Vulnerabilities (CVE)

Filtered by vendor Synaptics Subscribe
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-6482 1 Synaptics 1 Fingerprint Driver 2024-11-21 N/A 5.2 MEDIUM
Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database.
CVE-2023-4936 1 Synaptics 1 Displaylink Usb Graphics 2024-11-21 N/A 5.5 MEDIUM
It is possible to sideload a compromised DLL during the installation at elevated privilege.
CVE-2022-27438 29 3cx, Boom, Caphyon and 26 more 99 Call Flow Designer, Crm Template Generator, Boomtv Streamer Portal and 96 more 2024-11-21 5.1 MEDIUM 8.1 HIGH
Caphyon Ltd Advanced Installer 19.3 and earlier and many products that use the updater from Advanced Installer (Advanced Updater) are affected by a remote code execution vulnerability via the CustomDetection parameter in the update check function. To exploit this vulnerability, a user must start an affected installation to trigger the update check.
CVE-2021-3675 1 Synaptics 1 Fingerprint Driver 2024-11-21 3.6 LOW 5.5 MEDIUM
Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.xx.1058 versions prior to xx=44 on x86/64; 5.5.xx.1102 versions prior to xx=34 on x86/64; 5.5.xx.1116 versions prior to xx=14 on x86/64; 6.0.xx.1104 versions prior to xx=50 on x86/64; 6.0.xx.1108 versions prior to xx=31 on x86/64; 6.0.xx.1111 versions prior to xx=58 on x86/64.
CVE-2020-8337 2 Lenovo, Synaptics 83 5-15ikb, Air-14 2019, C340-14iwl and 80 more 2024-11-21 7.2 HIGH 6.7 MEDIUM
An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code.
CVE-2019-9730 1 Synaptics 1 Sound Device 2024-11-21 7.2 HIGH 8.8 HIGH
Incorrect access control in the CxUtilSvc component of the Synaptics Sound Device drivers prior to version 2.29 allows a local attacker to increase access privileges to the Windows Registry via an unpublished API.
CVE-2019-18619 3 Hp, Lenovo, Synaptics 224 Envy - 13t-ah100, Envy - 13t-ah100 Firmware, Envy - 13t-aq100 and 221 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
Incorrect parameter validation in the synaTee component of Synaptics WBF drivers using an SGX enclave (all versions prior to 2019-11-15) allows a local user to execute arbitrary code in the enclave (that can compromise confidentiality of enclave data) via APIs that accept invalid pointers.
CVE-2019-18618 3 Hp, Lenovo, Synaptics 266 Elite Slice, Elite Slice Firmware, Elite X2 1012 G2 and 263 more 2024-11-21 3.6 LOW 6.0 MEDIUM
Incorrect access control in the firmware of Synaptics VFS75xx family fingerprint sensors that include external flash (all versions prior to 2019-11-15) allows a local administrator or physical attacker to compromise the confidentiality of sensor data via injection of an unverified partition table.