Vulnerabilities > Razer > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-14 | CVE-2022-47631 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Razer Synapse Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. | 7.8 |
| 2023-07-14 | CVE-2023-3513 | Improper Privilege Management vulnerability in Razer Central Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization. | 7.8 |
| 2023-07-14 | CVE-2023-3514 | Improper Privilege Management vulnerability in Razer Central Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file. | 7.8 |
| 2023-02-27 | CVE-2022-45697 | Link Following vulnerability in Razer Central Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory. | 7.8 |
| 2022-06-09 | CVE-2022-29014 | Unspecified vulnerability in Razer Sila Firmware 2.0.441Api2.0.418 A local file inclusion vulnerability in Razer Sila Gaming Router v2.0.441_api-2.0.418 allows attackers to read arbitrary files. | 7.5 |
| 2022-03-23 | CVE-2021-44226 | Uncontrolled Search Path Element vulnerability in Razer Synapse Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed. | 7.3 |
| 2020-09-02 | CVE-2020-16602 | Race Condition vulnerability in Razer Chroma SDK Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server. | 8.1 |
| 2017-09-13 | CVE-2017-14398 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Razer Synapse 2.20.15.1104 rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and write to arbitrary memory locations, and consequently gain privileges, via a methodology involving a handle to \Device\PhysicalMemory, IOCTL 0x22A064, and ZwMapViewOfSection. | 7.8 |
| 2017-08-18 | CVE-2017-11653 | Incorrect Permission Assignment for Critical Resource vulnerability in Razer Synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the Devices directory, which allows local users to gain privileges via a Trojan horse (1) RazerConfigNative.dll or (2) RazerConfigNativeLOC.dll file. | 7.8 |
| 2017-08-18 | CVE-2017-11652 | Incorrect Permission Assignment for Critical Resource vulnerability in Razer Synapse Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the CrashReporter directory, which allows local users to gain privileges via a Trojan horse dbghelp.dll file. | 8.4 |