聚合 NVD、CVE 及多源情資,深度解析 RCE 等高危風險。系統整合 CVSS 與 EPSS 模型,動態追蹤 Exploit 資源與 PoC 公開狀態,研判可利用性。結合官方修補與修復方案,優化漏洞管理優先級,縮短回應週期,保障資產安全。
指派機構(CNA / 來源):[email protected] 移除此篩選
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2021-3675 | Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint Driver 5.1.xxx.26 versions prior to xxx=340 on x86/64; 5.2.xxxx.26 versions prior to xxxx=3541 on x86/64; 5.2.2xx.26 versions prior to xx=29 on x86/64; 5.2.3xx.26 versions prior to xx=25 on x86/64; 5.3.xxxx.26 versions prior to xxxx=3543 on x86/64; 5.5.x | 5.5 | 0.26% | 2022-06-16 | 2026-06-17 |
| CVE-2021-3676 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | 無 | 0.04% | 2022-06-02 | 2023-11-06 |
| CVE-2023-4936 | It is possible to sideload a compromised DLL during the installation at elevated privilege. | 5.5 | 0.21% | 2023-10-11 | 2026-06-17 |
| CVE-2023-5447 | Missing lock check in SynHsaService may create a use-after-free condition which causes abnormal termination of the service, resulting in denial of service for the Synaptics Hardware Support App. | 5.5 | 0.16% | 2024-05-14 | 2026-06-17 |
| CVE-2023-6482 | Use of encryption key derived from static information in Synaptics Fingerprint Driver allows an attacker to set up a TLS session with the fingerprint sensor and send restricted commands to the fingerprint sensor. This may allow an attacker, who has physical access to the sensor, to enroll a fingerprint into the template database. | 5.2 | 0.07% | 2024-01-26 | 2026-06-17 |
| CVE-2024-9157 | ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record’s reference information. | 7.8 | 0.33% | 2025-03-11 | 2026-06-17 |
| CVE-2025-11772 | A carefully crafted DLL, copied to C:\ProgramData\Synaptics folder, allows a local user to execute arbitrary code with elevated privileges during driver installation. | 6.6 | 0.14% | 2025-12-01 | 2026-06-17 |