CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1999023
https://notcve.org/view.php?id=CVE-2018-1999023
23 Jul 2018 — The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content. The Battle for Wesnoth Project desde la versión 1.7.0 hasta la 1.14.3 contiene una vulnerabilidad de inyección de código en el motor de scripting de Lua que puede resultar en la ejecución de código fuera... • https://gist.github.com/shikadiqueen/45951ddc981cf8e0d9a74e4b30400380 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5069
https://notcve.org/view.php?id=CVE-2015-5069
26 Sep 2017 — The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. La función (1) filesystem::get_wml_location en filesystem.cpp y la función (2) is_legal_file en filesystem_boost.cpp en Battle for Wesnoth en versiones anteriores a la 1.12.3 y las versiones 1.13.x anteriores a 1.13.1 pe... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2015-5070
https://notcve.org/view.php?id=CVE-2015-5070
26 Sep 2017 — The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069. La función (1) filesystem::get_wml_location en filesystem.cpp y la función (2) is_legal_file en... • http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161722.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 58EXPL: 0CVE-2015-0844 – Debian Security Advisory 3218-1
https://notcve.org/view.php?id=CVE-2015-0844
13 Apr 2015 — The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. La API WML/Lua en Battle for Wesnoth 1.7.x hasta 1.11.x y 1.12.x anterior a 1.12.2 permite a atacantes remotos leer ficheros arbitrarios a través de un fichero manipulado de (1) campañas o (2) mapas. Ignacio R. Morelle discovered that missing path restrictions in the "Battle of Wesnoth" game could result in the disclosure of arbitrary... • http://forums.wesnoth.org/viewtopic.php?t=41870 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 57EXPL: 0CVE-2009-0366
https://notcve.org/view.php?id=CVE-2009-0366
12 Mar 2009 — The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document. La función uncompress_buffer en src/server/simple_wml.cpp en Wesnoth anterior a r33069 permite a atacantes remoto provocar una denegación de servicio a través de un documento WML de gran tamaño comprimido. • http://launchpad.net/bugs/335089 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 4%CPEs: 109EXPL: 0CVE-2009-0878
https://notcve.org/view.php?id=CVE-2009-0878
12 Mar 2009 — The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height. La función read_game_map en src/terrain_translation.cpp en Wesnoth anterior a r32987, permite a los atacantes remotos causar una denegación de servicio (consumo de memoria y cuelgue de demonio) a través un mapa con una gran (1) anchura o (2) peso. • http://launchpad.net/bugs/335089 • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 70%CPEs: 19EXPL: 1CVE-2009-0367 – Wesnoth 1.x - PythonAI Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-0367
05 Mar 2009 — The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module. El módulo Python AI de Wesnoth v1.4.x y v1.5 anterior a v1.5.11, permite a atacantes remotos escapar del sandbox -cajón de arena- y ejecutar código de su elección utilizando un módulo de lista blanca que importa un módul... • https://www.exploit-db.com/exploits/32837 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 0%CPEs: 19EXPL: 0CVE-2007-6201
https://notcve.org/view.php?id=CVE-2007-6201
01 Dec 2007 — Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related to the turn_cmd option. Una vulnerabilidad no especificada en Wesnoth versiones 1.2.x anteriores a 1.2.8 y versiones 1.3.x anteriores a 1.3.12, permite a atacantes causar una denegación de servicio (bloqueo) por medio de un "faulty add-on" y probablemente ejecutar otros comandos por medio d... • http://secunia.com/advisories/27786 •
CVSS: 9.0EPSS: 1%CPEs: 81EXPL: 0CVE-2007-5742
https://notcve.org/view.php?id=CVE-2007-5742
01 Dec 2007 — Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors. Una vulnerabilidad de salto de directorio en el preprocesador del motor WML para Wesnoth versiones 1.2.x anteriores a 1.2.8 y versiones 1.3.x anteriores a 1.3.12, permite a atacantes remotos leer archivos arbitrarios por medio de secuencias ".." en vectores desconocidos. • http://osvdb.org/41713 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 4%CPEs: 15EXPL: 0CVE-2007-3917
https://notcve.org/view.php?id=CVE-2007-3917
11 Oct 2007 — The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers. El motor multijugador en Wesnoth versiones 1.2.x anteriores a 1.2.7 y versiones 1.3.x anteriores a 1.3.9, permite a l... • http://osvdb.org/41711 • CWE-134: Use of Externally-Controlled Format String •