Vulnerabilities > Valvesoftware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-10 | CVE-2021-30481 | Classic Buffer Overflow vulnerability in Valvesoftware Steam Client Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. | 6.0 |
| 2020-02-17 | CVE-2020-9005 | Out-of-bounds Write vulnerability in Valvesoftware Dota 2 20200217/7.23E/7.23F meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. | 6.8 |
| 2020-01-27 | CVE-2020-7952 | Unspecified vulnerability in Valvesoftware Dota 2 7.23E rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. network valvesoftware | 6.8 |
| 2020-01-27 | CVE-2020-7951 | Unspecified vulnerability in Valvesoftware Dota 2 meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. network valvesoftware | 6.8 |
| 2020-01-27 | CVE-2020-7950 | Unspecified vulnerability in Valvesoftware Dota 2 7.23E meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call. network valvesoftware | 6.8 |
| 2020-01-27 | CVE-2020-7949 | Unspecified vulnerability in Valvesoftware Dota 2 7.23E schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call. network valvesoftware | 6.8 |
| 2019-09-19 | CVE-2019-15943 | Out-of-bounds Write vulnerability in Valvesoftware Counter-Strike: Global Offensive vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call. | 6.8 |
| 2019-09-05 | CVE-2019-15944 | Improper Encoding or Escaping of Output vulnerability in Valvesoftware Counter-Strike:Global Offensive In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message. | 5.0 |
| 2019-08-21 | CVE-2019-15316 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition. | 6.9 |
| 2019-05-20 | CVE-2018-12270 | Improper Input Validation vulnerability in Valvesoftware Steam Client 1528829181 In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites. | 5.8 |