CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38312
https://notcve.org/view.php?id=CVE-2023-38312
15 Oct 2023 — A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable. Una vulnerabilidad de cruce de directorio en Valve Counter-Strike 8684 permite a un cliente (con acceso de control remoto a un servidor de juegos) leer archivos arbitrarios del servidor subyacente a través de la variable de consola motdfile. • https://github.com/MikeIsAStar/Counter-Strike-Arbitrary-File-Read • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35855
https://notcve.org/view.php?id=CVE-2023-35855
19 Jun 2023 — A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable. Un desbordamiento de búfer en Counter-Strike a través de 8684 permite a un servidor de juegos ejecutar código arbitrario en la máquina de un cliente remoto modificando la variable de consola "lservercfgfile". • https://github.com/MikeIsAStar/Counter-Strike-Remote-Code-Execution • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-30382
https://notcve.org/view.php?id=CVE-2023-30382
23 May 2023 — A buffer overflow in the component hl.exe of Valve Half-Life up to 5433873 allows attackers to execute arbitrary code and escalate privileges by supplying crafted parameters. • https://labs.jumpsec.com/advisory-cve-2023-30382-half-life-local-privilege-escalation • CWE-787: Out-of-bounds Write •
CVSS: 9.0EPSS: 7%CPEs: 1EXPL: 4CVE-2021-30481
https://notcve.org/view.php?id=CVE-2021-30481
10 Apr 2021 — Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click. Valve Steam hasta el 10-04-2021, cuando un juego del motor de Origen es instalado, permite a usuarios autenticados remotos ejecutar código arbitrario debido a un desbordamiento del búfer que ocurre para una invitación de Steam después de un clic • https://github.com/floesen/CVE-2021-30481 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6017
https://notcve.org/view.php?id=CVE-2020-6017
03 Dec 2020 — Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution. Game Networking Sockets de Valve versiones anteriores a v1.2.0, manejan de manera inapropiada segmentos largos y no confiables en la función SNP_ReceiveUnreliableSegment() cuando están configurados par... • https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6018
https://notcve.org/view.php?id=CVE-2020-6018
02 Dec 2020 — Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution. Game Networking Sockets de Valve anterior a versión v1.2.0 manejan incorrectamente los mensajes cifrados largos en la función AES_GCM_DecryptContext::Decrypt() cuando se compilan usando libsodium, lo que conlleva a ... • https://github.com/ValveSoftware/GameNetworkingSockets/commit/bea84e2844b647532a9b7fbc3a6a8989d66e49e3 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2020-6016
https://notcve.org/view.php?id=CVE-2020-6016
18 Nov 2020 — Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution. Game Networking Sockets de Valve versiones anteriores a v1.2.0, manejan inapropiadamente segmentos no confiables con compensaciones negativas en la función SNP_ReceiveUnreliableSegment(), conl... • https://github.com/ValveSoftware/GameNetworkingSockets/commit/e0c86dcb9139771db3db0cfdb1fb8bef0af19c43 • CWE-590: Free of Memory not on the Heap CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6019
https://notcve.org/view.php?id=CVE-2020-6019
13 Nov 2020 — Valve's Game Networking Sockets prior to version v1.2.0 improperly handles inlined statistics messages in function CConnectionTransportUDPBase::Received_Data(), leading to an exception thrown from libprotobuf and resulting in a crash. Game Networking Sockets de Valve versiones anteriores a v1.2.0, maneja inapropiadamente unos mensajes de estadísticas en línea en la función CConnectionTransportUDPBase::Received_Data(), conllevando a una excepción lanzada desde libprotobuf y resultando en un bloqueo • https://github.com/ValveSoftware/GameNetworkingSockets/commit/d944a10808891d202bb1d5e1998de6e0423af678 • CWE-248: Uncaught Exception •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15530
https://notcve.org/view.php?id=CVE-2020-15530
05 Jul 2020 — An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks. Se detectó un problema en Valve Steam Client 2.10.91.91. El instalador permite a usuarios locales obtener privilegios NT AUTHORITY\SYSTEM porque algunas part... • http://daniels-it-blog.blogspot.com/2020/07/steam-arbitrary-code-execution-part-2.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2020-12242 – Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2020-12242
27 Apr 2020 — Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account. Valve Source, permite a usuarios locales alcanzar privilegios al escribir en el archivo /tmp/hl2_relaunch, que posteriormente es ejecutado en el contexto de una cuenta de usuario diferente. • https://www.exploit-db.com/exploits/48387 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •