Wesnoth

wesnoth

10 CVEs • 3 products

Products (3)

Click to collapse

Toggle

Battle For Wesnoth

battle_for_wesnoth

The Battle For Wesnoth

the_battle_for_wesnoth

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2018-1999023 1Wesnoth 1The Battle For Wesnoth Nov 21, 2024 Jul 23, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable...Show more The Battle for Wesnoth Project version 1.7.0 through 1.14.3 contains a Code Injection vulnerability in the Lua scripting engine that can result in code execution outside the sandbox. This attack appear to be exploitable via Loading specially-crafted saved games, networked games, replays, and player content.Show less
CVE-2015-5070 2Fedoraproject Wesnoth 2Battle For Wesnoth Fedora May 13, 2026 Sep 26, 2017 N/A· v4 3.1 LOW· v3 3.5 LOW· v2 The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is u...Show more The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.4 and 1.13.x before 1.13.1, when a case-insensitive filesystem is used, allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5069.Show less
CVE-2015-5069 2Fedoraproject Wesnoth 2Battle For Wesnoth Fedora May 13, 2026 Sep 26, 2017 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensiti...Show more The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.Show less
CVE-2015-0844 2Fedoraproject Wesnoth 2Battle For Wesnoth Fedora May 6, 2026 Apr 14, 2015 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file.
CVE-2009-0878 1Wesnoth 1Wesnoth Apr 23, 2026 Mar 12, 2009 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The read_game_map function in src/terrain_translation.cpp in Wesnoth before r32987 allows remote attackers to cause a denial of service (memory consumption and daemon hang) via a map with a large (1) width or (2) height.
CVE-2009-0366 1Wesnoth 1Wesnoth Apr 23, 2026 Mar 12, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document.
CVE-2009-0367 1Wesnoth 1Wesnoth Apr 23, 2026 Mar 5, 2009 N/A· v4 N/A· v3 9.3 HIGH· v2 The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical...Show more The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows remote attackers to escape the sandbox and execute arbitrary code by using a whitelisted module that imports an unsafe module, then using a hierarchical module name to access the unsafe module through the whitelisted module.Show less
CVE-2007-6201 1Wesnoth 1Wesnoth Apr 23, 2026 Dec 1, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related...Show more Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows attackers to cause a denial of service (hang) via a "faulty add-on" and possibly execute other commands via unknown vectors related to the turn_cmd option.Show less
CVE-2007-5742 1Wesnoth 1Wesnoth Apr 23, 2026 Dec 1, 2007 N/A· v4 N/A· v3 9.0 HIGH· v2 Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
CVE-2007-3917 1Wesnoth 1Wesnoth Apr 23, 2026 Oct 11, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string...Show more The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before 1.3.9 allows remote servers to cause a denial of service (crash) via a long message with multibyte characters that can produce an invalid UTF-8 string after it is truncated, which triggers an uncaught exception, involving the truncate_message function in server/server.cpp. NOTE: this issue affects both clients and servers.Show less