Vulnerabilities > Razer > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-14 CVE-2022-47631 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Razer Synapse
Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management.
local
high complexity
razer CWE-367
7.8
2023-07-14 CVE-2023-3513 Improper Privilege Management vulnerability in Razer Central
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.
local
low complexity
razer CWE-269
7.8
2023-07-14 CVE-2023-3514 Improper Privilege Management vulnerability in Razer Central
Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file.
local
low complexity
razer CWE-269
7.8
2023-02-27 CVE-2022-45697 Link Following vulnerability in Razer Central
Arbitrary File Delete vulnerability in Razer Central before v7.8.0.381 when handling files in the Accounts directory.
local
low complexity
razer CWE-59
7.8
2022-03-23 CVE-2021-44226 Uncontrolled Search Path Element vulnerability in Razer Synapse
Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\Razer\Synapse3\Service\bin even if %PROGRAMDATA%\Razer has been created by any unprivileged user before Synapse is installed.
local
low complexity
razer CWE-427
7.3
2020-09-02 CVE-2020-16602 Race Condition vulnerability in Razer Chroma SDK
Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers to execute arbitrary programs because there is a race condition in which a file created under "%PROGRAMDATA%\Razer Chroma\SDK\Apps" can be replaced before it is executed by the server.
network
high complexity
razer CWE-362
8.1