Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-47631

EPSS 0.05% · P16
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-47631

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\Razer\Synapse3\Service\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if it detects malicious DLLs in this directory, attackers can exploit a race condition and replace a valid DLL (i.e., a copy of a legitimate Razer DLL) with a malicious DLL after the service has already checked the file. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Razer Synapse 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Razer Synapse是美国雷蛇(Razer)公司的一款应用程序。旨在配置和定制 Razer 的硬件系列。 Razer Synapse 存在安全漏洞。目前尚无此漏洞的相关信息,请随时关注CNNVD或厂商公告。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2022-47631

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-47631

登录查看更多情报信息。

Same Patch Batch · n/a · 2023-09-14 · 41 CVEs total

CVE-2023-261417.5 HIGHMike Perham sidekiq 数据伪造问题漏洞
CVE-2023-255846.3 MEDIUMOut of bounds read in parse_module function in bfd/vms-alpha.c
CVE-2023-326115.5 MEDIUMG_variant_byteswap() can take a long time with some non-normal inputs
CVE-2023-294995.5 MEDIUMGvariant offset table entry size is not checked in is_normal()
CVE-2023-326655.5 MEDIUMGvariant deserialisation does not match spec for non-normal data
CVE-2023-255854.7 MEDIUMField `file_table` of `struct module *module` is uninitialized
CVE-2023-255864.7 MEDIUMLocal variable `ch_type` in function `bfd_init_section_decompress_status` can be uninitial
CVE-2023-255884.7 MEDIUMField `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab
CVE-2023-49652.7 LOWphpipam Header redirect
CVE-2023-37739i-doit 路径遍历漏洞
CVE-2023-37755i-doit 信任管理问题漏洞
CVE-2023-41011China Mobile Intelligent Home Gateway 命令注入漏洞
CVE-2023-39286Mitel Connect Mobility Router 跨站请求伪造漏洞
CVE-2023-39285Mitel MiVoice Connect 跨站请求伪造漏洞
CVE-2023-41010China Telecom Tianyi Home Gateway 安全漏洞
CVE-2023-40779IceWarp Mail Server 输入验证错误漏洞
CVE-2023-36250GNOME Time Tracker 注入漏洞
CVE-2023-42180Lenosp 代码问题漏洞
CVE-2023-42178Lenosp SQL注入漏洞
CVE-2021-28485Ericsson Mobile Switching Center Server 路径遍历漏洞

Showing top 20 of 41 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2022-47631

No comments yet

Leave a comment