Lucene search
K
ValvesoftwareSteam Client

9 matches found

CVE
CVE
added 2021/04/10 6:31 p.m.229 views

CVE-2021-30481

CVE-2021-30481 affects Valve Steam (with Source engine) up to around April 2021. A buffer overflow triggered by a Steam invite after one click allows remote authenticated code execution, via the installed Source engine game. Public Red Hat, CNVD, CNNVD and other records corroborate the vulnerabil...

9CVSS9.3AI score0.03504EPSS
CVE
CVE
added 2019/10/04 7:21 p.m.202 views

CVE-2019-17180

Summary: CVE-2019-17180 affects Valve Steam Client prior to 2019-09-12. The vulnerability allows placing or appending partially controlled filesystem content, demonstrated by file modifications on Windows under NT AUTHORITY\SYSTEM. This could lead to denial of service, elevation of privilege, or ...

7.8CVSS7.6AI score0.00717EPSS
CVE
CVE
added 2019/08/07 2:5 p.m.158 views

CVE-2019-14743

CVE-2019-14743 affects Valve Steam Client for Windows (through 2019-08-07). The root cause is insecure permissions in HKLM\SOFTWARE\Wow6432Node\Valve\Steam and Steam folders, where the Users group has explicit Full control, enabling local users to gain NT AUTHORITY\SYSTEM. Red Hat CVE entries cor...

7.2CVSS6.8AI score0.00616EPSS
CVE
CVE
added 2020/07/05 12:31 a.m.76 views

CVE-2020-15530

Valve Steam Client 2.10.91.91 is affected by a local privilege-escalation issue in the installer. The vulnerability arises from weak permissions in parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam during a critical time window, which an attacker can extend using opportuni...

7.8CVSS7.6AI score0.00524EPSS
CVE
CVE
added 2019/08/21 7:35 p.m.61 views

CVE-2019-15315

The CVE-2019-15315 entry concerns Valve Steam Client for Windows (up to 2019-08-16). Local attackers can achieve NT AUTHORITY\SYSTEM privilege escalation by replacing the SteamService.exe and SteamService.dll binaries with older, unpatched versions that bypassed CVE-2019-14743. Root cause is abus...

7.8CVSS6.7AI score0.00385EPSS
CVE
CVE
added 2015/11/24 8:0 p.m.54 views

CVE-2015-7985

Valve Steam 2.10.91.91 has weak permissions on the Install folder (Users: read/write), enabling local privilege escalation via a trojan steam.exe. Affected component: Steam Install directory; root cause: improper file permissions. Impact: local privilege gain; exploitation details or in-wild stat...

7.2CVSS6.7AI score0.00992EPSS
CVE
CVE
added 2015/05/20 6:0 p.m.47 views

CVE-2015-4016

The CVE-2015-4016 issue affects the Valve Steam client: the client-detection protocol is vulnerable to a crafted response to a broadcast packet, allowing remote attackers to crash the Steam process (DoS). The vulnerability is described across multiple sources (NVD entry and ZDI advisory) as a net...

5CVSS6.7AI score0.0299EPSS
CVE
CVE
added 2019/05/20 1:32 p.m.44 views

CVE-2018-12270

Affected product: Valve Steam (1528829181 BETA). The vulnerability is a homograph/homoglyph attack that allows creating fake URLs in the Steam client, potentially fooling users into visiting unintended websites. Root cause details are not provided in the documents. Impact is described as user con...

5.8CVSS5.4AI score0.00891EPSS
CVE
CVE
added 2019/08/21 7:36 p.m.43 views

CVE-2019-15316

Affected product: Valve Steam Client for Windows (through 2019-08-20). The vulnerability is caused by weak folder permissions that enable a TOCTOU race condition, exploited via crafted use of CreateMountPoint.exe and SetOpLock.exe to escalate privileges to NT AUTHORITY\SYSTEM. Connected documents...

7CVSS7.1AI score0.00389EPSS