VYPR

Quake Ii Server

by ID Software

CVEs (7)

  • CVE-2004-2592Dec 31, 2004
    risk 0.03cvss epss 0.04

    Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and…

  • CVE-2002-0770Aug 12, 2002
    risk 0.03cvss epss 0.06

    Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the…

  • CVE-2004-2595Dec 31, 2004
    risk 0.00cvss epss 0.03

    Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the…

  • CVE-2004-2596Dec 31, 2004
    risk 0.00cvss epss 0.02

    Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.

  • CVE-2004-2593Dec 31, 2004
    risk 0.00cvss epss 0.04

    Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.

  • CVE-2004-2597Dec 31, 2004
    risk 0.00cvss epss 0.02

    Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes…

  • CVE-1999-1229Feb 25, 1998
    risk 0.00cvss epss 0.00

    Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.