Wesnoth
Products
2- 8 CVEs
- 3 CVEs
Recent CVEs
9| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2015-5069 | Med | 0.21 | 4.3 | 0.02 | Sep 26, 2017 | The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl… | ||
| CVE-2015-5070 | Low | 0.13 | 3.1 | 0.01 | Sep 26, 2017 | The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information… | ||
| CVE-2009-0367 | 0.04 | — | 0.11 | Mar 5, 2009 | The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the… | |||
| CVE-2015-0844 | 0.00 | — | 0.02 | Apr 14, 2015 | The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file. | |||
| CVE-2009-0878 | 0.00 | — | 0.02 | Mar 12, 2009 | The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height. | |||
| CVE-2009-0366 | 0.00 | — | 0.02 | Mar 12, 2009 | The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document. | |||
| CVE-2007-5742 | 0.00 | — | 0.03 | Dec 1, 2007 | Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors. | |||
| CVE-2007-6201 | 0.00 | — | 0.01 | Dec 1, 2007 | Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related to the turn_cmd option. | |||
| CVE-2007-3917 | 0.00 | — | 0.02 | Oct 11, 2007 | The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught… |
- risk 0.21cvss 4.3epss 0.02
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl…
- risk 0.13cvss 3.1epss 0.01
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information…
- CVE-2009-0367Mar 5, 2009risk 0.04cvss —epss 0.11
The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the…
- CVE-2015-0844Apr 14, 2015risk 0.00cvss —epss 0.02
The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.
- CVE-2009-0878Mar 12, 2009risk 0.00cvss —epss 0.02
The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height.
- CVE-2009-0366Mar 12, 2009risk 0.00cvss —epss 0.02
The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document.
- CVE-2007-5742Dec 1, 2007risk 0.00cvss —epss 0.03
Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
- CVE-2007-6201Dec 1, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related to the turn_cmd option.
- CVE-2007-3917Oct 11, 2007risk 0.00cvss —epss 0.02
The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught…