Ioquake3 Ioquake3 Engine — known CVE vulnerabilities
Every CVE whose affected-product data names Ioquake3 Ioquake3 Engine, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2011-2764 — CVSS 10.0 (critical): The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ioQuake3 engine 1.36 and earlier, as used in World of Padman…
CVE-2011-3012 — CVSS 10.0 (critical): The ioQuake3 engine, as used in World of Padman 1.2 and earlier, Tremulous 1.1.0, and ioUrbanTerror 2007-12-20, does not check for…
CVE-2010-5077 — CVSS 7.8 (high): server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, OpenArena, Tremulous, and other products, allows remote attackers to…
CVE-2011-1412 — CVSS 7.5 (high): sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in World of Padman 1.5.x before 1.5.1.1 and OpenArena 0.8.x-15 and…
CVE-2012-3345 — CVSS 5.6 (medium): ioquake3 before r2253 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/ioq3.pid temporary file.