Vulnerabilities > Valvesoftware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-17 | CVE-2020-9005 | Out-of-bounds Write vulnerability in Valvesoftware Dota 2 20200217/7.23E/7.23F meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. | 6.8 |
| 2020-01-27 | CVE-2020-7952 | Unspecified vulnerability in Valvesoftware Dota 2 7.23E rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. network valvesoftware | 6.8 |
| 2020-01-27 | CVE-2020-7951 | Unspecified vulnerability in Valvesoftware Dota 2 meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. network valvesoftware | 6.8 |
| 2020-01-27 | CVE-2020-7950 | Unspecified vulnerability in Valvesoftware Dota 2 7.23E meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call. network valvesoftware | 6.8 |
| 2020-01-27 | CVE-2020-7949 | Unspecified vulnerability in Valvesoftware Dota 2 7.23E schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call. network valvesoftware | 6.8 |
| 2019-10-04 | CVE-2019-17180 | Path Traversal vulnerability in Valvesoftware Steam Client Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. | 7.2 |
| 2019-09-19 | CVE-2019-15943 | Out-of-bounds Write vulnerability in Valvesoftware Counter-Strike: Global Offensive vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call. | 6.8 |
| 2019-09-05 | CVE-2019-15944 | Improper Encoding or Escaping of Output vulnerability in Valvesoftware Counter-Strike:Global Offensive In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message. | 5.0 |
| 2019-08-21 | CVE-2019-15316 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition. | 6.9 |
| 2019-08-21 | CVE-2019-15315 | Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch. | 7.2 |