Vulnerabilities > ID Software
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-2599 | Denial-Of-Service vulnerability in Quake II Server Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon. | 2.1 |
| 2004-12-31 | CVE-2004-2598 | Remote vulnerability in ID Software Quake II Server Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notified of changes in the client state. | 5.0 |
| 2004-12-31 | CVE-2004-2597 | Remote vulnerability in ID Software Quake II Server 3.20/3.21 Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address. | 5.0 |
| 2004-12-31 | CVE-2004-2596 | Improper Input Validation vulnerability in ID Software Quake II Server 3.20/3.21 Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address. | 5.0 |
| 2004-12-31 | CVE-2004-2595 | Remote vulnerability in ID Software Quake II Server Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data. | 5.0 |
| 2004-12-31 | CVE-2004-2594 | Remote vulnerability in ID Software Quake II Server Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg". | 5.0 |
| 2004-12-31 | CVE-2004-2593 | Remote vulnerability in ID Software Quake II Server 3.20/3.21 Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer. | 7.5 |
| 2004-12-31 | CVE-2004-2592 | Improper Input Validation vulnerability in ID Software Quake II Server 3.20/3.21 Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines. | 5.0 |
| 2002-08-12 | CVE-2002-0770 | Remote Information Disclosure vulnerability in id Software Quake II Server 3.20/3.21 Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password." | 5.0 |
| 2001-07-29 | CVE-2001-1289 | Buffer Overflow vulnerability in Quake 3 Arena Possible Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters. | 5.0 |