Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Id Software Subscribe
Total 27 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-1999-1230 1 Id Software 1 Quake 2 2024-02-04 5.0 MEDIUM N/A
Quake 2 server allows remote attackers to cause a denial of service via a spoofed UDP packet with a source address of 127.0.0.1, which causes the server to attempt to connect to itself.
CVE-1999-1229 1 Id Software 1 Quake 2 Server 2024-02-04 2.1 LOW N/A
Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.
CVE-2001-1289 1 Id Software 1 Quake 3 Arena 2024-02-04 5.0 MEDIUM N/A
Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters.
CVE-2002-0770 1 Id Software 1 Quake 2i Server 2024-02-04 5.0 MEDIUM N/A
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."
CVE-1999-1569 1 Id Software 1 Quake 2024-02-04 5.0 MEDIUM N/A
Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server's player limit.
CVE-2000-0303 1 Id Software 1 Quake 3 Arena 2024-02-04 6.4 MEDIUM N/A
Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack.
CVE-1999-1505 1 Id Software 1 Quakeworld 2024-02-04 7.5 HIGH N/A
Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary commands via a long initial connect packet.