CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2015-7985 – Steam 54/894 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-7985
Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges via a Trojan horse steam.exe file. Valve Steam 2.10.91.91 utiliza permisos débiles (Usuarios: leer y escribir) para la carpeta Install, lo que permite a usuarios locales obtener privilegios a través de un archivo troyano steam.exe . • https://www.exploit-db.com/exploits/9386 http://packetstormsecurity.com/files/134513/Steam-2.10.91.91-Weak-File-Permissions-Privilege-Escalation.html http://www.securityfocus.com/archive/1/536961/100/0/threaded • CWE-276: Incorrect Default Permissions •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2015-4016 – Valve Steam Client Detection Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2015-4016
The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to a broadcast packet. El protocolo de detección de clientes en Valve Steam permite a atacantes remotos causar una denegación de servicio (caída de proceso) a través de una respuesta manipulada a un paquete de difusión. This vulnerability allows remote attackers to execute a denial of service attack on vulnerable installations of Valve Steam. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Steam client detection protocol. By responding to a broadcast packet with a crafted response, an attacker can cause the Steam process to crash. • http://store.steampowered.com/news/16801 http://www.securityfocus.com/bid/74735 http://www.zerodayinitiative.com/advisories/ZDI-15-233 • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2013-7128
https://notcve.org/view.php?id=CVE-2013-7128
Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in Valve SteamOS Beta stores cleartext credentials in a .valve-bugreporter.cfg file upon a Remember Credentials action, which allows local users to obtain sensitive information by reading this file. Valve Bug Reporter en el paquete de la valve-bugreporter 2.10 + bsos1 en Valve SteamOS Beta guarda credenciales en texto plano en el archivo a .valve-bugreporter.cfg en una acción de recordar contraseña. Esto permite a usuarios locales obtener información sensible mediante la lectura de este archivo. • https://github.com/ValveSoftware/SteamOS/issues/19 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 16%CPEs: 1EXPL: 2CVE-2008-7203 – Half-Life CSTRIKE Server 1.6 - 'no-steam' Denial of Service
https://notcve.org/view.php?id=CVE-2008-7203
Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to cause a denial of service (crash) via multiple crafted login packets. Valve Software Half-Life Counter-Strike 1.6 permite a atacantes remotos provocar una denegación de servicio (caída) a través de múltiples paquetes de login manipulados. • https://www.exploit-db.com/exploits/4856 http://www.securityfocus.com/bid/27159 https://exchange.xforce.ibmcloud.com/vulnerabilities/39535 • CWE-399: Resource Management Errors •