Known Vulnerabilities for products from Valvesoftware
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Valvesoftware".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Valvesoftware can be found at device.report : Valvesoftware
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2023-38312 json | A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server... | 7.5 - HIGH | 2023-10-15 | 2023-10-19 |
| CVE-2023-35855 json | A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine ... | 9.8 - CRITICAL | 2023-06-19 | 2023-06-30 |
| CVE-2023-30382 json | A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and esc... | 7.3 - HIGH | 2023-05-23 | 2023-05-31 |
| CVE-2021-30481 json | Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrar... | 9 - CRITICAL | 2021-04-10 | 2022-02-07 |
| CVE-2020-15530 json | An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privil... | 7.8 - HIGH | 2020-07-05 | 2021-07-21 |
| CVE-2020-12242 json | Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the c... | 7.8 - HIGH | 2020-04-27 | 2021-07-21 |
| CVE-2020-9005 json | meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by c... | 7.8 - HIGH | 2020-02-17 | 2022-02-07 |
| CVE-2020-7952 json | rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by cr... | 7.8 - HIGH | 2020-01-27 | 2020-01-29 |
| CVE-2020-7951 json | meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creatin... | 7.8 - HIGH | 2020-01-27 | 2021-07-21 |
| CVE-2020-7950 json | meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creatin... | 7.8 - HIGH | 2020-01-27 | 2020-01-27 |
| CVE-2020-7949 json | schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creat... | 7.8 - HIGH | 2020-01-27 | 2020-01-27 |
| CVE-2020-6019 json | Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectio... | 7.5 - HIGH | 2020-11-13 | 2022-11-03 |
| CVE-2020-6018 json | Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_Decryp... | 9.8 - CRITICAL | 2020-12-02 | 2022-04-12 |
| CVE-2020-6017 json | Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUn... | 9.8 - CRITICAL | 2020-12-03 | 2022-04-12 |
| CVE-2020-6016 json | Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in funct... | 9.8 - CRITICAL | 2020-11-18 | 2022-10-21 |
| CVE-2019-17180 json | Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by ... | 7.8 - HIGH | 2019-10-04 | 2020-01-16 |
| CVE-2019-15944 json | In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection messa... | 5.3 - MEDIUM | 2019-09-05 | 2019-09-09 |
| CVE-2019-15943 json | vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial ... | 8.8 - HIGH | 2019-09-19 | 2020-08-24 |
| CVE-2019-15316 json | Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORI... | 7 - HIGH | 2019-08-21 | 2020-08-24 |
| CVE-2019-15315 json | Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users ca... | 7.8 - HIGH | 2019-08-21 | 2020-08-24 |
Known software with vulnerabilities from Valvesoftware
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Valvesoftware | Counter-strike | global_offensive |
| Application | Valvesoftware | Dota 2 | 7.23e |
| Application | Valvesoftware | Game Networking Sockets | - |
| Application | Valvesoftware | Source | - |
| Application | Valvesoftware | Steam | 1528829181 |
| Operating System | Valvesoftware | Steamos | - |
| Application | Valvesoftware | Steam Client | 2.10.91.91 |
| Hardware | Valvesoftware | Steam Link | - |
| Operating System | Valvesoftware | Steam Link Firmware | 388 |