Filtered by vendor Id Software
Subscriptions
Total
27 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1229 | 1 Id Software | 1 Quake 2 Server | 2025-04-03 | N/A |
| Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file. | ||||
| CVE-2000-1080 | 2 Id Software, J. P. Grossman | 2 Quake, Proquake | 2025-04-03 | N/A |
| Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet. | ||||
| CVE-2004-2593 | 1 Id Software | 1 Quake Ii Server | 2025-04-03 | N/A |
| Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer. | ||||
| CVE-2004-2594 | 1 Id Software | 1 Quake Ii Server Windows | 2025-04-03 | N/A |
| Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg". | ||||
| CVE-2004-2592 | 1 Id Software | 1 Quake Ii Server | 2025-04-03 | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines. | ||||
| CVE-2000-0303 | 1 Id Software | 1 Quake 3 Arena | 2025-04-03 | N/A |
| Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. | ||||
| CVE-2004-2597 | 1 Id Software | 1 Quake Ii Server | 2025-04-03 | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address. | ||||