Page 8 of 190 results (0.006 seconds)

CVSS: 5.0EPSS: 0%CPEs: 58EXPL: 0

CVE-2015-0844

https://notcve.org/view.php?id=CVE-2015-0844

The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. La API WML/Lua en Battle for Wesnoth 1.7.x hasta 1.11.x y 1.12.x anterior a 1.12.2 permite a atacantes remotos leer ficheros arbitrarios a través de un fichero manipulado de (1) campañas o (2) mapas. • http://forums.wesnoth.org/viewtopic.php?t=41870 http://forums.wesnoth.org/viewtopic.php?t=41872 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155031.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155968.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156001.html http://www.debian.org/security/2015/dsa-3218 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 10.0EPSS: 0%CPEs: 9EXPL: 0

CVE-2015-2806 – libtasn1: stack overflow in asn1_der_decoding

https://notcve.org/view.php?id=CVE-2015-2806

Stack-based buffer overflow in asn1_der_decoding in libtasn1 before 4.4 allows remote attackers to have unspecified impact via unknown vectors. Desbordamiento de buffer basado en pila en asn1_der_decoding en libtasn1 anterior a 4.4 permite a atacantes remotos tener un impacto no especificado a través de vectores desconocidos. A stack-based buffer overflow was found in the way libtasn1 decoded certain DER encoded data. An attacker could use this flaw to crash an application using the libtasn1 library. • http://git.savannah.gnu.org/gitweb/?p=libtasn1.git%3Ba=commit%3Bh=4d4f992826a4962790ecd0cce6fbba4a415ce149 http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154741.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154805.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155117.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155270.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155435.html http://lists. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 0

CVE-2015-2782

https://notcve.org/view.php?id=CVE-2015-2782

Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted ARJ archive. Desbordamiento de buffer en el archivador de código abierto ARJ 3.10.22 permite a atacantes remotos causar una denegación de servicio (caída) o posiblemente ejecutar código arbitrario a través de un archivo ARJ manipulado. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html http://www.debian.org/security/2015/dsa-3213 http://www.mandriva.com/security/advisories?name=MDVSA-2015:201 http://www.openwall.com/lists/oss-security/2015/03/28/5 http://www.openwall.com/lists/oss-security/2015/03/29/1 http://www.securityfocus • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.8EPSS: 1%CPEs: 4EXPL: 3

CVE-2015-0556

https://notcve.org/view.php?id=CVE-2015-0556

Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive. El archivador de código abierto ARJ 3.10.22 permite a atacantes remotos realizar ataques de salto de directorio a través de un ataque de enlace simbólico en un archivo ARJ. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html http://www.debian.org/security/2015/dsa-3213 http://www.mandriva.com/security/advisories?name=MDVSA-2015:201 http://www.openwall.com/lists/oss-security/2015/01/03/5 http://www.openwall.com/lists/oss-security/2015/01/05/9 http://www.securityfocus • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 5.8EPSS: 1%CPEs: 4EXPL: 1

CVE-2015-0557

https://notcve.org/view.php?id=CVE-2015-0557

Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. El archivador de código abierto ARJ 3.10.22 no elimina correctamente barras oblicuas de inicio de las rutas, lo que permite a atacantes remotos realizar ataques del recorrido del directorio absoluto y escribir a ficheros arbitrarios a través de múltiples barra oblicuas de inicio en una ruta en un archivo ARJ. • http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html http://www.debian.org/security/2015/dsa-3213 http://www.mandriva.com/security/advisories?name=MDVSA-2015:201 http://www.openwall.com/lists/oss-security/2015/01/03/5 http://www.openwall.com/lists/oss-security/2015/01/05/9 http://www.securityfocus • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •