Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
valvesoftware vulnerabilities and exploits
(subscribe to this query)
9
CVSSv3
CVE-2021-30481
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
Valvesoftware Steam Client
1 Github repository
7.3
CVSSv3
CVE-2023-30382
A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows malicious users to execute arbitrary code and escalate privileges by supplying crafted parameters.
Valvesoftware Half-life -
NA
CVE-2015-4016
The client detection protocol in Valve Steam allows remote malicious users to cause a denial of service (process crash) via a crafted response to a broadcast packet.
Valvesoftware Steam Client
7.8
CVSSv3
CVE-2020-9005
meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote malicious users to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. A GetValue call is mishandled.
Valvesoftware Dota 2
7.8
CVSSv3
CVE-2020-7951
meshsystem.dll in Valve Dota 2 prior to 7.23e allows remote malicious users to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption.
Valvesoftware Dota 2
7.8
CVSSv3
CVE-2020-7949
schemasystem.dll in Valve Dota 2 prior to 7.23f allows remote malicious users to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.
Valvesoftware Dota 2
7.8
CVSSv3
CVE-2020-7952
rendersystemdx9.dll in Valve Dota 2 prior to 7.23f allows remote malicious users to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption.
Valvesoftware Dota 2
7.8
CVSSv3
CVE-2020-7950
meshsystem.dll in Valve Dota 2 prior to 7.23f allows remote malicious users to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call.
Valvesoftware Dota 2
NA
CVE-2015-7985
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.
Valvesoftware Steam Client 2.10.91.91
1 EDB exploit
2 Github repositories
9.8
CVSSv3
CVE-2020-6017
Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and pos...
Valvesoftware Game Networking Sockets
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »