Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Steam Client Security Vulnerabilities

cve
cve

CVE-2015-4016

The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet.

6.7AI Score

0.012EPSS

2015-05-20 06:59 PM
20
cve
cve

CVE-2015-7985

Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.

6.7AI Score

0.001EPSS

2015-11-24 08:59 PM
25
cve
cve

CVE-2018-12270

In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites.

5.4CVSS

5.4AI Score

0.001EPSS

2019-05-20 02:29 PM
20
cve
cve

CVE-2019-14743

In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users group, which allows local users to gain NT AUTHORITY\SYSTEM access.

6.6CVSS

6.8AI Score

0.0004EPSS

2019-08-07 03:15 PM
44
cve
cve

CVE-2019-15315

Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll with older versions that lack the CVE-2019-14743 patch.

7.8CVSS

6.7AI Score

0.0004EPSS

2019-08-21 08:15 PM
26
cve
cve

CVE-2019-15316

Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to leverage a TOCTOU race condition.

7CVSS

7.1AI Score

0.001EPSS

2019-08-21 08:15 PM
18
cve
cve

CVE-2019-17180

Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file modifications on Windows in the context of NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or unspecified other impact.

7.8CVSS

7.6AI Score

0.001EPSS

2019-10-04 08:15 PM
172
cve
cve

CVE-2020-15530

An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this tim...

7.8CVSS

7.6AI Score

0.0004EPSS

2020-07-05 01:15 AM
42
cve
cve

CVE-2021-24476

The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting issue

5.4CVSS

5.2AI Score

0.001EPSS

2021-08-02 11:15 AM
27
4
cve
cve

CVE-2021-30481

Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.

9CVSS

9.3AI Score

0.072EPSS

2021-04-10 07:15 PM
69
21