Steam
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-5237 | Med | 0.34 | 4.8 | 0.00 | Jan 23, 2017 | Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file. | ||
| CVE-2015-7985 | 0.03 | — | 0.00 | Nov 24, 2015 | Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. | |||
| CVE-2021-30481 | 0.01 | — | 0.07 | Apr 10, 2021 | Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. | |||
| CVE-2018-12270 | 0.00 | — | 0.00 | May 20, 2019 | In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites. | |||
| CVE-2015-4016 | 0.00 | — | 0.01 | May 20, 2015 | The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet. |
- risk 0.34cvss 4.8epss 0.00
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.
- CVE-2015-7985Nov 24, 2015risk 0.03cvss —epss 0.00
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.
- CVE-2021-30481Apr 10, 2021risk 0.01cvss —epss 0.07
Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
- CVE-2018-12270May 20, 2019risk 0.00cvss —epss 0.00
In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick users into visiting unintended web sites.
- CVE-2015-4016May 20, 2015risk 0.00cvss —epss 0.01
The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet.