Vulnerabilities > Transmissionbt

DATE CVE VULNERABILITY TITLE RISK
2020-05-15 CVE-2018-10756 Use After Free vulnerability in multiple products
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
7.8
2019-10-30 CVE-2010-0749 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.
network
low complexity
transmissionbt debian CWE-119
5.3
2019-10-30 CVE-2010-0748 Improper Input Validation vulnerability in multiple products
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
network
low complexity
transmissionbt debian CWE-20
critical
9.8
2018-01-15 CVE-2018-5702 Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
network
low complexity
transmissionbt debian
8.8
2010-01-08 CVE-2010-0012 Path Traversal vulnerability in multiple products
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a ..
network
low complexity
transmissionbt debian opensuse CWE-22
8.8