Vulnerabilities > Transmissionbt > Transmission > 1.74

DATE CVE VULNERABILITY TITLE RISK
2020-05-15 CVE-2018-10756 Use After Free vulnerability in multiple products
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file. 		7.8
7.8
2019-10-30 CVE-2010-0749 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.
network
low complexity
transmissionbt debian CWE-119
5.3
5.3
2019-10-30 CVE-2010-0748 Improper Input Validation vulnerability in multiple products
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
network
low complexity
transmissionbt debian CWE-20
critical
 9.8
9.8
2018-01-15 CVE-2018-5702 Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
network
low complexity
transmissionbt debian
8.8
8.8