Vulnerabilities > Valvesoftware > Steam Client > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-04-10 | CVE-2021-30481 | Classic Buffer Overflow vulnerability in Valvesoftware Steam Client Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. | 6.0 |
| 2019-08-21 | CVE-2019-15316 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Valvesoftware Steam Client Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition. | 6.9 |
| 2019-05-20 | CVE-2018-12270 | Improper Input Validation vulnerability in Valvesoftware Steam Client 1528829181 In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites. | 5.8 |
| 2015-05-20 | CVE-2015-4016 | Improper Input Validation vulnerability in Valvesoftware Steam Client 2.10.91.91 The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet. | 5.0 |