NotCVE - vendor:"Wesnoth" product:"Battle For Wesnoth" version:"1.7.10-1.8"

3 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-5069

https://notcve.org/view.php?id=CVE-2015-5069

26 Sep 2017 — The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. La función (1) filesystem::get_wml_location en filesystem.cpp y la función (2) is_legal_file en filesystem_boost.cpp en Battle for Wesnoth en versiones anteriores a la 1.12.3 y las versiones 1.13.x anteriores a 1.13.1 pe... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

CVE-2015-5070

https://notcve.org/view.php?id=CVE-2015-5070

26 Sep 2017 — The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. La función (1) filesystem::get_wml_location en filesystem.cpp y la función (2) is_legal_file en... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0

CVE-2015-0844 – Debian Security Advisory 3218-1

https://notcve.org/view.php?id=CVE-2015-0844

13 Apr 2015 — The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. La API WML/Lua en Battle for Wesnoth 1.7.x hasta 1.11.x y 1.12.x anterior a 1.12.2 permite a atacantes remotos leer ficheros arbitrarios a través de un fichero manipulado de (1) campañas o (2) mapas. Ignacio R. Morelle discovered that missing path restrictions in the "Battle of Wesnoth" game could result in the disclosure of arbitrary... • http://forums.wesnoth.org/viewtopic.php?t=41870 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •