Aggregates CVE and security vulnerability intelligence across all id_software-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk input validation and related problems; some flaws may lead to vendor impact unexpected behavior and vendor impact application crash.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2000-0303 | Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. | [email protected] | 6.4 | 0.53% | 2000-05-03 | 2026-04-16 |
| CVE-1999-1502 | Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command. | [email protected] | 7.5 | 0.97% | 1998-04-08 | 2026-04-16 |
| CVE-1999-1505 | Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary commands via a long initial connect packet. | [email protected] | 7.5 | 1.23% | 1998-04-07 | 2026-04-16 |
| CVE-1999-1229 | Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file. | [email protected] | 2.1 | 0.06% | 1998-02-25 | 2026-04-16 |
| CVE-1999-1230 | Quake 2 server allows remote attackers to cause a denial of service via a spoofed UDP packet with a source address of 127.0.0.1, which causes the server to attempt to connect to itself. | [email protected] | 5.0 | 0.66% | 1997-12-24 | 2026-04-16 |