Vulnerabilities > ID Software > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-06 | CVE-2006-3401 | Buffer Errors vulnerability in ID Software Quake 3 Engine 1.32B/1.32C/Icculus812 Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values. | 7.5 |
| 2006-07-06 | CVE-2006-3400 | Stack Buffer Overflow vulnerability in Quake 3 Engine Client Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server. | 7.5 |
| 2006-06-07 | CVE-2006-2875 | Remote Buffer Overflow vulnerability in Quake 3 Engine CL_ParseDownload Stack-based buffer overflow in the CL_ParseDownload function of Quake 3 Engine 1.32c and earlier, as used in multiple products, allows remote attackers to execute arbitrary code via a svc_download command with compressed data that triggers the overflow during expansion. | 7.5 |
| 2006-05-10 | CVE-2006-2082 | Information Disclosure vulnerability in Quake 3 Engine Server Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request. | 7.5 |
| 2006-05-08 | CVE-2006-2236 | Remote Buffer Overflow vulnerability in Quake 3 Engine remapShader Command Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command. | 7.6 |
| 2004-12-31 | CVE-2004-2593 | Remote vulnerability in ID Software Quake II Server 3.20/3.21 Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer. | 7.5 |
| 1998-04-08 | CVE-1999-1502 | Unspecified vulnerability in ID Software Quake 1.9 Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command. | 7.5 |
| 1998-04-07 | CVE-1999-1505 | Unspecified vulnerability in ID Software Quakeworld 2.10 Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary commands via a long initial connect packet. | 7.5 |