CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5070
https://notcve.org/view.php?id=CVE-2015-5070
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. La función (1) filesystem::get_wml_location en filesystem.cpp y la función (2) is_legal_file en filesystem_boost.cpp en Battle for Wesnoth en versiones anteriores a la 1.12.4 y las versiones 1.13.x anteriores a 1.13.1, cuando se usa un sistema de archivos no sensible a mayúsculas/minúsculas, permiten que los atacantes remotos obtengan información sensible mediante vectores relacionados con la inclusión de archivos .pbl desde WML. NOTA: Esta vulnerabilidad existe debido a una solución incompleta para CVE-2015-5069. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html http://www.openwall.com/lists/oss-security/2015/06/25/12 http://www.securityfocus.com/bid/75425 https://bugzilla.redhat.com/show_bug.cgi?id=1236010 https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59 https://github.com/wesnoth/wesnoth/releases/tag/1.12.4 https://github.com/wesnoth/wesnoth/releases/tag/1.1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5069
https://notcve.org/view.php?id=CVE-2015-5069
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. La función (1) filesystem::get_wml_location en filesystem.cpp y la función (2) is_legal_file en filesystem_boost.cpp en Battle for Wesnoth en versiones anteriores a la 1.12.3 y las versiones 1.13.x anteriores a 1.13.1 permiten que los atacantes remotos obtengan información sensible mediante vectores relacionados con la inclusión de archivos .pbl desde WML. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161752.html http://www.openwall.com/lists/oss-security/2015/06/25/12 http://www.securityfocus.com/bid/75424 https://bugzilla.redhat.com/show_bug.cgi?id=1236010 https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d https://github.com/wesnoth/wesnoth/releases/tag/1.12.3 https://github.com/wesnoth/wesnoth/releases/tag/1.1 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2015-5704
https://notcve.org/view.php?id=CVE-2015-5704
scripts/licensecheck.pl in devscripts before 2.15.7 allows local users to execute arbitrary shell commands. scripts/licensecheck.pl en devscripts en versiones anteriores a la 2.15.7 permite que los usuarios locales ejecuten comandos shell arbitrarios. • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163705.html http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163710.html http://www.openwall.com/lists/oss-security/2015/08/01/7 http://www.securityfocus.com/bid/76143 https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=c0687bcde23108dd42e146573c368b6905e6b8e8 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794260 https://bugzilla.redhat.com/show_bug.cgi?id=1249635 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.8EPSS: 0%CPEs: 15EXPL: 1CVE-2015-5607
https://notcve.org/view.php?id=CVE-2015-5607
Cross-site request forgery in the REST API in IPython 2 and 3. Existe una vulnerabillidad de tipo Cross-Site Request Forgery (CSRF) en IPython 2 y 3. • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162671.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/162936.html http://www.openwall.com/lists/oss-security/2015/07/21/3 https://bugzilla.redhat.com/show_bug.cgi?id=1243842 https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816 https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 3%CPEs: 4EXPL: 0CVE-2015-3420
https://notcve.org/view.php?id=CVE-2015-3420
The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 is disabled, allow remote attackers to cause a denial of service (login process crash) via vectors related to handshake failures. La función ssl-proxy-openssl.c en Dovecot en versiones anteriores a la 2.2.17, cuando SSLv3 está deshabilitado, permite que atacantes remotos provoquen una denegación de servicio (cierre inesperado del proceso de inicio de sesión) mediante vectores relacionados con errores de negociación de protocolos. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157030.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158236.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158261.html http://www.openwall.com/lists/oss-security/2015/04/27/1 http://www.openwall.com/lists/oss-security/2015/04/28/4 http://www.securityfocus.com/bid/74335 https://bugzilla.redhat.com/show_bug.cgi?id=1216057 https://dovecot.org/pipermail/dovecot-news/201 • CWE-295: Improper Certificate Validation •