CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-38312
https://notcve.org/view.php?id=CVE-2023-38312
15 Oct 2023 — A directory traversal vulnerability in Valve Counter-Strike 8684 allows a client (with remote control access to a game server) to read arbitrary files from the underlying server via the motdfile console variable. Una vulnerabilidad de cruce de directorio en Valve Counter-Strike 8684 permite a un cliente (con acceso de control remoto a un servidor de juegos) leer archivos arbitrarios del servidor subyacente a través de la variable de consola motdfile. • https://github.com/MikeIsAStar/Counter-Strike-Arbitrary-File-Read • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-35855
https://notcve.org/view.php?id=CVE-2023-35855
19 Jun 2023 — A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable. Un desbordamiento de búfer en Counter-Strike a través de 8684 permite a un servidor de juegos ejecutar código arbitrario en la máquina de un cliente remoto modificando la variable de consola "lservercfgfile". • https://github.com/MikeIsAStar/Counter-Strike-Remote-Code-Execution • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 2CVE-2019-15943 – Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2019-15943
19 Sep 2019 — vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a memset call. La biblioteca vphysics.dll en Counter-Strike: Global Offensive versiones anteriores a 1.37.1.1, permite a atacantes remotos alcanzar la ejecución de código o la denegación de servicio mediante la creación de un servidor de juegos e invitar a una víctim... • https://www.exploit-db.com/exploits/47454 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15944
https://notcve.org/view.php?id=CVE-2019-15944
05 Sep 2019 — In Counter-Strike: Global Offensive before 8/29/2019, community game servers can display unsafe HTML in a disconnection message. En Counter-Strike: Global Offensive antes del 8/29/2019, los servidores de juegos comunitarios pueden mostrar HTML inseguro en un mensaje de desconexión. • https://blog.counter-strike.net/index.php/2019/08/25353 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.5EPSS: 35%CPEs: 1EXPL: 2CVE-2008-7203 – Half-Life CSTRIKE Server 1.6 - 'no-steam' Denial of Service
https://notcve.org/view.php?id=CVE-2008-7203
11 Sep 2009 — Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets. Valve Software Half-Life Counter-Strike 1.6 permite a atacantes remotos provocar una denegación de servicio (caída) a través de múltiples paquetes de login manipulados. • https://www.exploit-db.com/exploits/4856 • CWE-399: Resource Management Errors •