Search criteria
10 vulnerabilities by transmissionbt
CVE-2018-10756 (GCVE-0-2018-10756)
Vulnerability from cvelistv5 – Published: 2020-05-15 15:56 – Updated: 2024-08-05 07:46
VLAI?
Summary
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:46:46.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
},
{
"name": "FEDORA-2020-e67318b4b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
},
{
"name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
},
{
"name": "FEDORA-2020-3ef028d53f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
},
{
"name": "GLSA-202007-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-07"
},
{
"name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-01T19:06:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
},
{
"name": "FEDORA-2020-e67318b4b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
},
{
"name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
},
{
"name": "FEDORA-2020-3ef028d53f",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
},
{
"name": "GLSA-202007-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-07"
},
{
"name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-10756",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e",
"refsource": "MISC",
"url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
},
{
"name": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/",
"refsource": "MISC",
"url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
},
{
"name": "FEDORA-2020-e67318b4b4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
},
{
"name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
},
{
"name": "FEDORA-2020-3ef028d53f",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
},
{
"name": "GLSA-202007-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-07"
},
{
"name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-10756",
"datePublished": "2020-05-15T15:56:21",
"dateReserved": "2018-05-05T00:00:00",
"dateUpdated": "2024-08-05T07:46:46.883Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0749 (GCVE-0-2010-0749)
Vulnerability from cvelistv5 – Published: 2019-10-30 22:45 – Updated: 2024-08-07 00:59
VLAI?
Summary
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.
Severity ?
No CVSS data available.
CWE
- Denial of Service - Malformed Input
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| transmission | transmission |
Affected:
before 1.92
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0749"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/ticket/1242"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "transmission",
"vendor": "transmission",
"versions": [
{
"status": "affected",
"version": "before 1.92"
}
]
}
],
"datePublic": "2008-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service - Malformed Input",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T22:45:13",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0749"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/ticket/1242"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0749",
"datePublished": "2019-10-30T22:45:13",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0748 (GCVE-0-2010-0748)
Vulnerability from cvelistv5 – Published: 2019-10-30 22:34 – Updated: 2024-08-07 00:59
VLAI?
Summary
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
Severity ?
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| transmission | transmission |
Affected:
before 1.92
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:59:38.897Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/ticket/2965"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "transmission",
"vendor": "transmission",
"versions": [
{
"status": "affected",
"version": "before 1.92"
}
]
}
],
"datePublic": "2010-02-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T22:38:21",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-0748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/ticket/2965"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
},
{
"name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0748",
"datePublished": "2019-10-30T22:34:40",
"dateReserved": "2010-02-26T00:00:00",
"dateUpdated": "2024-08-07T00:59:38.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5702 (GCVE-0-2018-5702)
Vulnerability from cvelistv5 – Published: 2018-01-15 16:00 – Updated: 2024-08-05 05:40
VLAI?
Summary
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:40:51.206Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
},
{
"name": "43665",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43665/"
},
{
"name": "DSA-4087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4087"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/transmission/transmission/pull/468"
},
{
"name": "GLSA-201806-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201806-07"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/taviso/status/951526615145566208"
},
{
"name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-21T09:57:02",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
},
{
"name": "43665",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43665/"
},
{
"name": "DSA-4087",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4087"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/transmission/transmission/pull/468"
},
{
"name": "GLSA-201806-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201806-07"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/taviso/status/951526615145566208"
},
{
"name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
},
{
"name": "43665",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43665/"
},
{
"name": "DSA-4087",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4087"
},
{
"name": "https://github.com/transmission/transmission/pull/468",
"refsource": "MISC",
"url": "https://github.com/transmission/transmission/pull/468"
},
{
"name": "GLSA-201806-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201806-07"
},
{
"name": "https://twitter.com/taviso/status/951526615145566208",
"refsource": "MISC",
"url": "https://twitter.com/taviso/status/951526615145566208"
},
{
"name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5702",
"datePublished": "2018-01-15T16:00:00",
"dateReserved": "2018-01-15T00:00:00",
"dateUpdated": "2024-08-05T05:40:51.206Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4909 (GCVE-0-2014-4909)
Vulnerability from cvelistv5 – Published: 2014-07-29 14:00 – Updated: 2024-08-06 11:27
VLAI?
Summary
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:27:36.988Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2014-8331",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
},
{
"name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
},
{
"name": "68487",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/68487"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
},
{
"name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
},
{
"name": "60108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60108"
},
{
"name": "60527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/60527"
},
{
"name": "59897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/59897"
},
{
"name": "DSA-2988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2014/dsa-2988"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://inertiawar.com/submission.go"
},
{
"name": "USN-2279-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2279-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://twitter.com/benhawkes/statuses/484378151959539712"
},
{
"name": "openSUSE-SU-2014:0980",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
},
{
"name": "108997",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/108997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-07-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-05T22:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2014-8331",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
},
{
"name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
},
{
"name": "68487",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/68487"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
},
{
"name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
},
{
"name": "60108",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60108"
},
{
"name": "60527",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/60527"
},
{
"name": "59897",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/59897"
},
{
"name": "DSA-2988",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2014/dsa-2988"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://inertiawar.com/submission.go"
},
{
"name": "USN-2279-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2279-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://twitter.com/benhawkes/statuses/484378151959539712"
},
{
"name": "openSUSE-SU-2014:0980",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
},
{
"name": "108997",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/108997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2014-8331",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
},
{
"name": "https://trac.transmissionbt.com/wiki/Changes#version-2.84",
"refsource": "CONFIRM",
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
},
{
"name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
},
{
"name": "68487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/68487"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=516822",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
},
{
"name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
},
{
"name": "60108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60108"
},
{
"name": "60527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/60527"
},
{
"name": "59897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/59897"
},
{
"name": "DSA-2988",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2014/dsa-2988"
},
{
"name": "http://inertiawar.com/submission.go",
"refsource": "MISC",
"url": "http://inertiawar.com/submission.go"
},
{
"name": "USN-2279-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2279-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
},
{
"name": "https://twitter.com/benhawkes/statuses/484378151959539712",
"refsource": "MISC",
"url": "https://twitter.com/benhawkes/statuses/484378151959539712"
},
{
"name": "openSUSE-SU-2014:0980",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
},
{
"name": "108997",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/108997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4909",
"datePublished": "2014-07-29T14:00:00",
"dateReserved": "2014-07-11T00:00:00",
"dateUpdated": "2024-08-06T11:27:36.988Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6129 (GCVE-0-2012-6129)
Vulnerability from cvelistv5 – Published: 2013-04-03 00:00 – Updated: 2024-09-16 22:50
VLAI?
Summary
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:38.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2013:0485",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/ticket/5002"
},
{
"name": "USN-1747-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1747-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/changeset/13646"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-04-03T00:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "openSUSE-SU-2013:0485",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.transmissionbt.com/ticket/5002"
},
{
"name": "USN-1747-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1747-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://trac.transmissionbt.com/changeset/13646"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0485",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"name": "https://trac.transmissionbt.com/ticket/5002",
"refsource": "MISC",
"url": "https://trac.transmissionbt.com/ticket/5002"
},
{
"name": "USN-1747-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1747-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=909934",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"name": "https://trac.transmissionbt.com/changeset/13646",
"refsource": "MISC",
"url": "https://trac.transmissionbt.com/changeset/13646"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-6129",
"datePublished": "2013-04-03T00:00:00Z",
"dateReserved": "2012-12-06T00:00:00Z",
"dateUpdated": "2024-09-16T22:50:21.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-4037 (GCVE-0-2012-4037)
Vulnerability from cvelistv5 – Published: 2012-08-15 20:00 – Updated: 2024-08-06 20:21
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:21:04.201Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.madirish.net/541"
},
{
"name": "50769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50769"
},
{
"name": "20120726 Transmission BitTorrent XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"name": "54705",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://trac.transmissionbt.com/ticket/4979"
},
{
"name": "50027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/50027"
},
{
"name": "USN-1584-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1584-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-30T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.madirish.net/541"
},
{
"name": "50769",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50769"
},
{
"name": "20120726 Transmission BitTorrent XSS Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"name": "54705",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://trac.transmissionbt.com/ticket/4979"
},
{
"name": "50027",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/50027"
},
{
"name": "USN-1584-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1584-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.madirish.net/541",
"refsource": "MISC",
"url": "http://www.madirish.net/541"
},
{
"name": "50769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50769"
},
{
"name": "20120726 Transmission BitTorrent XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"name": "54705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54705"
},
{
"name": "https://trac.transmissionbt.com/wiki/Changes#version-2.61",
"refsource": "CONFIRM",
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
},
{
"name": "https://trac.transmissionbt.com/ticket/4979",
"refsource": "CONFIRM",
"url": "https://trac.transmissionbt.com/ticket/4979"
},
{
"name": "50027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50027"
},
{
"name": "USN-1584-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1584-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-4037",
"datePublished": "2012-08-15T20:00:00",
"dateReserved": "2012-07-20T00:00:00",
"dateUpdated": "2024-08-06T20:21:04.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1853 (GCVE-0-2010-1853)
Vulnerability from cvelistv5 – Published: 2010-05-07 20:00 – Updated: 2024-09-16 19:57
VLAI?
Summary
Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.743Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "38814",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/38814"
},
{
"name": "63066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/63066"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/wiki/Changes"
},
{
"name": "ADV-2010-0655",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0655"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/ticket/2965"
},
{
"name": "39031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/changeset/10279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2010-05-07T20:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "38814",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/38814"
},
{
"name": "63066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/63066"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/wiki/Changes"
},
{
"name": "ADV-2010-0655",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0655"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/ticket/2965"
},
{
"name": "39031",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/changeset/10279"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38814"
},
{
"name": "63066",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/63066"
},
{
"name": "http://trac.transmissionbt.com/wiki/Changes",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/wiki/Changes"
},
{
"name": "ADV-2010-0655",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0655"
},
{
"name": "http://trac.transmissionbt.com/ticket/2965",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/ticket/2965"
},
{
"name": "39031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39031"
},
{
"name": "http://trac.transmissionbt.com/changeset/10279",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/changeset/10279"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1853",
"datePublished": "2010-05-07T20:00:00Z",
"dateReserved": "2010-05-07T00:00:00Z",
"dateUpdated": "2024-09-16T19:57:07.176Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0012 (GCVE-0-2010-0012)
Vulnerability from cvelistv5 – Published: 2010-01-08 17:00 – Updated: 2024-08-07 00:37
VLAI?
Summary
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:37:52.483Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
},
{
"name": "[oss-security] 20100106 Re: CVE Request: Transmission",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/500625"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://trac.transmissionbt.com/changeset/9829/"
},
{
"name": "38005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/38005"
},
{
"name": "ADV-2010-0071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0071"
},
{
"name": "DSA-1967",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2010/dsa-1967"
},
{
"name": "transmission-name-directory-traversal(55454)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
},
{
"name": "[oss-security] 20100106 CVE Request: Transmission",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
},
{
"name": "37993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37993"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-01-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
},
{
"name": "[oss-security] 20100106 Re: CVE Request: Transmission",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/500625"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://trac.transmissionbt.com/changeset/9829/"
},
{
"name": "38005",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/38005"
},
{
"name": "ADV-2010-0071",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0071"
},
{
"name": "DSA-1967",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2010/dsa-1967"
},
{
"name": "transmission-name-directory-traversal(55454)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
},
{
"name": "[oss-security] 20100106 CVE Request: Transmission",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
},
{
"name": "37993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37993"
},
{
"name": "SUSE-SA:2010:008",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2010-0012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://trac.transmissionbt.com/wiki/Changes#version-1.77",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
},
{
"name": "[oss-security] 20100106 Re: CVE Request: Transmission",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
},
{
"name": "https://launchpad.net/bugs/500625",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/500625"
},
{
"name": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
},
{
"name": "http://trac.transmissionbt.com/changeset/9829/",
"refsource": "CONFIRM",
"url": "http://trac.transmissionbt.com/changeset/9829/"
},
{
"name": "38005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38005"
},
{
"name": "ADV-2010-0071",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0071"
},
{
"name": "DSA-1967",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1967"
},
{
"name": "transmission-name-directory-traversal(55454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
},
{
"name": "[oss-security] 20100106 CVE Request: Transmission",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
},
{
"name": "37993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37993"
},
{
"name": "SUSE-SA:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg264483.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-0012",
"datePublished": "2010-01-08T17:00:00",
"dateReserved": "2009-12-14T00:00:00",
"dateUpdated": "2024-08-07T00:37:52.483Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1757 (GCVE-0-2009-1757)
Vulnerability from cvelistv5 – Published: 2009-05-22 01:00 – Updated: 2024-09-16 20:06
VLAI?
Summary
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:53.646Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.transmissionbt.com/index.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-22T01:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.transmissionbt.com/index.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
},
{
"name": "http://www.transmissionbt.com/index.php",
"refsource": "CONFIRM",
"url": "http://www.transmissionbt.com/index.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1757",
"datePublished": "2009-05-22T01:00:00Z",
"dateReserved": "2009-05-21T00:00:00Z",
"dateUpdated": "2024-09-16T20:06:44.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}