02:15 PM
43
cve
cve

CVE-2019-18619

Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.

7.8CVSS

7.7AI Score

0.0004EPSS

2020-07-22 02:15 PM
37
cve
cve

CVE-2019-9730

Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API.

8.8CVSS

8.4AI Score

0.0004EPSS

2019-06-05 04:29 PM
57
cve
cve

CVE-2020-8337

An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.

6.7CVSS

6.8AI Score

0.0004EPSS

2020-06-09 08:15 PM
28
cve
cve

CVE-2021-3675

Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64...

7.1CVSS

6.7AI Score

0.0004EPSS

2022-06-16 05:15 PM
46
5
cve
cve

CVE-2022-27438

Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an...

8.1CVSS

8.3AI Score

0.075EPSS

2022-06-06 11:15 PM
83
9
cve
cve

CVE-2023-4936

It is possible to sideload a compromised DLL during the installation at elevated privilege.

7.8CVSS

7.5AI Score

0.001EPSS

2023-10-11 05:15 PM
37
cve
cve

CVE-2023-6482

Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This mayallow an attacker, who has physical access to the sensor, to enroll a fingerpr...

5.2CVSS

5.1AI Score

0.0004EPSS

2024-01-27 01:15 AM
48