CVE-2010-0401: It is possible to circumvent the server password of a network game. It is possible in two cases: 1. you know the company password of one of the companies, 2. one of the companies has no password
CVE-2010-0402: In multiple places in-game commands are not properly validated that allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. The bug is exploitable only in-game so the attacker must have access to the server: his IP must not be banned, he must know the password if it has been set and the server must not be full.
CVE-2010-0406: Upon a client downloading the map from the server a file is allocated. If this download fails for any reason at the client side, e.g. lost connection or the player cancelling the download, a file descriptor is lost. Repeating this process enough times can cause OpenTTD to run out of file descriptors and as a result crash OpenTTD.
