VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
>
Transmissionbt
>
Transmission
> 1.74
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2020-05-15
CVE-2018-10756
Use After Free vulnerability in multiple products
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
local
low complexity
transmissionbt
debian
fedoraproject
CWE-416
7.8
7.8
2019-10-30
CVE-2010-0749
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.
network
low complexity
transmissionbt
debian
CWE-119
5.3
5.3
2019-10-30
CVE-2010-0748
Improper Input Validation vulnerability in multiple products
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
network
low complexity
transmissionbt
debian
CWE-20
critical
9.8
9.8
2018-01-15
CVE-2018-5702
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
network
low complexity
transmissionbt
debian
8.8
8.8