CVEs (3)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
3Ioquake3 OpenarenaTremulous3Ioquake3 Engine OpenarenaTremulousMay 6, 2026 Oct 27, 2014 N/A· v4 N/A· v3 7.8 HIGH· v2 server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to cause a denial of service (network traffic amplification) via a spoofed (1) getstat...Show more |
4Ioquake3 TremulousUrbanterror+1 more4Ioquake3 Engine IourbanterrorTremulous+1 moreApr 29, 2026 Aug 9, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for dangerous file extensions before writing to the quake3 directory, which allows remote att...Show more |
6Ioquake3 OpenarenaSmokin Guns+3 more6Ioquake3 Engine IourbanterrorOpenarena+3 moreApr 29, 2026 Aug 4, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman, Smokin' Guns, OpenArena, Tremulous, and ioUrbanTerror, does not properly determine dang...Show more |