Id Software : Security Vulnerabilities, CVEs, Published In 2004
Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.
Max CVSS
5.0
EPSS Score
3.20%
Published
2004-12-31
Updated
2017-07-11
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.
Max CVSS
5.0
EPSS Score
2.64%
Published
2004-12-31
Updated
2017-07-11
Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data.
Max CVSS
5.0
EPSS Score
6.61%
Published
2004-12-31
Updated
2017-07-11
Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg".
Max CVSS
5.0
EPSS Score
1.16%
Published
2004-12-31
Updated
2017-07-11
Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.
Max CVSS
7.5
EPSS Score
9.30%
Published
2004-12-31
Updated
2017-07-11
Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines.
Max CVSS
5.0
EPSS Score
12.55%
Published
2004-12-31
Updated
2017-07-11
6 vulnerabilities found