Search criteria
30 vulnerabilities found for transmission by transmissionbt
FKIE_CVE-2018-10756
Vulnerability from fkie_nvd - Published: 2020-05-15 16:15 - Updated: 2024-11-21 03:41
Severity ?
Summary
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D13F8427-7635-4583-8666-E49CC4CB0C28",
"versionEndExcluding": "3.00",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file."
},
{
"lang": "es",
"value": "Un uso de la memoria previamente liberada en el archivo libtransmission/variant.c en Transmission versiones anteriores a 3.00, permite a atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo) o posiblemente ejecutar c\u00f3digo arbitrario por medio de un archivo torrent dise\u00f1ado."
}
],
"id": "CVE-2018-10756",
"lastModified": "2024-11-21T03:41:59.273",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-15T16:15:11.437",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-07"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202007-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Vendor Advisory"
],
"url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-0749
Vulnerability from fkie_nvd - Published: 2019-10-30 23:15 - Updated: 2024-11-21 01:12
Severity ?
Summary
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | * | |
| linux | linux_kernel | - | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A15489B4-BA11-4BC8-8F75-D1D91B200BFC",
"versionEndExcluding": "1.92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame."
},
{
"lang": "es",
"value": "Transmission versiones anteriores a 1.92, permite a atacantes impedir la descarga de un archivo mediante datos corruptos durante el final del juego."
}
],
"id": "CVE-2010-0749",
"lastModified": "2024-11-21T01:12:52.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-30T23:15:10.080",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0749"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://trac.transmissionbt.com/ticket/1242"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0749"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://trac.transmissionbt.com/ticket/1242"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-0748
Vulnerability from fkie_nvd - Published: 2019-10-30 23:15 - Updated: 2024-11-21 01:12
Severity ?
Summary
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | * | |
| linux | linux_kernel | - | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A15489B4-BA11-4BC8-8F75-D1D91B200BFC",
"versionEndExcluding": "1.92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link."
},
{
"lang": "es",
"value": "Transmission versiones anteriores a 1.92, permite a un atacante causar una denegaci\u00f3n de servicio (bloqueo) o posiblemente tener otro impacto no especificado por medio de una gran cantidad de argumentos tr en un enlace magn\u00e9tico."
}
],
"id": "CVE-2010-0748",
"lastModified": "2024-11-21T01:12:52.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-30T23:15:10.000",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748"
},
{
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0748"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://trac.transmissionbt.com/ticket/2965"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
],
"url": "https://trac.transmissionbt.com/ticket/2965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2018-5702
Vulnerability from fkie_nvd - Published: 2018-01-15 16:29 - Updated: 2024-11-21 04:09
Severity ?
Summary
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B071AA00-0BC4-4915-9784-8F0F354EE8DC",
"versionEndIncluding": "2.92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack."
},
{
"lang": "es",
"value": "Transmission, hasta la versi\u00f3n 2.92, conf\u00eda en X-Transmission-Session-Id (que no es una cabecera prohibida para Fetch) para el control de acceso, lo que permite que atacantes remotos ejecuten comandos RPC arbitrarios y escriban en archivos arbitrarios mediante peticiones POST en /transmission/rpc, en combinaci\u00f3n con un ataque de DNS rebinding."
}
],
"id": "CVE-2018-5702",
"lastModified": "2024-11-21T04:09:12.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-01-15T16:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Technical Description",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/transmission/transmission/pull/468"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201806-07"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/taviso/status/951526615145566208"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4087"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43665/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Technical Description",
"Third Party Advisory"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://github.com/transmission/transmission/pull/468"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201806-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://twitter.com/taviso/status/951526615145566208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4087"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://www.exploit-db.com/exploits/43665/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-4909
Vulnerability from fkie_nvd - Published: 2014-07-29 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA96D9A5-ECB7-451A-9EBC-B99149C0455E",
"versionEndIncluding": "2.83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF93408-3A3D-4FD8-A857-C7A872964D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE58C6BE-513E-458F-9A74-F037F287D415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B877F9A-C73B-4B81-9E5C-B92E7C080E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9AE0C3-5609-42C5-A08E-C299ECEE82E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "135D1D2D-4A9F-4EBB-9D50-92B25DC60879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "040D1568-6213-4A5C-99D5-AB4ECAF345A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8240A86D-3B9A-4128-9645-331A18C16C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "48B583C2-48AD-4EC9-AA64-9FCBF7840AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "01489B59-895D-45AA-846E-521961E7C0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C8E851-6FE0-469B-BA93-B5E46CEA9DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7165AE-5A4D-4FDD-95BF-5D2754778FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9CFEEC-E2F4-456E-A7AE-94F822A0F333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE49E40-8F91-4885-8F46-9E038E978563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "4A43CB7E-0126-46EA-BEB6-8C1AB1E5AC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "03E04D86-17AA-4777-AD8C-FF62477767EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "9587577D-CEFD-4E92-A667-B40357FBFF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDD24F7-412D-4922-B803-23D53F95FBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "73E89FF5-FC50-4F90-8419-8D2F941FA42E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3795D4-AC23-4F9F-B6B4-5BD429BCAE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "06444C9C-252E-4303-9BCA-B2C0332B04A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB85CAB-5987-4066-BB78-8B71A7E3510F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "630B75D1-9E59-4EBE-8D53-BE4893F62774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D72BD649-9E99-425D-BC95-C54FB15AEFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "105E1FA8-08AE-477E-B7F2-68BCDE6EEA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "F076D056-0292-40F7-A50C-8B13922A3C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F3AEA3-C68A-4A76-8BFC-52CAF4C91106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A2928593-E0E1-429E-A67F-B5A61E8E5199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2CFA06-5B3B-40BC-8D2F-450408A0E616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6C46E575-274E-43F9-B815-BC1F3C29552A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "62611674-01EB-4AB3-90E5-CF22935E3DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2E151076-5286-4FBF-B53C-28F5D9D41566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8A583FF8-E8A5-48AB-AE2F-D7F64BE9F9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B90969C1-C1A4-4C3B-9313-56E1985DCD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BC6E21-3766-4D78-9F44-5EFDCD5F38D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "70E61E47-D922-4219-A220-153EA38E7A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D13E7B38-B905-4048-A75B-1AA3A28A49F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "421BD25F-E03F-41DA-8E81-444DE5C5622A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6A7241-50D3-4E5E-8FEA-6BF600E5E4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "98DC0548-67E2-474C-AF06-9101DF378484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B2A9F0-BE57-4846-BD7C-C2A39FF7E5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD404C1-CDD6-4118-8FCE-905C401FD3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C570DD0B-CB0D-4451-AC24-47853DCE4E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*",
"matchCriteriaId": "8976E88E-6F6C-4E77-87A4-8F1AAA854C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*",
"matchCriteriaId": "C53FAA2E-0DA8-4E61-A27F-B3A163664848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*",
"matchCriteriaId": "D07949FB-2E87-4B8A-B7E2-60444ED696B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE2FA6F-B00F-487E-ADAA-B1D143EC0E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*",
"matchCriteriaId": "91A94B6D-5A85-413D-AE62-BF3AA92DF907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCE11DA-4DA7-4514-B36B-31CA63152C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7E760518-A52C-4A3F-83FB-ACCA48B7923F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "1A781F17-EF6E-45F5-9839-36C026CF9CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*",
"matchCriteriaId": "02A55EC6-EECB-4804-9F67-02F21A7BFB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*",
"matchCriteriaId": "F55CA862-6178-4FEC-A122-6A62885D29EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "44F8B086-2248-415B-8021-C9C94A4E2FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9C12FB-48A9-441A-9FA1-CBAB73F2F58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B75889-EBAC-445A-A533-BA3C1364221E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*",
"matchCriteriaId": "D208640B-D2E6-46A3-BBC7-9C0762936539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "216E8246-8E7B-4EAB-9452-E56AAE16765A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4F3F54-2AE0-46B3-97E4-39696C1AE6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA16CCA-ABED-402E-9EE1-454B8E120892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA75982-D35A-42FA-A2E9-928AD9FE9CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFB745A-88F7-4A47-9A44-8711E3606E08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAC0FAB-F158-4E2F-B7AC-FFE63BA565D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF4D6A2-DBC1-49EE-9638-A3A22511CB5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "41DB6C12-279A-4B0A-BE64-144AD038524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDDD4AD-C0C8-4FDA-97E7-F1395340AFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "22C27354-98E7-47D2-95CB-FF59963F24EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94CFB0-5945-4A0A-A40B-BB8ABDC6911A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "5F21460D-70BE-4F66-BEA7-C6700310F8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C44CFB78-950B-4354-BF51-B4DE70723F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "812C82F6-EB76-43D0-8EA6-E917FE544139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "943A3E15-3069-4B55-90F9-A36EB82E1FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "090E313A-9FD2-4D07-9D41-FE9450E12110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "71E3FEC6-9C1D-4975-9B29-1510587416D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "952EBA2A-DCEC-41F0-A5D6-4EDC18DCBFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6D8E86-B710-4C18-BCAD-81A6CAEC5DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C52C0634-FBC2-47CF-B1FA-E3E873D8AB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "86B4DB35-A633-4D6C-928A-FB016CF87A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA5759E-A7DC-48B0-8BEA-616D5615FE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "8420D18C-D4D5-4FB6-A5B2-F4DD3286C99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "160BE257-6A76-411E-8E5D-E5CA65C2B891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AE182574-8650-4A4A-91F0-5D1497D1ADA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8465A93C-2761-4DE8-A0B8-BF54912EC132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "5487F402-49C4-4DB3-92CA-5B40E760AE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "98ABCA8A-AFE4-48F0-842C-27C4D45EDAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD4B602-A244-4410-BD90-57B4F7FE4668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*",
"matchCriteriaId": "801EE163-E97C-4D5D-A4AB-F62DDFE2A593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4E83F-83C6-4A48-BEAD-0F9EB737F94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "C261E066-B709-42AA-93C1-47044B499AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C45D85-7F72-4D5B-8581-3E038864822E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "831C74DF-AEDE-4EFD-95F8-9141E57614C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB76BC4-93D9-4581-B8D3-219C9EB4F942",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.73:*:*:*:*:*:*:*",
"matchCriteriaId": "A0BD93C6-8843-4E4D-9422-2D5DEA7FA6D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.74:*:*:*:*:*:*:*",
"matchCriteriaId": "B24A7721-761E-426D-AE73-DFADAF05F97E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.75:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF3E6EC-9B6C-4807-98FD-44F90B86050D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.76:*:*:*:*:*:*:*",
"matchCriteriaId": "4A926CB5-3725-4A54-9514-6BD23AF7B92B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.77:*:*:*:*:*:*:*",
"matchCriteriaId": "C211F634-B961-4FC9-A872-2E105C4711D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.80:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D2E218-A1BE-4A58-B058-55C71A0A69D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.81:*:*:*:*:*:*:*",
"matchCriteriaId": "B16BB981-16DE-4B15-9585-6C67E7CF0158",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.82:*:*:*:*:*:*:*",
"matchCriteriaId": "6155BB7F-8D08-4B18-BC0D-F3E438EBF6E9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
},
{
"lang": "es",
"value": "Desbordamiento de enteros en la funci\u00f3n tr_bitfieldEnsureNthBitAlloced en bitfield.c en Transmission anterior a 2.84 permite a atacantes remotos causar una denegaci\u00f3n de servicios y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un mensaje de par manipulado, lo que provoca una escritura fuera de rango."
}
],
"id": "CVE-2014-4909",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-29T14:55:07.703",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://inertiawar.com/submission.go"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/59897"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60108"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/60527"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2014/dsa-2988"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/108997"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/68487"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2279-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
},
{
"source": "cve@mitre.org",
"url": "https://twitter.com/benhawkes/statuses/484378151959539712"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://inertiawar.com/submission.go"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/59897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60108"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60527"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-2988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/108997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68487"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2279-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://twitter.com/benhawkes/statuses/484378151959539712"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-6129
Vulnerability from fkie_nvd - Published: 2013-04-03 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C1245F6-DFD1-44D3-93D5-DA77AB818244",
"versionEndIncluding": "2.73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF93408-3A3D-4FD8-A857-C7A872964D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE58C6BE-513E-458F-9A74-F037F287D415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B877F9A-C73B-4B81-9E5C-B92E7C080E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9AE0C3-5609-42C5-A08E-C299ECEE82E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "135D1D2D-4A9F-4EBB-9D50-92B25DC60879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "040D1568-6213-4A5C-99D5-AB4ECAF345A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8240A86D-3B9A-4128-9645-331A18C16C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "48B583C2-48AD-4EC9-AA64-9FCBF7840AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "01489B59-895D-45AA-846E-521961E7C0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C8E851-6FE0-469B-BA93-B5E46CEA9DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7165AE-5A4D-4FDD-95BF-5D2754778FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9CFEEC-E2F4-456E-A7AE-94F822A0F333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE49E40-8F91-4885-8F46-9E038E978563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "4A43CB7E-0126-46EA-BEB6-8C1AB1E5AC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "03E04D86-17AA-4777-AD8C-FF62477767EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "9587577D-CEFD-4E92-A667-B40357FBFF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDD24F7-412D-4922-B803-23D53F95FBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "73E89FF5-FC50-4F90-8419-8D2F941FA42E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3795D4-AC23-4F9F-B6B4-5BD429BCAE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "06444C9C-252E-4303-9BCA-B2C0332B04A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB85CAB-5987-4066-BB78-8B71A7E3510F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "630B75D1-9E59-4EBE-8D53-BE4893F62774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D72BD649-9E99-425D-BC95-C54FB15AEFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "105E1FA8-08AE-477E-B7F2-68BCDE6EEA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "F076D056-0292-40F7-A50C-8B13922A3C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F3AEA3-C68A-4A76-8BFC-52CAF4C91106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A2928593-E0E1-429E-A67F-B5A61E8E5199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2CFA06-5B3B-40BC-8D2F-450408A0E616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6C46E575-274E-43F9-B815-BC1F3C29552A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "62611674-01EB-4AB3-90E5-CF22935E3DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2E151076-5286-4FBF-B53C-28F5D9D41566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8A583FF8-E8A5-48AB-AE2F-D7F64BE9F9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B90969C1-C1A4-4C3B-9313-56E1985DCD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BC6E21-3766-4D78-9F44-5EFDCD5F38D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "70E61E47-D922-4219-A220-153EA38E7A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D13E7B38-B905-4048-A75B-1AA3A28A49F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "421BD25F-E03F-41DA-8E81-444DE5C5622A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6A7241-50D3-4E5E-8FEA-6BF600E5E4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "98DC0548-67E2-474C-AF06-9101DF378484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B2A9F0-BE57-4846-BD7C-C2A39FF7E5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD404C1-CDD6-4118-8FCE-905C401FD3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C570DD0B-CB0D-4451-AC24-47853DCE4E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*",
"matchCriteriaId": "8976E88E-6F6C-4E77-87A4-8F1AAA854C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*",
"matchCriteriaId": "C53FAA2E-0DA8-4E61-A27F-B3A163664848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*",
"matchCriteriaId": "D07949FB-2E87-4B8A-B7E2-60444ED696B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE2FA6F-B00F-487E-ADAA-B1D143EC0E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*",
"matchCriteriaId": "91A94B6D-5A85-413D-AE62-BF3AA92DF907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCE11DA-4DA7-4514-B36B-31CA63152C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7E760518-A52C-4A3F-83FB-ACCA48B7923F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "1A781F17-EF6E-45F5-9839-36C026CF9CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*",
"matchCriteriaId": "02A55EC6-EECB-4804-9F67-02F21A7BFB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*",
"matchCriteriaId": "F55CA862-6178-4FEC-A122-6A62885D29EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "44F8B086-2248-415B-8021-C9C94A4E2FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9C12FB-48A9-441A-9FA1-CBAB73F2F58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B75889-EBAC-445A-A533-BA3C1364221E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*",
"matchCriteriaId": "D208640B-D2E6-46A3-BBC7-9C0762936539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "216E8246-8E7B-4EAB-9452-E56AAE16765A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4F3F54-2AE0-46B3-97E4-39696C1AE6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA16CCA-ABED-402E-9EE1-454B8E120892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA75982-D35A-42FA-A2E9-928AD9FE9CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFB745A-88F7-4A47-9A44-8711E3606E08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAC0FAB-F158-4E2F-B7AC-FFE63BA565D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF4D6A2-DBC1-49EE-9638-A3A22511CB5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "41DB6C12-279A-4B0A-BE64-144AD038524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDDD4AD-C0C8-4FDA-97E7-F1395340AFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "22C27354-98E7-47D2-95CB-FF59963F24EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94CFB0-5945-4A0A-A40B-BB8ABDC6911A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "5F21460D-70BE-4F66-BEA7-C6700310F8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C44CFB78-950B-4354-BF51-B4DE70723F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "812C82F6-EB76-43D0-8EA6-E917FE544139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "943A3E15-3069-4B55-90F9-A36EB82E1FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "090E313A-9FD2-4D07-9D41-FE9450E12110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "71E3FEC6-9C1D-4975-9B29-1510587416D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "952EBA2A-DCEC-41F0-A5D6-4EDC18DCBFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6D8E86-B710-4C18-BCAD-81A6CAEC5DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C52C0634-FBC2-47CF-B1FA-E3E873D8AB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "86B4DB35-A633-4D6C-928A-FB016CF87A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA5759E-A7DC-48B0-8BEA-616D5615FE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "8420D18C-D4D5-4FB6-A5B2-F4DD3286C99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "160BE257-6A76-411E-8E5D-E5CA65C2B891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AE182574-8650-4A4A-91F0-5D1497D1ADA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8465A93C-2761-4DE8-A0B8-BF54912EC132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "5487F402-49C4-4DB3-92CA-5B40E760AE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "98ABCA8A-AFE4-48F0-842C-27C4D45EDAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD4B602-A244-4410-BD90-57B4F7FE4668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*",
"matchCriteriaId": "801EE163-E97C-4D5D-A4AB-F62DDFE2A593",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.60:*:*:*:*:*:*:*",
"matchCriteriaId": "F0C4E83F-83C6-4A48-BEAD-0F9EB737F94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.61:*:*:*:*:*:*:*",
"matchCriteriaId": "C261E066-B709-42AA-93C1-47044B499AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.70:*:*:*:*:*:*:*",
"matchCriteriaId": "B0C45D85-7F72-4D5B-8581-3E038864822E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.71:*:*:*:*:*:*:*",
"matchCriteriaId": "831C74DF-AEDE-4EFD-95F8-9141E57614C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.72:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB76BC4-93D9-4581-B8D3-219C9EB4F942",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
"matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en utp.cpp en libutp, tal como se utiliza en la transmisi\u00f3n antes de v2.74 y posiblemente otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de \"paquetes de protocolo micro de transporte\" elaborados para este proposito."
}
],
"evaluatorImpact": "Per http://www.ubuntu.com/usn/USN-1747-1/ \"A security issue affects these releases of Ubuntu and its derivatives:\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\"\r\n\r\nPer https://bugzilla.redhat.com/show_bug.cgi?id=909934 \"\r\nThis issue affects the version of the transmission package, as shipped with Fedora release of 16. Please schedule an update.\"",
"id": "CVE-2012-6129",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-03T00:55:01.283",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1747-1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://trac.transmissionbt.com/changeset/13646"
},
{
"source": "secalert@redhat.com",
"url": "https://trac.transmissionbt.com/ticket/5002"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1747-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://trac.transmissionbt.com/changeset/13646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://trac.transmissionbt.com/ticket/5002"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-4037
Vulnerability from fkie_nvd - Published: 2012-08-15 20:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66CC6C74-97E1-4EB1-9DA7-19995386BC9A",
"versionEndIncluding": "2.60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF93408-3A3D-4FD8-A857-C7A872964D8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE58C6BE-513E-458F-9A74-F037F287D415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1B877F9A-C73B-4B81-9E5C-B92E7C080E7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9AE0C3-5609-42C5-A08E-C299ECEE82E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "135D1D2D-4A9F-4EBB-9D50-92B25DC60879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "040D1568-6213-4A5C-99D5-AB4ECAF345A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8240A86D-3B9A-4128-9645-331A18C16C4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "48B583C2-48AD-4EC9-AA64-9FCBF7840AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "01489B59-895D-45AA-846E-521961E7C0DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C8E851-6FE0-469B-BA93-B5E46CEA9DDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "DD7165AE-5A4D-4FDD-95BF-5D2754778FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9CFEEC-E2F4-456E-A7AE-94F822A0F333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE49E40-8F91-4885-8F46-9E038E978563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "4A43CB7E-0126-46EA-BEB6-8C1AB1E5AC1C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "03E04D86-17AA-4777-AD8C-FF62477767EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "9587577D-CEFD-4E92-A667-B40357FBFF04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "0EDD24F7-412D-4922-B803-23D53F95FBDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "73E89FF5-FC50-4F90-8419-8D2F941FA42E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "FA3795D4-AC23-4F9F-B6B4-5BD429BCAE05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "06444C9C-252E-4303-9BCA-B2C0332B04A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB85CAB-5987-4066-BB78-8B71A7E3510F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "630B75D1-9E59-4EBE-8D53-BE4893F62774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D72BD649-9E99-425D-BC95-C54FB15AEFF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "105E1FA8-08AE-477E-B7F2-68BCDE6EEA42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "F076D056-0292-40F7-A50C-8B13922A3C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*",
"matchCriteriaId": "B6F3AEA3-C68A-4A76-8BFC-52CAF4C91106",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A2928593-E0E1-429E-A67F-B5A61E8E5199",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*",
"matchCriteriaId": "8D2CFA06-5B3B-40BC-8D2F-450408A0E616",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "6C46E575-274E-43F9-B815-BC1F3C29552A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "62611674-01EB-4AB3-90E5-CF22935E3DF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "2E151076-5286-4FBF-B53C-28F5D9D41566",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "8A583FF8-E8A5-48AB-AE2F-D7F64BE9F9A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B90969C1-C1A4-4C3B-9313-56E1985DCD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BC6E21-3766-4D78-9F44-5EFDCD5F38D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "70E61E47-D922-4219-A220-153EA38E7A8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "D13E7B38-B905-4048-A75B-1AA3A28A49F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "421BD25F-E03F-41DA-8E81-444DE5C5622A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6A7241-50D3-4E5E-8FEA-6BF600E5E4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "98DC0548-67E2-474C-AF06-9101DF378484",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "B4B2A9F0-BE57-4846-BD7C-C2A39FF7E5A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "CCD404C1-CDD6-4118-8FCE-905C401FD3F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C570DD0B-CB0D-4451-AC24-47853DCE4E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*",
"matchCriteriaId": "8976E88E-6F6C-4E77-87A4-8F1AAA854C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*",
"matchCriteriaId": "C53FAA2E-0DA8-4E61-A27F-B3A163664848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*",
"matchCriteriaId": "D07949FB-2E87-4B8A-B7E2-60444ED696B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*",
"matchCriteriaId": "0EE2FA6F-B00F-487E-ADAA-B1D143EC0E32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*",
"matchCriteriaId": "91A94B6D-5A85-413D-AE62-BF3AA92DF907",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCE11DA-4DA7-4514-B36B-31CA63152C9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "7E760518-A52C-4A3F-83FB-ACCA48B7923F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "1A781F17-EF6E-45F5-9839-36C026CF9CD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*",
"matchCriteriaId": "02A55EC6-EECB-4804-9F67-02F21A7BFB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*",
"matchCriteriaId": "F55CA862-6178-4FEC-A122-6A62885D29EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "44F8B086-2248-415B-8021-C9C94A4E2FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9C12FB-48A9-441A-9FA1-CBAB73F2F58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B75889-EBAC-445A-A533-BA3C1364221E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*",
"matchCriteriaId": "D208640B-D2E6-46A3-BBC7-9C0762936539",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "216E8246-8E7B-4EAB-9452-E56AAE16765A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4F3F54-2AE0-46B3-97E4-39696C1AE6C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*",
"matchCriteriaId": "0DA16CCA-ABED-402E-9EE1-454B8E120892",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*",
"matchCriteriaId": "8FA75982-D35A-42FA-A2E9-928AD9FE9CB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "5EFB745A-88F7-4A47-9A44-8711E3606E08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAC0FAB-F158-4E2F-B7AC-FFE63BA565D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF4D6A2-DBC1-49EE-9638-A3A22511CB5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "41DB6C12-279A-4B0A-BE64-144AD038524A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "4BDDD4AD-C0C8-4FDA-97E7-F1395340AFBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "22C27354-98E7-47D2-95CB-FF59963F24EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "8E94CFB0-5945-4A0A-A40B-BB8ABDC6911A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "5F21460D-70BE-4F66-BEA7-C6700310F8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*",
"matchCriteriaId": "C44CFB78-950B-4354-BF51-B4DE70723F8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "812C82F6-EB76-43D0-8EA6-E917FE544139",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "943A3E15-3069-4B55-90F9-A36EB82E1FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "090E313A-9FD2-4D07-9D41-FE9450E12110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "71E3FEC6-9C1D-4975-9B29-1510587416D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "952EBA2A-DCEC-41F0-A5D6-4EDC18DCBFDD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6D8E86-B710-4C18-BCAD-81A6CAEC5DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "C52C0634-FBC2-47CF-B1FA-E3E873D8AB84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "86B4DB35-A633-4D6C-928A-FB016CF87A9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "4AA5759E-A7DC-48B0-8BEA-616D5615FE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "8420D18C-D4D5-4FB6-A5B2-F4DD3286C99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "160BE257-6A76-411E-8E5D-E5CA65C2B891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "AE182574-8650-4A4A-91F0-5D1497D1ADA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8465A93C-2761-4DE8-A0B8-BF54912EC132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "5487F402-49C4-4DB3-92CA-5B40E760AE42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*",
"matchCriteriaId": "98ABCA8A-AFE4-48F0-842C-27C4D45EDAB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*",
"matchCriteriaId": "8DD4B602-A244-4410-BD90-57B4F7FE4668",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*",
"matchCriteriaId": "801EE163-E97C-4D5D-A4AB-F62DDFE2A593",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de ejecuci\u00f3n de comandos en sitios cruzados (XSS) en el cliente web en (Transmission) anterior a v2.61 permite a atacantes remotos inyectar c\u00f3digo web o HTML arbitrario a trav\u00e9s de (1) un comentario, (2) el campo (created by), o (3) el campo de nombre en un fichero (torrent)."
}
],
"id": "CVE-2012-4037",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-08-15T20:55:03.930",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50027"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/50769"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.madirish.net/541"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/54705"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1584-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://trac.transmissionbt.com/ticket/4979"
},
{
"source": "cve@mitre.org",
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/50027"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/50769"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.madirish.net/541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1584-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://trac.transmissionbt.com/ticket/4979"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1853
Vulnerability from fkie_nvd - Published: 2010-05-07 20:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | 1.91 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "AFAC0FAB-F158-4E2F-B7AC-FFE63BA565D7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer basado en pila en la funci\u00f3n tr_magnetParse en libtransmission/magnet.c en Transmission v1.91, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) o posiblemente ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de una URL manipulada con un n\u00famero de enlaces (1) tr o (2) ws muy grande."
}
],
"id": "CVE-2010-1853",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-05-07T20:30:01.093",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39031"
},
{
"source": "cve@mitre.org",
"url": "http://trac.transmissionbt.com/changeset/10279"
},
{
"source": "cve@mitre.org",
"url": "http://trac.transmissionbt.com/ticket/2965"
},
{
"source": "cve@mitre.org",
"url": "http://trac.transmissionbt.com/wiki/Changes"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/63066"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38814"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0655"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/39031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://trac.transmissionbt.com/changeset/10279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://trac.transmissionbt.com/ticket/2965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://trac.transmissionbt.com/wiki/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/63066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/38814"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2010/0655"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-0012
Vulnerability from fkie_nvd - Published: 2010-01-08 17:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | 1.22 | |
| transmissionbt | transmission | 1.34 | |
| transmissionbt | transmission | 1.75 | |
| transmissionbt | transmission | 1.76 | |
| debian | debian_linux | 5.0 | |
| opensuse | opensuse | 11.0 | |
| opensuse | opensuse | 11.1 | |
| opensuse | opensuse | 11.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B90969C1-C1A4-4C3B-9313-56E1985DCD2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7E6A7241-50D3-4E5E-8FEA-6BF600E5E4B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "7D9C12FB-48A9-441A-9FA1-CBAB73F2F58D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*",
"matchCriteriaId": "C8B75889-EBAC-445A-A533-BA3C1364221E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en libtransmission/metainfo.c en Transmission v1.22, v1.34, v1.75, y v1.76 permite a atacantes remotos sobreescribir ficheros de su elecci\u00f3n a trav\u00e9s de .. (punto punto) en un nombre de ruta con un fichero .torrent"
}
],
"id": "CVE-2010-0012",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2010-01-08T17:30:02.317",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37993"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38005"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://trac.transmissionbt.com/changeset/9829/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
],
"url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-1967"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
},
{
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2010/0071"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://launchpad.net/bugs/500625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/37993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://secunia.com/advisories/38005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://trac.transmissionbt.com/changeset/9829/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2010/dsa-1967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "http://www.vupen.com/english/advisories/2010/0071"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://launchpad.net/bugs/500625"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1757
Vulnerability from fkie_nvd - Published: 2009-05-22 11:52 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | 1.50 | |
| transmissionbt | transmission | 1.51 | |
| transmissionbt | transmission | 1.52 | |
| transmissionbt | transmission | 1.60 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "C570DD0B-CB0D-4451-AC24-47853DCE4E44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*",
"matchCriteriaId": "8976E88E-6F6C-4E77-87A4-8F1AAA854C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*",
"matchCriteriaId": "C53FAA2E-0DA8-4E61-A27F-B3A163664848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*",
"matchCriteriaId": "91A94B6D-5A85-413D-AE62-BF3AA92DF907",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en Transmission v1.5 anterior a v1.53 y v1.6 anterior a v1.61, permite a los atacantes remotos secuestrar la autenticaci\u00f3n de v\u00edctimas no especificadas a trav\u00e9s de vectores desconocidos."
}
],
"id": "CVE-2009-1757",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-05-22T11:52:40.593",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.transmissionbt.com/index.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.transmissionbt.com/index.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2018-10756 (GCVE-0-2018-10756)
Vulnerability from cvelistv5 – Published: 2020-05-15 15:56 – Updated: 2024-08-05 07:46
VLAI?
Summary
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
},
{
"name": "FEDORA-2020-e67318b4b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
},
{
"name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
},
{
"name": "FEDORA-2020-3ef028d53f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
},
{
"name": "GLSA-202007-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-07"
},
{
"name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-01T19:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
},
{
"name": "FEDORA-2020-e67318b4b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
},
{
"name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
},
{
"name": "FEDORA-2020-3ef028d53f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
},
{
"name": "GLSA-202007-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-07"
},
{
"name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e",
"refsource": "MISC",
"url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
},
{
"name": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/",
"refsource": "MISC",
"url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
},
{
"name": "FEDORA-2020-e67318b4b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
},
{
"name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
},
{
"name": "FEDORA-2020-3ef028d53f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
},
{
"name": "GLSA-202007-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-07"
},
{
"name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10756",
"datePublished": "2020-05-15T15:56:21",
"dateReserved": "2018-05-05T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0749 (GCVE-0-2010-0749)
Vulnerability from cvelistv5 – Published: 2019-10-30 22:45 – Updated: 2024-08-07 00:59
VLAI?
Summary
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.
Severity ?
No CVSS data available.
CWE
- Denial of Service - Malformed Input
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| transmission | transmission |
Affected:
before 1.92
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0749"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/ticket/1242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "transmission",
"vendor": "transmission",
"versions": [
{
"status": "affected",
"version": "before 1.92"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service - Malformed Input",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T22:45:13",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0749"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/ticket/1242"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0749",
"datePublished": "2019-10-30T22:45:13",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0748 (GCVE-0-2010-0748)
Vulnerability from cvelistv5 – Published: 2019-10-30 22:34 – Updated: 2024-08-07 00:59
VLAI?
Summary
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| transmission | transmission |
Affected:
before 1.92
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/ticket/2965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "transmission",
"vendor": "transmission",
"versions": [
{
"status": "affected",
"version": "before 1.92"
}
]
}
],
"datePublic": "2010-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T22:38:21",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/ticket/2965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0748",
"datePublished": "2019-10-30T22:34:40",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5702 (GCVE-0-2018-5702)
Vulnerability from cvelistv5 – Published: 2018-01-15 16:00 – Updated: 2024-08-05 05:40
VLAI?
Summary
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
},
{
"name": "43665",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43665/"
},
{
"name": "DSA-4087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/transmission/transmission/pull/468"
},
{
"name": "GLSA-201806-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201806-07"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/taviso/status/951526615145566208"
},
{
"name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
},
{
"name": "43665",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43665/"
},
{
"name": "DSA-4087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/transmission/transmission/pull/468"
},
{
"name": "GLSA-201806-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201806-07"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/taviso/status/951526615145566208"
},
{
"name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
},
{
"name": "43665",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43665/"
},
{
"name": "DSA-4087",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4087"
},
{
"name": "https://github.com/transmission/transmission/pull/468",
"refsource": "MISC",
"url": "https://github.com/transmission/transmission/pull/468"
},
{
"name": "GLSA-201806-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201806-07"
},
{
"name": "https://twitter.com/taviso/status/951526615145566208",
"refsource": "MISC",
"url": "https://twitter.com/taviso/status/951526615145566208"
},
{
"name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5702",
"datePublished": "2018-01-15T16:00:00",
"dateReserved": "2018-01-15T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4909 (GCVE-0-2014-4909)
Vulnerability from cvelistv5 – Published: 2014-07-29 14:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-8331",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
},
{
"name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
},
{
"name": "68487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
},
{
"name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
},
{
"name": "60108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60108"
},
{
"name": "60527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60527"
},
{
"name": "59897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59897"
},
{
"name": "DSA-2988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2988"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://inertiawar.com/submission.go"
},
{
"name": "USN-2279-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2279-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/benhawkes/statuses/484378151959539712"
},
{
"name": "openSUSE-SU-2014:0980",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
},
{
"name": "108997",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/108997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2014-8331",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
},
{
"name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
},
{
"name": "68487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
},
{
"name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
},
{
"name": "60108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60108"
},
{
"name": "60527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60527"
},
{
"name": "59897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59897"
},
{
"name": "DSA-2988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2988"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://inertiawar.com/submission.go"
},
{
"name": "USN-2279-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2279-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/benhawkes/statuses/484378151959539712"
},
{
"name": "openSUSE-SU-2014:0980",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
},
{
"name": "108997",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/108997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-8331",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
},
{
"name": "https://trac.transmissionbt.com/wiki/Changes#version-2.84",
"refsource": "CONFIRM",
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
},
{
"name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
},
{
"name": "68487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68487"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=516822",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
},
{
"name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
},
{
"name": "60108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60108"
},
{
"name": "60527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60527"
},
{
"name": "59897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59897"
},
{
"name": "DSA-2988",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2988"
},
{
"name": "http://inertiawar.com/submission.go",
"refsource": "MISC",
"url": "http://inertiawar.com/submission.go"
},
{
"name": "USN-2279-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2279-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
},
{
"name": "https://twitter.com/benhawkes/statuses/484378151959539712",
"refsource": "MISC",
"url": "https://twitter.com/benhawkes/statuses/484378151959539712"
},
{
"name": "openSUSE-SU-2014:0980",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
},
{
"name": "108997",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/108997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4909",
"datePublished": "2014-07-29T14:00:00",
"dateReserved": "2014-07-11T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6129 (GCVE-0-2012-6129)
Vulnerability from cvelistv5 – Published: 2013-04-03 00:00 – Updated: 2024-09-16 22:50
VLAI?
Summary
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:38.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0485",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/ticket/5002"
},
{
"name": "USN-1747-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1747-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/changeset/13646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-03T00:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:0485",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.transmissionbt.com/ticket/5002"
},
{
"name": "USN-1747-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1747-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.transmissionbt.com/changeset/13646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0485",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"name": "https://trac.transmissionbt.com/ticket/5002",
"refsource": "MISC",
"url": "https://trac.transmissionbt.com/ticket/5002"
},
{
"name": "USN-1747-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1747-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=909934",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"name": "https://trac.transmissionbt.com/changeset/13646",
"refsource": "MISC",
"url": "https://trac.transmissionbt.com/changeset/13646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6129",
"datePublished": "2013-04-03T00:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-16T22:50:21.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4037 (GCVE-0-2012-4037)
Vulnerability from cvelistv5 – Published: 2012-08-15 20:00 – Updated: 2024-08-06 20:21
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/541"
},
{
"name": "50769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50769"
},
{
"name": "20120726 Transmission BitTorrent XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"name": "54705",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/ticket/4979"
},
{
"name": "50027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50027"
},
{
"name": "USN-1584-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1584-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/541"
},
{
"name": "50769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50769"
},
{
"name": "20120726 Transmission BitTorrent XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"name": "54705",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/ticket/4979"
},
{
"name": "50027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50027"
},
{
"name": "USN-1584-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1584-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.madirish.net/541",
"refsource": "MISC",
"url": "http://www.madirish.net/541"
},
{
"name": "50769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50769"
},
{
"name": "20120726 Transmission BitTorrent XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"name": "54705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54705"
},
{
"name": "https://trac.transmissionbt.com/wiki/Changes#version-2.61",
"refsource": "CONFIRM",
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
},
{
"name": "https://trac.transmissionbt.com/ticket/4979",
"refsource": "CONFIRM",
"url": "https://trac.transmissionbt.com/ticket/4979"
},
{
"name": "50027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50027"
},
{
"name": "USN-1584-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1584-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4037",
"datePublished": "2012-08-15T20:00:00",
"dateReserved": "2012-07-20T00:00:00",
"dateUpdated": "2024-08-06T20:21:04.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1853 (GCVE-0-2010-1853)
Vulnerability from cvelistv5 – Published: 2010-05-07 20:00 – Updated: 2024-09-16 19:57
VLAI?
Summary
Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38814",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38814"
},
{
"name": "63066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/63066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/wiki/Changes"
},
{
"name": "ADV-2010-0655",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0655"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/ticket/2965"
},
{
"name": "39031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/changeset/10279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-07T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38814",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38814"
},
{
"name": "63066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/63066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/wiki/Changes"
},
{
"name": "ADV-2010-0655",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0655"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/ticket/2965"
},
{
"name": "39031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/changeset/10279"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38814"
},
{
"name": "63066",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63066"
},
{
"name": "http://trac.transmissionbt.com/wiki/Changes",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/wiki/Changes"
},
{
"name": "ADV-2010-0655",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0655"
},
{
"name": "http://trac.transmissionbt.com/ticket/2965",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/ticket/2965"
},
{
"name": "39031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39031"
},
{
"name": "http://trac.transmissionbt.com/changeset/10279",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/changeset/10279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1853",
"datePublished": "2010-05-07T20:00:00Z",
"dateReserved": "2010-05-07T00:00:00Z",
"dateUpdated": "2024-09-16T19:57:07.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0012 (GCVE-0-2010-0012)
Vulnerability from cvelistv5 – Published: 2010-01-08 17:00 – Updated: 2024-08-07 00:37
VLAI?
Summary
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:52.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
},
{
"name": "[oss-security] 20100106 Re: CVE Request: Transmission",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/500625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/changeset/9829/"
},
{
"name": "38005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38005"
},
{
"name": "ADV-2010-0071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0071"
},
{
"name": "DSA-1967",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1967"
},
{
"name": "transmission-name-directory-traversal(55454)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
},
{
"name": "[oss-security] 20100106 CVE Request: Transmission",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
},
{
"name": "37993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37993"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
},
{
"name": "[oss-security] 20100106 Re: CVE Request: Transmission",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/500625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/changeset/9829/"
},
{
"name": "38005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38005"
},
{
"name": "ADV-2010-0071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0071"
},
{
"name": "DSA-1967",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1967"
},
{
"name": "transmission-name-directory-traversal(55454)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
},
{
"name": "[oss-security] 20100106 CVE Request: Transmission",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
},
{
"name": "37993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37993"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://trac.transmissionbt.com/wiki/Changes#version-1.77",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
},
{
"name": "[oss-security] 20100106 Re: CVE Request: Transmission",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
},
{
"name": "https://launchpad.net/bugs/500625",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/500625"
},
{
"name": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
},
{
"name": "http://trac.transmissionbt.com/changeset/9829/",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/changeset/9829/"
},
{
"name": "38005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38005"
},
{
"name": "ADV-2010-0071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0071"
},
{
"name": "DSA-1967",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1967"
},
{
"name": "transmission-name-directory-traversal(55454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
},
{
"name": "[oss-security] 20100106 CVE Request: Transmission",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
},
{
"name": "37993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37993"
},
{
"name": "SUSE-SA:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg264483.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0012",
"datePublished": "2010-01-08T17:00:00",
"dateReserved": "2009-12-14T00:00:00",
"dateUpdated": "2024-08-07T00:37:52.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1757 (GCVE-0-2009-1757)
Vulnerability from cvelistv5 – Published: 2009-05-22 01:00 – Updated: 2024-09-16 20:06
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:53.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.transmissionbt.com/index.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-22T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.transmissionbt.com/index.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
},
{
"name": "http://www.transmissionbt.com/index.php",
"refsource": "CONFIRM",
"url": "http://www.transmissionbt.com/index.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1757",
"datePublished": "2009-05-22T01:00:00Z",
"dateReserved": "2009-05-21T00:00:00Z",
"dateUpdated": "2024-09-16T20:06:44.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-10756 (GCVE-0-2018-10756)
Vulnerability from nvd – Published: 2020-05-15 15:56 – Updated: 2024-08-05 07:46
VLAI?
Summary
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
},
{
"name": "FEDORA-2020-e67318b4b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
},
{
"name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
},
{
"name": "FEDORA-2020-3ef028d53f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
},
{
"name": "GLSA-202007-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-07"
},
{
"name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-01T19:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
},
{
"name": "FEDORA-2020-e67318b4b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
},
{
"name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
},
{
"name": "FEDORA-2020-3ef028d53f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
},
{
"name": "GLSA-202007-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-07"
},
{
"name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e",
"refsource": "MISC",
"url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
},
{
"name": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/",
"refsource": "MISC",
"url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
},
{
"name": "FEDORA-2020-e67318b4b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
},
{
"name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
},
{
"name": "FEDORA-2020-3ef028d53f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
},
{
"name": "GLSA-202007-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-07"
},
{
"name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10756",
"datePublished": "2020-05-15T15:56:21",
"dateReserved": "2018-05-05T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0749 (GCVE-0-2010-0749)
Vulnerability from nvd – Published: 2019-10-30 22:45 – Updated: 2024-08-07 00:59
VLAI?
Summary
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.
Severity ?
No CVSS data available.
CWE
- Denial of Service - Malformed Input
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| transmission | transmission |
Affected:
before 1.92
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0749"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/ticket/1242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "transmission",
"vendor": "transmission",
"versions": [
{
"status": "affected",
"version": "before 1.92"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service - Malformed Input",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T22:45:13",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0749"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/ticket/1242"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0749",
"datePublished": "2019-10-30T22:45:13",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0748 (GCVE-0-2010-0748)
Vulnerability from nvd – Published: 2019-10-30 22:34 – Updated: 2024-08-07 00:59
VLAI?
Summary
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| transmission | transmission |
Affected:
before 1.92
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/ticket/2965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "transmission",
"vendor": "transmission",
"versions": [
{
"status": "affected",
"version": "before 1.92"
}
]
}
],
"datePublic": "2010-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T22:38:21",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/ticket/2965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0748",
"datePublished": "2019-10-30T22:34:40",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5702 (GCVE-0-2018-5702)
Vulnerability from nvd – Published: 2018-01-15 16:00 – Updated: 2024-08-05 05:40
VLAI?
Summary
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
},
{
"name": "43665",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43665/"
},
{
"name": "DSA-4087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/transmission/transmission/pull/468"
},
{
"name": "GLSA-201806-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201806-07"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/taviso/status/951526615145566208"
},
{
"name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
},
{
"name": "43665",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43665/"
},
{
"name": "DSA-4087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/transmission/transmission/pull/468"
},
{
"name": "GLSA-201806-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201806-07"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/taviso/status/951526615145566208"
},
{
"name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
},
{
"name": "43665",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43665/"
},
{
"name": "DSA-4087",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4087"
},
{
"name": "https://github.com/transmission/transmission/pull/468",
"refsource": "MISC",
"url": "https://github.com/transmission/transmission/pull/468"
},
{
"name": "GLSA-201806-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201806-07"
},
{
"name": "https://twitter.com/taviso/status/951526615145566208",
"refsource": "MISC",
"url": "https://twitter.com/taviso/status/951526615145566208"
},
{
"name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5702",
"datePublished": "2018-01-15T16:00:00",
"dateReserved": "2018-01-15T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4909 (GCVE-0-2014-4909)
Vulnerability from nvd – Published: 2014-07-29 14:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-8331",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
},
{
"name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
},
{
"name": "68487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
},
{
"name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
},
{
"name": "60108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60108"
},
{
"name": "60527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60527"
},
{
"name": "59897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59897"
},
{
"name": "DSA-2988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2988"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://inertiawar.com/submission.go"
},
{
"name": "USN-2279-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2279-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/benhawkes/statuses/484378151959539712"
},
{
"name": "openSUSE-SU-2014:0980",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
},
{
"name": "108997",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/108997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2014-8331",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
},
{
"name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
},
{
"name": "68487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
},
{
"name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
},
{
"name": "60108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60108"
},
{
"name": "60527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60527"
},
{
"name": "59897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59897"
},
{
"name": "DSA-2988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2988"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://inertiawar.com/submission.go"
},
{
"name": "USN-2279-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2279-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/benhawkes/statuses/484378151959539712"
},
{
"name": "openSUSE-SU-2014:0980",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
},
{
"name": "108997",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/108997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-8331",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
},
{
"name": "https://trac.transmissionbt.com/wiki/Changes#version-2.84",
"refsource": "CONFIRM",
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
},
{
"name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
},
{
"name": "68487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68487"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=516822",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
},
{
"name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
},
{
"name": "60108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60108"
},
{
"name": "60527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60527"
},
{
"name": "59897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59897"
},
{
"name": "DSA-2988",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2988"
},
{
"name": "http://inertiawar.com/submission.go",
"refsource": "MISC",
"url": "http://inertiawar.com/submission.go"
},
{
"name": "USN-2279-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2279-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
},
{
"name": "https://twitter.com/benhawkes/statuses/484378151959539712",
"refsource": "MISC",
"url": "https://twitter.com/benhawkes/statuses/484378151959539712"
},
{
"name": "openSUSE-SU-2014:0980",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
},
{
"name": "108997",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/108997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4909",
"datePublished": "2014-07-29T14:00:00",
"dateReserved": "2014-07-11T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6129 (GCVE-0-2012-6129)
Vulnerability from nvd – Published: 2013-04-03 00:00 – Updated: 2024-09-16 22:50
VLAI?
Summary
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:38.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0485",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/ticket/5002"
},
{
"name": "USN-1747-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1747-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/changeset/13646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-03T00:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:0485",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.transmissionbt.com/ticket/5002"
},
{
"name": "USN-1747-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1747-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.transmissionbt.com/changeset/13646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0485",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"name": "https://trac.transmissionbt.com/ticket/5002",
"refsource": "MISC",
"url": "https://trac.transmissionbt.com/ticket/5002"
},
{
"name": "USN-1747-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1747-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=909934",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"name": "https://trac.transmissionbt.com/changeset/13646",
"refsource": "MISC",
"url": "https://trac.transmissionbt.com/changeset/13646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6129",
"datePublished": "2013-04-03T00:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-16T22:50:21.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4037 (GCVE-0-2012-4037)
Vulnerability from nvd – Published: 2012-08-15 20:00 – Updated: 2024-08-06 20:21
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/541"
},
{
"name": "50769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50769"
},
{
"name": "20120726 Transmission BitTorrent XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"name": "54705",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/ticket/4979"
},
{
"name": "50027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50027"
},
{
"name": "USN-1584-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1584-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/541"
},
{
"name": "50769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50769"
},
{
"name": "20120726 Transmission BitTorrent XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"name": "54705",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/ticket/4979"
},
{
"name": "50027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50027"
},
{
"name": "USN-1584-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1584-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.madirish.net/541",
"refsource": "MISC",
"url": "http://www.madirish.net/541"
},
{
"name": "50769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50769"
},
{
"name": "20120726 Transmission BitTorrent XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"name": "54705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54705"
},
{
"name": "https://trac.transmissionbt.com/wiki/Changes#version-2.61",
"refsource": "CONFIRM",
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
},
{
"name": "https://trac.transmissionbt.com/ticket/4979",
"refsource": "CONFIRM",
"url": "https://trac.transmissionbt.com/ticket/4979"
},
{
"name": "50027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50027"
},
{
"name": "USN-1584-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1584-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4037",
"datePublished": "2012-08-15T20:00:00",
"dateReserved": "2012-07-20T00:00:00",
"dateUpdated": "2024-08-06T20:21:04.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1853 (GCVE-0-2010-1853)
Vulnerability from nvd – Published: 2010-05-07 20:00 – Updated: 2024-09-16 19:57
VLAI?
Summary
Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38814",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38814"
},
{
"name": "63066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/63066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/wiki/Changes"
},
{
"name": "ADV-2010-0655",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0655"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/ticket/2965"
},
{
"name": "39031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/changeset/10279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-07T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38814",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38814"
},
{
"name": "63066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/63066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/wiki/Changes"
},
{
"name": "ADV-2010-0655",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0655"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/ticket/2965"
},
{
"name": "39031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/changeset/10279"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38814"
},
{
"name": "63066",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63066"
},
{
"name": "http://trac.transmissionbt.com/wiki/Changes",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/wiki/Changes"
},
{
"name": "ADV-2010-0655",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0655"
},
{
"name": "http://trac.transmissionbt.com/ticket/2965",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/ticket/2965"
},
{
"name": "39031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39031"
},
{
"name": "http://trac.transmissionbt.com/changeset/10279",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/changeset/10279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1853",
"datePublished": "2010-05-07T20:00:00Z",
"dateReserved": "2010-05-07T00:00:00Z",
"dateUpdated": "2024-09-16T19:57:07.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0012 (GCVE-0-2010-0012)
Vulnerability from nvd – Published: 2010-01-08 17:00 – Updated: 2024-08-07 00:37
VLAI?
Summary
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:52.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
},
{
"name": "[oss-security] 20100106 Re: CVE Request: Transmission",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/500625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/changeset/9829/"
},
{
"name": "38005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38005"
},
{
"name": "ADV-2010-0071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0071"
},
{
"name": "DSA-1967",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1967"
},
{
"name": "transmission-name-directory-traversal(55454)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
},
{
"name": "[oss-security] 20100106 CVE Request: Transmission",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
},
{
"name": "37993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37993"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
},
{
"name": "[oss-security] 20100106 Re: CVE Request: Transmission",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/500625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/changeset/9829/"
},
{
"name": "38005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38005"
},
{
"name": "ADV-2010-0071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0071"
},
{
"name": "DSA-1967",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1967"
},
{
"name": "transmission-name-directory-traversal(55454)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
},
{
"name": "[oss-security] 20100106 CVE Request: Transmission",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
},
{
"name": "37993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37993"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://trac.transmissionbt.com/wiki/Changes#version-1.77",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
},
{
"name": "[oss-security] 20100106 Re: CVE Request: Transmission",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
},
{
"name": "https://launchpad.net/bugs/500625",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/500625"
},
{
"name": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
},
{
"name": "http://trac.transmissionbt.com/changeset/9829/",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/changeset/9829/"
},
{
"name": "38005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38005"
},
{
"name": "ADV-2010-0071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0071"
},
{
"name": "DSA-1967",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1967"
},
{
"name": "transmission-name-directory-traversal(55454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
},
{
"name": "[oss-security] 20100106 CVE Request: Transmission",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
},
{
"name": "37993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37993"
},
{
"name": "SUSE-SA:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg264483.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0012",
"datePublished": "2010-01-08T17:00:00",
"dateReserved": "2009-12-14T00:00:00",
"dateUpdated": "2024-08-07T00:37:52.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1757 (GCVE-0-2009-1757)
Vulnerability from nvd – Published: 2009-05-22 01:00 – Updated: 2024-09-16 20:06
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:53.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.transmissionbt.com/index.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-22T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.transmissionbt.com/index.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
},
{
"name": "http://www.transmissionbt.com/index.php",
"refsource": "CONFIRM",
"url": "http://www.transmissionbt.com/index.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1757",
"datePublished": "2009-05-22T01:00:00Z",
"dateReserved": "2009-05-21T00:00:00Z",
"dateUpdated": "2024-09-16T20:06:44.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}