Vulnerabilities > Valvesoftware
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-27 | CVE-2020-7952 | Unspecified vulnerability in Valvesoftware Dota 2 7.23E rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. network valvesoftware | 6.8 |
| 2020-01-27 | CVE-2020-7951 | Unspecified vulnerability in Valvesoftware Dota 2 meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. network valvesoftware | 6.8 |
| 2020-01-27 | CVE-2020-7950 | Unspecified vulnerability in Valvesoftware Dota 2 7.23E meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call. network valvesoftware | 6.8 |
| 2020-01-27 | CVE-2020-7949 | Unspecified vulnerability in Valvesoftware Dota 2 7.23E schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call. network valvesoftware | 6.8 |
| 2019-10-04 | CVE-2019-17180 | Path Traversal vulnerability in Valvesoftware Steam Client Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. | 7.2 |
| 2019-09-19 | CVE-2019-15943 | Out-of-bounds Write vulnerability in Valvesoftware Counter-Strike: Global Offensive vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call. | 6.8 |
| 2019-09-05 | CVE-2019-15944 | Improper Encoding or Escaping of Output vulnerability in Valvesoftware Counter-Strike:Global Offensive In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message. | 5.0 |
| 2019-08-21 | CVE-2019-15316 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition. | 6.9 |
| 2019-08-21 | CVE-2019-15315 | Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch. | 7.2 |
| 2019-08-07 | CVE-2019-14743 | Incorrect Permission Assignment for Critical Resource vulnerability in Valvesoftware Steam Client In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access. | 7.2 |