VYPR
Vendor

Valve Software

Products
19
CVEs
40
Across products
54
Status
Private

Products

19

Recent CVEs

40
View all 40 CVEs →
  • CVE-2017-17878CriDec 27, 2017
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in Valve Steam Link build 643. Root passwords longer than 8 characters are truncated because of the default use of DES (aka the CONFIG_FEATURE_DEFAULT_PASSWD_ALGO="des" setting).

  • CVE-2017-17877CriDec 27, 2017
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in Valve Steam Link build 643. When the SSH daemon is enabled for local development, the device is publicly available via IPv6 TCP port 22 over the internet (with stateless address autoconfiguration) by default, which makes it easier for remote attackers…

  • CVE-2017-20205CriOct 15, 2025
    risk 0.60cvss epss 0.01

    Valve's Source SDK (source-sdk-2013)'s ragdoll model parsing logic contains a stack-based buffer overflow vulnerability.The tokenizer function `nexttoken` copies characters from an input string into a fixed-size stack buffer without performing bounds checks. When `ParseKeyValue`…

  • CVE-2025-27998HigMay 21, 2025
    risk 0.55cvss 8.4epss 0.00

    An issue in Valvesoftware Steam Client Steam Client 1738026274 allows attackers to escalate privileges via a crafted executable or DLL.

  • CVE-2016-5237MedJan 23, 2017
    risk 0.34cvss 4.8epss 0.01

    Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.

  • CVE-2019-15943Sep 19, 2019
    risk 0.05cvss epss 0.09

    vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call.

  • CVE-2020-7949Jan 27, 2020
    risk 0.04cvss epss 0.04

    schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call.

  • CVE-2008-3286Jul 24, 2008
    risk 0.04cvss epss 0.09

    SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command…

  • CVE-2015-7985Nov 24, 2015
    risk 0.03cvss epss 0.01

    Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file.

  • CVE-2008-7203Sep 11, 2009
    risk 0.03cvss epss 0.03

    Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets.

  • CVE-2006-0734Feb 16, 2006
    risk 0.03cvss epss 0.03

    The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port…

  • CVE-2003-1325Dec 31, 2003
    risk 0.03cvss epss 0.03

    The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.1.1.0 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a certain connection string to UDP port 27015 that represents…

  • CVE-2002-0964Oct 4, 2002
    risk 0.03cvss epss 0.03

    Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the…

  • CVE-2021-30481Apr 10, 2021
    risk 0.01cvss epss 0.04

    Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.

  • CVE-2023-38312Oct 15, 2023
    risk 0.00cvss epss 0.01

    A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable.

  • CVE-2023-30382May 23, 2023
    risk 0.00cvss epss 0.00

    A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters.

  • CVE-2020-6017Dec 3, 2020
    risk 0.00cvss epss 0.03

    Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and…

  • CVE-2020-6018Dec 2, 2020
    risk 0.00cvss epss 0.03

    Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a…

  • CVE-2020-6016Nov 18, 2020
    risk 0.00cvss epss 0.06

    Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption…

  • CVE-2020-6019Nov 13, 2020
    risk 0.00cvss epss 0.03

    Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash.