3 results (0.020 seconds)

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. La función (1) filesystem::get_wml_location en filesystem.cpp y la función (2) is_legal_file en filesystem_boost.cpp en Battle for Wesnoth en versiones anteriores a la 1.12.4 y las versiones 1.13.x anteriores a 1.13.1, cuando se usa un sistema de archivos no sensible a mayúsculas/minúsculas, permiten que los atacantes remotos obtengan información sensible mediante vectores relacionados con la inclusión de archivos .pbl desde WML. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-5069. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html http://www.openwall.com/lists/oss-security/2015/06/25/12 http://www.securityfocus.com/bid/75425 https://bugzilla.redhat.com/show_bug.cgi?id=1236010 https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59 https://github.com/wesnoth/wesnoth/releases/tag/1.12.4 https://github.com/wesnoth/wesnoth/releases/tag/1.1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. La función (1) filesystem::get_wml_location en filesystem.cpp y la función (2) is_legal_file en filesystem_boost.cpp en Battle for Wesnoth en versiones anteriores a la 1.12.3 y las versiones 1.13.x anteriores a 1.13.1 permiten que los atacantes remotos obtengan información sensible mediante vectores relacionados con la inclusión de archivos .pbl desde WML. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html http://www.openwall.com/lists/oss-security/2015/06/25/12 http://www.securityfocus.com/bid/75424 https://bugzilla.redhat.com/show_bug.cgi?id=1236010 https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d https://github.com/wesnoth/wesnoth/releases/tag/1.12.3 https://github.com/wesnoth/wesnoth/releases/tag/1.1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.0EPSS: 0%CPEs: 58EXPL: 0

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. La API WML/Lua en Battle for Wesnoth 1.7.x hasta 1.11.x y 1.12.x anterior a 1.12.2 permite a atacantes remotos leer ficheros arbitrarios a través de un fichero manipulado de (1) campañas o (2) mapas. • http://forums.wesnoth.org/viewtopic.php?t=41870 http://forums.wesnoth.org/viewtopic.php?t=41872 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155031.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155968.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156001.html http://www.debian.org/security/2015/dsa-3218 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •