Quake Ii Server
by ID Software
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-2592 | 0.03 | — | 0.04 | Dec 31, 2004 | Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and… | |||
| CVE-2002-0770 | 0.03 | — | 0.06 | Aug 12, 2002 | Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the… | |||
| CVE-2004-2595 | 0.00 | — | 0.03 | Dec 31, 2004 | Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the… | |||
| CVE-2004-2596 | 0.00 | — | 0.02 | Dec 31, 2004 | Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address. | |||
| CVE-2004-2593 | 0.00 | — | 0.04 | Dec 31, 2004 | Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer. | |||
| CVE-2004-2597 | 0.00 | — | 0.02 | Dec 31, 2004 | Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes… | |||
| CVE-1999-1229 | 0.00 | — | 0.00 | Feb 25, 1998 | Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file. |
- CVE-2004-2592Dec 31, 2004risk 0.03cvss —epss 0.04
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and…
- CVE-2002-0770Aug 12, 2002risk 0.03cvss —epss 0.06
Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the…
- CVE-2004-2595Dec 31, 2004risk 0.00cvss —epss 0.03
Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the…
- CVE-2004-2596Dec 31, 2004risk 0.00cvss —epss 0.02
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.
- CVE-2004-2593Dec 31, 2004risk 0.00cvss —epss 0.04
Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.
- CVE-2004-2597Dec 31, 2004risk 0.00cvss —epss 0.02
Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes…
- CVE-1999-1229Feb 25, 1998risk 0.00cvss —epss 0.00
Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.