CVEs (5)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
3Ioquake3 OpenarenaTremulous3Ioquake3 Engine OpenarenaTremulousMay 6, 2026 Oct 27, 2014 N/A· v4 N/A· v3 7.8 HIGH· v2 server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstat...Show more |
ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file. |
4Ioquake3 TremulousUrbanterror+1 more4Ioquake3 Engine IourbanterrorTremulous+1 moreApr 29, 2026 Aug 9, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote att...Show more |
6Ioquake3 OpenarenaSmokin Guns+3 more6Ioquake3 Engine IourbanterrorOpenarena+3 moreApr 29, 2026 Aug 4, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dang...Show more |
3Ioquake3 OpenarenaWorldofpadman3Ioquake3 Engine OpenarenaWorld Of PadmanApr 29, 2026 Aug 4, 2011 N/A· v4 N/A· v3 7.5 HIGH· v2 sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and 0.8.x-16, allows remote game servers to execute arbitrary commands via shell metacharact...Show more |