Id Software

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2000-0303 1Id Software 1Quake 3 Arena Apr 16, 2026 May 3, 2000 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack.
CVE-1999-1502 1Id Software 1Quake Apr 16, 2026 Apr 8, 1998 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflows in Quake 1.9 client allows remote malicious servers to execute arbitrary commands via long (1) precache paths, (2) server name, (3) server address, or (4) argument to the map console command.
CVE-1999-1505 1Id Software 1Quakeworld Apr 16, 2026 Apr 7, 1998 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary commands via a long initial connect packet.
CVE-1999-1229 1Id Software 1Quake 2 Server Apr 16, 2026 Feb 25, 1998 N/A· v4 N/A· v3 2.1 LOW· v2 Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file.
CVE-1999-1230 1Id Software 1Quake 2 Apr 16, 2026 Dec 24, 1997 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Quake 2 server allows remote attackers to cause a denial of service via a spoofed UDP packet with a source address of 127.0.0.1, which causes the server to attempt to connect to itself.