Vulnerabilities > ID Software > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-08-12 | CVE-2002-0770 | Remote Information Disclosure vulnerability in id Software Quake II Server 3.20/3.21 Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password." | 5.0 |
| 2001-07-29 | CVE-2001-1289 | Buffer Overflow vulnerability in Quake 3 Arena Possible Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters. | 5.0 |
| 2001-07-17 | CVE-1999-1569 | Denial of Service vulnerability in ID Software Quake 1.9 Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server's player limit. | 5.0 |
| 2000-11-01 | CVE-2000-1080 | Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet. | 5.0 |
| 2000-05-03 | CVE-2000-0303 | Unspecified vulnerability in ID Software Quake 3 Arena 1.16N Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. | 6.4 |
| 1997-12-24 | CVE-1999-1230 | Unspecified vulnerability in ID Software Quake 2 Quake 2 server allows remote attackers to cause a denial of service via a spoofed UDP packet with a source address of 127.0.0.1, which causes the server to attempt to connect to itself. | 5.0 |