This page lists publicly disclosed CVE vulnerabilities affecting id_software quake (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-1999-1569 | Quake 1 and NetQuake servers allow remote attackers to cause a denial of service (resource exhaustion or forced disconnection) via a flood of spoofed UDP connection packets, which exceeds the server's player limit. | [email protected] | 5.0 | 1.99% | 2001-07-17 | 2026-04-16 |
| CVE-2000-1080 | Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet. | [email protected] | 5.0 | 0.75% | 2000-11-01 | 2026-04-16 |
| CVE-1999-1502 | Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command. | [email protected] | 7.5 | 0.97% | 1998-04-08 | 2026-04-16 |