CVE Tools

valvesoftware

Consumer SoftwareUScommercial

14

Cumulative CVEs

7

Monthly snapshots

#123

Peak rank

Top products

game networking sockets2

Latest CVEs

The 15 most recently published vulnerabilities affecting valvesoftware.

CVE-2023-38312A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile co...7.5Oct 15, 2023
CVE-2023-35855A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.9.8Jun 19, 2023
CVE-2023-30382A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters.7.3May 23, 2023
CVE-2021-30481Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after ...8.0Apr 10, 2021
CVE-2020-6017Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leadin...9.8Dec 3, 2020
CVE-2020-6018Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Ba...9.8Dec 2, 2020
CVE-2020-6016Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Under...9.8Nov 18, 2020
CVE-2020-6019Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from ...7.5Nov 13, 2020
CVE-2020-15530An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGR...7.8Jul 5, 2020
CVE-2020-12242Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account.7.8Apr 27, 2020
CVE-2020-9005meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to thi...7.8Feb 17, 2020
CVE-2020-7949schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a craf...7.8Jan 27, 2020
CVE-2020-7950meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafte...7.8Jan 27, 2020
CVE-2020-7951meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafte...7.8Jan 27, 2020
CVE-2020-7952rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a c...7.8Jan 27, 2020