Vulnerabilities > Synaptics
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-27 | CVE-2023-6482 | Use of Hard-coded Credentials vulnerability in Synaptics Fingerprint Driver 6.0.00.1111 Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | 5.2 |
| 2023-10-11 | CVE-2023-4936 | Uncontrolled Search Path Element vulnerability in Synaptics Displaylink USB Graphics It is possible to sideload a compromised DLL during the installation at elevated privilege. | 7.8 |
| 2022-06-16 | CVE-2021-3675 | Out-of-bounds Write vulnerability in Synaptics Fingerprint Driver Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. | 7.1 |
| 2022-06-06 | CVE-2022-27438 | Download of Code Without Integrity Check vulnerability in multiple products Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. network high complexity caphyon realdefense prusa3d plagiarismcheckerx vigem nefarius moonsoftware getmailbird krylack jpsoft jki honeygain guzogo gamecaster gainedge fxsound freesnippingtool flamory emeditor codesector boom 3cx vpnhood vrdesktop urban-vpn xsplit rovio synaptics rstinstruments CWE-494 | 8.1 |
| 2020-07-22 | CVE-2019-18619 | Release of Invalid Pointer or Reference vulnerability in multiple products Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers. | 7.8 |
| 2020-07-22 | CVE-2019-18618 | Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table. | 6.0 |
| 2020-06-09 | CVE-2020-8337 | Unquoted Search Path or Element vulnerability in Synaptics Smart Audio UWP An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code. | 6.7 |
| 2019-06-05 | CVE-2019-9730 | Unspecified vulnerability in Synaptics Sound Device Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API. | 8.8 |