Valvesoftware Steam Client — known CVE vulnerabilities
Every CVE whose affected-product data names Valvesoftware Steam Client, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2021-30481 — CVSS 8.0 (high): Valve Steam before 2021-04-17, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because…
CVE-2019-15315 — CVSS 7.8 (high): Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the…
CVE-2019-17180 — CVSS 7.8 (high): Valve Steam Client before 2019-09-12 allows placing or appending partially controlled filesystem content, as demonstrated by file…
CVE-2020-15530 — CVSS 7.8 (high): An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because…
CVE-2015-7985 — CVSS 7.2 (high): Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) for the Install folder, which allows local users to gain privileges…
CVE-2019-15316 — CVSS 7.0 (high): Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via…
CVE-2019-14743 — CVSS 6.6 (medium): In Valve Steam Client for Windows through 2019-08-07, HKLM\SOFTWARE\Wow6432Node\Valve\Steam has explicit "Full control" for the Users…
CVE-2018-12270 — CVSS 5.4 (medium): In Valve Steam 1528829181 BETA, it is possible to perform a homograph / homoglyph attack to create fake URLs in the client, which may trick…
CVE-2015-4016 — CVSS 5.0 (medium): The client detection protocol in Valve Steam allows remote attackers to cause a denial of service (process crash) via a crafted response to…