Vulnerabilites related to transmissionbt - transmission
Vulnerability from fkie_nvd
Published
2010-01-08 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | 1.22 | |
| transmissionbt | transmission | 1.34 | |
| transmissionbt | transmission | 1.75 | |
| transmissionbt | transmission | 1.76 | |
| debian | debian_linux | 5.0 | |
| opensuse | opensuse | 11.0 | |
| opensuse | opensuse | 11.1 | |
| opensuse | opensuse | 11.2 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*", matchCriteriaId: "B90969C1-C1A4-4C3B-9313-56E1985DCD2A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*", matchCriteriaId: "7E6A7241-50D3-4E5E-8FEA-6BF600E5E4B9", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*", matchCriteriaId: "7D9C12FB-48A9-441A-9FA1-CBAB73F2F58D", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*", matchCriteriaId: "C8B75889-EBAC-445A-A533-BA3C1364221E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", matchCriteriaId: "8C757774-08E7-40AA-B532-6F705C8F7639", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", matchCriteriaId: "1B42AB65-443B-4655-BAEA-4EB4A43D9509", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", matchCriteriaId: "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", vulnerable: true, }, { criteria: "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", matchCriteriaId: "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.", }, { lang: "es", value: "Vulnerabilidad de salto de directorio en libtransmission/metainfo.c en Transmission v1.22, v1.34, v1.75, y v1.76 permite a atacantes remotos sobreescribir ficheros de su elección a través de .. (punto punto) en un nombre de ruta con un fichero .torrent", }, ], id: "CVE-2010-0012", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2010-01-08T17:30:02.317", references: [ { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/37993", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/38005", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://trac.transmissionbt.com/changeset/9829/", }, { source: "secalert@redhat.com", tags: [ "Broken Link", ], url: "http://trac.transmissionbt.com/wiki/Changes#version-1.77", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2010/dsa-1967", }, { source: "secalert@redhat.com", tags: [ "Patch", ], url: "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2010/01/06/2", }, { source: "secalert@redhat.com", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2010/01/06/4", }, { source: "secalert@redhat.com", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2010/0071", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", ], url: "https://launchpad.net/bugs/500625", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/37993", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://secunia.com/advisories/38005", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://trac.transmissionbt.com/changeset/9829/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Broken Link", ], url: "http://trac.transmissionbt.com/wiki/Changes#version-1.77", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "http://www.debian.org/security/2010/dsa-1967", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2010/01/06/2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", ], url: "http://www.openwall.com/lists/oss-security/2010/01/06/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Permissions Required", ], url: "http://www.vupen.com/english/advisories/2010/0071", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", "VDB Entry", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", ], url: "https://launchpad.net/bugs/500625", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-15 16:15
Modified
2024-11-21 03:41
Severity ?
Summary
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*", matchCriteriaId: "D13F8427-7635-4583-8666-E49CC4CB0C28", versionEndExcluding: "3.00", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", matchCriteriaId: "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", matchCriteriaId: "36D96259-24BD-44E2-96D9-78CE1D41F956", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.", }, { lang: "es", value: "Un uso de la memoria previamente liberada en el archivo libtransmission/variant.c en Transmission versiones anteriores a 3.00, permite a atacantes remotos causar una denegación de servicio (bloqueo) o posiblemente ejecutar código arbitrario por medio de un archivo torrent diseñado.", }, ], id: "CVE-2018-10756", lastModified: "2024-11-21T03:41:59.273", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 7.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-15T16:15:11.437", references: [ { source: "cve@mitre.org", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/", }, { source: "cve@mitre.org", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-07", }, { source: "cve@mitre.org", tags: [ "Exploit", "Mitigation", "Vendor Advisory", ], url: "https://tomrichards.net/2020/05/cve-2018-10756-transmission/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Third Party Advisory", ], url: "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/202007-07", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Mitigation", "Vendor Advisory", ], url: "https://tomrichards.net/2020/05/cve-2018-10756-transmission/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-416", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2018-01-15 16:29
Modified
2024-11-21 04:09
Severity ?
Summary
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*", matchCriteriaId: "B071AA00-0BC4-4915-9784-8F0F354EE8DC", versionEndIncluding: "2.92", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", matchCriteriaId: "16F59A04-14CF-49E2-9973-645477EA09DA", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.", }, { lang: "es", value: "Transmission, hasta la versión 2.92, confía en X-Transmission-Session-Id (que no es una cabecera prohibida para Fetch) para el control de acceso, lo que permite que atacantes remotos ejecuten comandos RPC arbitrarios y escriban en archivos arbitrarios mediante peticiones POST en /transmission/rpc, en combinación con un ataque de DNS rebinding.", }, ], id: "CVE-2018-5702", lastModified: "2024-11-21T04:09:12.163", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2018-01-15T16:29:00.237", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Technical Description", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447", }, { source: "cve@mitre.org", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://github.com/transmission/transmission/pull/468", }, { source: "cve@mitre.org", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201806-07", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://twitter.com/taviso/status/951526615145566208", }, { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4087", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43665/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Technical Description", "Third Party Advisory", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Technical Description", "Third Party Advisory", ], url: "https://github.com/transmission/transmission/pull/468", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Third Party Advisory", ], url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security.gentoo.org/glsa/201806-07", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://twitter.com/taviso/status/951526615145566208", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://www.debian.org/security/2018/dsa-4087", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", "VDB Entry", ], url: "https://www.exploit-db.com/exploits/43665/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2013-04-03 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*", matchCriteriaId: "6C1245F6-DFD1-44D3-93D5-DA77AB818244", versionEndIncluding: "2.73", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*", matchCriteriaId: "EAF93408-3A3D-4FD8-A857-C7A872964D8E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*", matchCriteriaId: "DE58C6BE-513E-458F-9A74-F037F287D415", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*", matchCriteriaId: "1B877F9A-C73B-4B81-9E5C-B92E7C080E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*", matchCriteriaId: "0F9AE0C3-5609-42C5-A08E-C299ECEE82E0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*", matchCriteriaId: "135D1D2D-4A9F-4EBB-9D50-92B25DC60879", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*", matchCriteriaId: "040D1568-6213-4A5C-99D5-AB4ECAF345A5", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "8240A86D-3B9A-4128-9645-331A18C16C4F", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*", matchCriteriaId: "48B583C2-48AD-4EC9-AA64-9FCBF7840AE2", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*", matchCriteriaId: "01489B59-895D-45AA-846E-521961E7C0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*", matchCriteriaId: "C4C8E851-6FE0-469B-BA93-B5E46CEA9DDB", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*", matchCriteriaId: "DD7165AE-5A4D-4FDD-95BF-5D2754778FE9", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*", matchCriteriaId: "FE9CFEEC-E2F4-456E-A7AE-94F822A0F333", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*", matchCriteriaId: "4DE49E40-8F91-4885-8F46-9E038E978563", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*", matchCriteriaId: "4A43CB7E-0126-46EA-BEB6-8C1AB1E5AC1C", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*", matchCriteriaId: "03E04D86-17AA-4777-AD8C-FF62477767EB", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*", matchCriteriaId: "9587577D-CEFD-4E92-A667-B40357FBFF04", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*", matchCriteriaId: "0EDD24F7-412D-4922-B803-23D53F95FBDA", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*", matchCriteriaId: "73E89FF5-FC50-4F90-8419-8D2F941FA42E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*", matchCriteriaId: "FA3795D4-AC23-4F9F-B6B4-5BD429BCAE05", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*", matchCriteriaId: "06444C9C-252E-4303-9BCA-B2C0332B04A6", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*", matchCriteriaId: "2BB85CAB-5987-4066-BB78-8B71A7E3510F", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*", matchCriteriaId: "630B75D1-9E59-4EBE-8D53-BE4893F62774", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*", matchCriteriaId: "D72BD649-9E99-425D-BC95-C54FB15AEFF0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*", matchCriteriaId: "105E1FA8-08AE-477E-B7F2-68BCDE6EEA42", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F076D056-0292-40F7-A50C-8B13922A3C47", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*", matchCriteriaId: "B6F3AEA3-C68A-4A76-8BFC-52CAF4C91106", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*", matchCriteriaId: "A2928593-E0E1-429E-A67F-B5A61E8E5199", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*", matchCriteriaId: "8D2CFA06-5B3B-40BC-8D2F-450408A0E616", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*", matchCriteriaId: "6C46E575-274E-43F9-B815-BC1F3C29552A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*", matchCriteriaId: "62611674-01EB-4AB3-90E5-CF22935E3DF4", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*", matchCriteriaId: "2E151076-5286-4FBF-B53C-28F5D9D41566", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*", matchCriteriaId: "8A583FF8-E8A5-48AB-AE2F-D7F64BE9F9A2", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*", matchCriteriaId: "B90969C1-C1A4-4C3B-9313-56E1985DCD2A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*", matchCriteriaId: "C7BC6E21-3766-4D78-9F44-5EFDCD5F38D8", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*", matchCriteriaId: "70E61E47-D922-4219-A220-153EA38E7A8B", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*", matchCriteriaId: "D13E7B38-B905-4048-A75B-1AA3A28A49F9", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*", matchCriteriaId: "421BD25F-E03F-41DA-8E81-444DE5C5622A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*", matchCriteriaId: "7E6A7241-50D3-4E5E-8FEA-6BF600E5E4B9", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*", matchCriteriaId: "98DC0548-67E2-474C-AF06-9101DF378484", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*", matchCriteriaId: "B4B2A9F0-BE57-4846-BD7C-C2A39FF7E5A1", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*", matchCriteriaId: "CCD404C1-CDD6-4118-8FCE-905C401FD3F0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*", matchCriteriaId: "C570DD0B-CB0D-4451-AC24-47853DCE4E44", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*", matchCriteriaId: "8976E88E-6F6C-4E77-87A4-8F1AAA854C7A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*", matchCriteriaId: "C53FAA2E-0DA8-4E61-A27F-B3A163664848", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*", matchCriteriaId: "D07949FB-2E87-4B8A-B7E2-60444ED696B4", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*", matchCriteriaId: "0EE2FA6F-B00F-487E-ADAA-B1D143EC0E32", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*", matchCriteriaId: "91A94B6D-5A85-413D-AE62-BF3AA92DF907", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*", matchCriteriaId: "2CCE11DA-4DA7-4514-B36B-31CA63152C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*", matchCriteriaId: "7E760518-A52C-4A3F-83FB-ACCA48B7923F", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*", matchCriteriaId: "1A781F17-EF6E-45F5-9839-36C026CF9CD2", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*", matchCriteriaId: "02A55EC6-EECB-4804-9F67-02F21A7BFB51", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*", matchCriteriaId: "F55CA862-6178-4FEC-A122-6A62885D29EB", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*", matchCriteriaId: "44F8B086-2248-415B-8021-C9C94A4E2FBC", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*", matchCriteriaId: "7D9C12FB-48A9-441A-9FA1-CBAB73F2F58D", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*", matchCriteriaId: "C8B75889-EBAC-445A-A533-BA3C1364221E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*", matchCriteriaId: "D208640B-D2E6-46A3-BBC7-9C0762936539", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*", matchCriteriaId: "216E8246-8E7B-4EAB-9452-E56AAE16765A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*", matchCriteriaId: "DC4F3F54-2AE0-46B3-97E4-39696C1AE6C1", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*", matchCriteriaId: "0DA16CCA-ABED-402E-9EE1-454B8E120892", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*", matchCriteriaId: "8FA75982-D35A-42FA-A2E9-928AD9FE9CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*", matchCriteriaId: "5EFB745A-88F7-4A47-9A44-8711E3606E08", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*", matchCriteriaId: "AFAC0FAB-F158-4E2F-B7AC-FFE63BA565D7", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*", matchCriteriaId: "5BF4D6A2-DBC1-49EE-9638-A3A22511CB5D", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*", matchCriteriaId: "41DB6C12-279A-4B0A-BE64-144AD038524A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*", matchCriteriaId: "4BDDD4AD-C0C8-4FDA-97E7-F1395340AFBC", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*", matchCriteriaId: "22C27354-98E7-47D2-95CB-FF59963F24EC", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*", matchCriteriaId: "8E94CFB0-5945-4A0A-A40B-BB8ABDC6911A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*", matchCriteriaId: "5F21460D-70BE-4F66-BEA7-C6700310F8A0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*", matchCriteriaId: "C44CFB78-950B-4354-BF51-B4DE70723F8A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*", matchCriteriaId: "812C82F6-EB76-43D0-8EA6-E917FE544139", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*", matchCriteriaId: "943A3E15-3069-4B55-90F9-A36EB82E1FBA", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*", matchCriteriaId: "090E313A-9FD2-4D07-9D41-FE9450E12110", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*", matchCriteriaId: "71E3FEC6-9C1D-4975-9B29-1510587416D0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*", matchCriteriaId: "952EBA2A-DCEC-41F0-A5D6-4EDC18DCBFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*", matchCriteriaId: "6A6D8E86-B710-4C18-BCAD-81A6CAEC5DBB", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*", matchCriteriaId: "C52C0634-FBC2-47CF-B1FA-E3E873D8AB84", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*", matchCriteriaId: "86B4DB35-A633-4D6C-928A-FB016CF87A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*", matchCriteriaId: "4AA5759E-A7DC-48B0-8BEA-616D5615FE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*", matchCriteriaId: "8420D18C-D4D5-4FB6-A5B2-F4DD3286C99D", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*", matchCriteriaId: "160BE257-6A76-411E-8E5D-E5CA65C2B891", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*", matchCriteriaId: "AE182574-8650-4A4A-91F0-5D1497D1ADA7", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*", matchCriteriaId: "8465A93C-2761-4DE8-A0B8-BF54912EC132", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*", matchCriteriaId: "5487F402-49C4-4DB3-92CA-5B40E760AE42", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*", matchCriteriaId: "98ABCA8A-AFE4-48F0-842C-27C4D45EDAB3", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*", matchCriteriaId: "8DD4B602-A244-4410-BD90-57B4F7FE4668", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*", matchCriteriaId: "801EE163-E97C-4D5D-A4AB-F62DDFE2A593", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.60:*:*:*:*:*:*:*", matchCriteriaId: "F0C4E83F-83C6-4A48-BEAD-0F9EB737F94C", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.61:*:*:*:*:*:*:*", matchCriteriaId: "C261E066-B709-42AA-93C1-47044B499AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.70:*:*:*:*:*:*:*", matchCriteriaId: "B0C45D85-7F72-4D5B-8581-3E038864822E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.71:*:*:*:*:*:*:*", matchCriteriaId: "831C74DF-AEDE-4EFD-95F8-9141E57614C3", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.72:*:*:*:*:*:*:*", matchCriteriaId: "0EB76BC4-93D9-4581-B8D3-219C9EB4F942", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*", matchCriteriaId: "E4174F4F-149E-41A6-BBCC-D01114C05F38", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", matchCriteriaId: "E2076871-2E80-4605-A470-A41C1A8EC7EE", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*", matchCriteriaId: "706C6399-CAD1-46E3-87A2-8DFE2CF497ED", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\"", }, { lang: "es", value: "Desbordamiento de búfer basado en pila en utp.cpp en libutp, tal como se utiliza en la transmisión antes de v2.74 y posiblemente otros productos, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de \"paquetes de protocolo micro de transporte\" elaborados para este proposito.", }, ], evaluatorImpact: "Per http://www.ubuntu.com/usn/USN-1747-1/ \"A security issue affects these releases of Ubuntu and its derivatives:\r\n Ubuntu 12.10\r\n Ubuntu 12.04 LTS\r\n Ubuntu 11.10\"\r\n\r\nPer https://bugzilla.redhat.com/show_bug.cgi?id=909934 \"\r\nThis issue affects the version of the transmission package, as shipped with Fedora release of 16. Please schedule an update.\"", id: "CVE-2012-6129", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2013-04-03T00:55:01.283", references: [ { source: "secalert@redhat.com", url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html", }, { source: "secalert@redhat.com", url: "http://www.openwall.com/lists/oss-security/2013/02/13/1", }, { source: "secalert@redhat.com", url: "http://www.ubuntu.com/usn/USN-1747-1", }, { source: "secalert@redhat.com", url: "https://bugzilla.redhat.com/show_bug.cgi?id=909934", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Patch", ], url: "https://trac.transmissionbt.com/changeset/13646", }, { source: "secalert@redhat.com", url: "https://trac.transmissionbt.com/ticket/5002", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2013/02/13/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1747-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=909934", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Patch", ], url: "https://trac.transmissionbt.com/changeset/13646", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://trac.transmissionbt.com/ticket/5002", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2014-07-29 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*", matchCriteriaId: "F5D324C4-97C7-49D3-A809-9EAD4B690C69", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", matchCriteriaId: "7F61F047-129C-41A6-8A27-FFCBB8563E91", vulnerable: true, }, { criteria: "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", matchCriteriaId: "B5A6F2F3-4894-4392-8296-3B8DD2679084", vulnerable: true, }, { criteria: "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", matchCriteriaId: "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9", vulnerable: true, }, { criteria: "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", matchCriteriaId: "647BA336-5538-4972-9271-383A0EC9378E", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*", matchCriteriaId: "BA96D9A5-ECB7-451A-9EBC-B99149C0455E", versionEndIncluding: "2.83", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*", matchCriteriaId: "EAF93408-3A3D-4FD8-A857-C7A872964D8E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*", matchCriteriaId: "DE58C6BE-513E-458F-9A74-F037F287D415", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*", matchCriteriaId: "1B877F9A-C73B-4B81-9E5C-B92E7C080E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*", matchCriteriaId: "0F9AE0C3-5609-42C5-A08E-C299ECEE82E0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*", matchCriteriaId: "135D1D2D-4A9F-4EBB-9D50-92B25DC60879", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*", matchCriteriaId: "040D1568-6213-4A5C-99D5-AB4ECAF345A5", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "8240A86D-3B9A-4128-9645-331A18C16C4F", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*", matchCriteriaId: "48B583C2-48AD-4EC9-AA64-9FCBF7840AE2", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*", matchCriteriaId: "01489B59-895D-45AA-846E-521961E7C0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*", matchCriteriaId: "C4C8E851-6FE0-469B-BA93-B5E46CEA9DDB", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*", matchCriteriaId: "DD7165AE-5A4D-4FDD-95BF-5D2754778FE9", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*", matchCriteriaId: "FE9CFEEC-E2F4-456E-A7AE-94F822A0F333", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*", matchCriteriaId: "4DE49E40-8F91-4885-8F46-9E038E978563", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*", matchCriteriaId: "4A43CB7E-0126-46EA-BEB6-8C1AB1E5AC1C", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*", matchCriteriaId: "03E04D86-17AA-4777-AD8C-FF62477767EB", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*", matchCriteriaId: "9587577D-CEFD-4E92-A667-B40357FBFF04", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*", matchCriteriaId: "0EDD24F7-412D-4922-B803-23D53F95FBDA", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*", matchCriteriaId: "73E89FF5-FC50-4F90-8419-8D2F941FA42E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*", matchCriteriaId: "FA3795D4-AC23-4F9F-B6B4-5BD429BCAE05", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*", matchCriteriaId: "06444C9C-252E-4303-9BCA-B2C0332B04A6", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*", matchCriteriaId: "2BB85CAB-5987-4066-BB78-8B71A7E3510F", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*", matchCriteriaId: "630B75D1-9E59-4EBE-8D53-BE4893F62774", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*", matchCriteriaId: "D72BD649-9E99-425D-BC95-C54FB15AEFF0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*", matchCriteriaId: "105E1FA8-08AE-477E-B7F2-68BCDE6EEA42", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F076D056-0292-40F7-A50C-8B13922A3C47", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*", matchCriteriaId: "B6F3AEA3-C68A-4A76-8BFC-52CAF4C91106", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*", matchCriteriaId: "A2928593-E0E1-429E-A67F-B5A61E8E5199", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*", matchCriteriaId: "8D2CFA06-5B3B-40BC-8D2F-450408A0E616", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*", matchCriteriaId: "6C46E575-274E-43F9-B815-BC1F3C29552A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*", matchCriteriaId: "62611674-01EB-4AB3-90E5-CF22935E3DF4", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*", matchCriteriaId: "2E151076-5286-4FBF-B53C-28F5D9D41566", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*", matchCriteriaId: "8A583FF8-E8A5-48AB-AE2F-D7F64BE9F9A2", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*", matchCriteriaId: "B90969C1-C1A4-4C3B-9313-56E1985DCD2A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*", matchCriteriaId: "C7BC6E21-3766-4D78-9F44-5EFDCD5F38D8", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*", matchCriteriaId: "70E61E47-D922-4219-A220-153EA38E7A8B", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*", matchCriteriaId: "D13E7B38-B905-4048-A75B-1AA3A28A49F9", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*", matchCriteriaId: "421BD25F-E03F-41DA-8E81-444DE5C5622A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*", matchCriteriaId: "7E6A7241-50D3-4E5E-8FEA-6BF600E5E4B9", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*", matchCriteriaId: "98DC0548-67E2-474C-AF06-9101DF378484", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*", matchCriteriaId: "B4B2A9F0-BE57-4846-BD7C-C2A39FF7E5A1", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*", matchCriteriaId: "CCD404C1-CDD6-4118-8FCE-905C401FD3F0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*", matchCriteriaId: "C570DD0B-CB0D-4451-AC24-47853DCE4E44", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*", matchCriteriaId: "8976E88E-6F6C-4E77-87A4-8F1AAA854C7A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*", matchCriteriaId: "C53FAA2E-0DA8-4E61-A27F-B3A163664848", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*", matchCriteriaId: "D07949FB-2E87-4B8A-B7E2-60444ED696B4", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*", matchCriteriaId: "0EE2FA6F-B00F-487E-ADAA-B1D143EC0E32", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*", matchCriteriaId: "91A94B6D-5A85-413D-AE62-BF3AA92DF907", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*", matchCriteriaId: "2CCE11DA-4DA7-4514-B36B-31CA63152C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*", matchCriteriaId: "7E760518-A52C-4A3F-83FB-ACCA48B7923F", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*", matchCriteriaId: "1A781F17-EF6E-45F5-9839-36C026CF9CD2", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*", matchCriteriaId: "02A55EC6-EECB-4804-9F67-02F21A7BFB51", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*", matchCriteriaId: "F55CA862-6178-4FEC-A122-6A62885D29EB", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*", matchCriteriaId: "44F8B086-2248-415B-8021-C9C94A4E2FBC", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*", matchCriteriaId: "7D9C12FB-48A9-441A-9FA1-CBAB73F2F58D", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*", matchCriteriaId: "C8B75889-EBAC-445A-A533-BA3C1364221E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*", matchCriteriaId: "D208640B-D2E6-46A3-BBC7-9C0762936539", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*", matchCriteriaId: "216E8246-8E7B-4EAB-9452-E56AAE16765A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*", matchCriteriaId: "DC4F3F54-2AE0-46B3-97E4-39696C1AE6C1", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*", matchCriteriaId: "0DA16CCA-ABED-402E-9EE1-454B8E120892", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*", matchCriteriaId: "8FA75982-D35A-42FA-A2E9-928AD9FE9CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*", matchCriteriaId: "5EFB745A-88F7-4A47-9A44-8711E3606E08", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*", matchCriteriaId: "AFAC0FAB-F158-4E2F-B7AC-FFE63BA565D7", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*", matchCriteriaId: "5BF4D6A2-DBC1-49EE-9638-A3A22511CB5D", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*", matchCriteriaId: "41DB6C12-279A-4B0A-BE64-144AD038524A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*", matchCriteriaId: "4BDDD4AD-C0C8-4FDA-97E7-F1395340AFBC", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*", matchCriteriaId: "22C27354-98E7-47D2-95CB-FF59963F24EC", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*", matchCriteriaId: "8E94CFB0-5945-4A0A-A40B-BB8ABDC6911A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*", matchCriteriaId: "5F21460D-70BE-4F66-BEA7-C6700310F8A0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*", matchCriteriaId: "C44CFB78-950B-4354-BF51-B4DE70723F8A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*", matchCriteriaId: "812C82F6-EB76-43D0-8EA6-E917FE544139", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*", matchCriteriaId: "943A3E15-3069-4B55-90F9-A36EB82E1FBA", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*", matchCriteriaId: "090E313A-9FD2-4D07-9D41-FE9450E12110", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*", matchCriteriaId: "71E3FEC6-9C1D-4975-9B29-1510587416D0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*", matchCriteriaId: "952EBA2A-DCEC-41F0-A5D6-4EDC18DCBFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*", matchCriteriaId: "6A6D8E86-B710-4C18-BCAD-81A6CAEC5DBB", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*", matchCriteriaId: "C52C0634-FBC2-47CF-B1FA-E3E873D8AB84", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*", matchCriteriaId: "86B4DB35-A633-4D6C-928A-FB016CF87A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*", matchCriteriaId: "4AA5759E-A7DC-48B0-8BEA-616D5615FE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*", matchCriteriaId: "8420D18C-D4D5-4FB6-A5B2-F4DD3286C99D", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*", matchCriteriaId: "160BE257-6A76-411E-8E5D-E5CA65C2B891", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*", matchCriteriaId: "AE182574-8650-4A4A-91F0-5D1497D1ADA7", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*", matchCriteriaId: "8465A93C-2761-4DE8-A0B8-BF54912EC132", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*", matchCriteriaId: "5487F402-49C4-4DB3-92CA-5B40E760AE42", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*", matchCriteriaId: "98ABCA8A-AFE4-48F0-842C-27C4D45EDAB3", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*", matchCriteriaId: "8DD4B602-A244-4410-BD90-57B4F7FE4668", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*", matchCriteriaId: "801EE163-E97C-4D5D-A4AB-F62DDFE2A593", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.60:*:*:*:*:*:*:*", matchCriteriaId: "F0C4E83F-83C6-4A48-BEAD-0F9EB737F94C", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.61:*:*:*:*:*:*:*", matchCriteriaId: "C261E066-B709-42AA-93C1-47044B499AA6", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.70:*:*:*:*:*:*:*", matchCriteriaId: "B0C45D85-7F72-4D5B-8581-3E038864822E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.71:*:*:*:*:*:*:*", matchCriteriaId: "831C74DF-AEDE-4EFD-95F8-9141E57614C3", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.72:*:*:*:*:*:*:*", matchCriteriaId: "0EB76BC4-93D9-4581-B8D3-219C9EB4F942", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.73:*:*:*:*:*:*:*", matchCriteriaId: "A0BD93C6-8843-4E4D-9422-2D5DEA7FA6D9", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.74:*:*:*:*:*:*:*", matchCriteriaId: "B24A7721-761E-426D-AE73-DFADAF05F97E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.75:*:*:*:*:*:*:*", matchCriteriaId: "BFF3E6EC-9B6C-4807-98FD-44F90B86050D", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.76:*:*:*:*:*:*:*", matchCriteriaId: "4A926CB5-3725-4A54-9514-6BD23AF7B92B", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.77:*:*:*:*:*:*:*", matchCriteriaId: "C211F634-B961-4FC9-A872-2E105C4711D1", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.80:*:*:*:*:*:*:*", matchCriteriaId: "C2D2E218-A1BE-4A58-B058-55C71A0A69D9", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.81:*:*:*:*:*:*:*", matchCriteriaId: "B16BB981-16DE-4B15-9585-6C67E7CF0158", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.82:*:*:*:*:*:*:*", matchCriteriaId: "6155BB7F-8D08-4B18-BC0D-F3E438EBF6E9", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.", }, { lang: "es", value: "Desbordamiento de enteros en la función tr_bitfieldEnsureNthBitAlloced en bitfield.c en Transmission anterior a 2.84 permite a atacantes remotos causar una denegación de servicios y posiblemente ejecutar código arbitrario a través de un mensaje de par manipulado, lo que provoca una escritura fuera de rango.", }, ], id: "CVE-2014-4909", lastModified: "2025-04-12T10:46:40.837", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2014-07-29T14:55:07.703", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://inertiawar.com/submission.go", }, { source: "cve@mitre.org", url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html", }, { source: "cve@mitre.org", url: "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/59897", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/60108", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/60527", }, { source: "cve@mitre.org", url: "http://www.debian.org/security/2014/dsa-2988", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2014/07/10/4", }, { source: "cve@mitre.org", url: "http://www.openwall.com/lists/oss-security/2014/07/11/5", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/108997", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/68487", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-2279-1", }, { source: "cve@mitre.org", url: "https://bugs.gentoo.org/show_bug.cgi?id=516822", }, { source: "cve@mitre.org", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1118290", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "https://trac.transmissionbt.com/wiki/Changes#version-2.84", }, { source: "cve@mitre.org", url: "https://twitter.com/benhawkes/statuses/484378151959539712", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://inertiawar.com/submission.go", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/59897", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/60108", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/60527", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2014/dsa-2988", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2014/07/10/4", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.openwall.com/lists/oss-security/2014/07/11/5", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/108997", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/68487", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-2279-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.gentoo.org/show_bug.cgi?id=516822", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1118290", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://trac.transmissionbt.com/wiki/Changes#version-2.84", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://twitter.com/benhawkes/statuses/484378151959539712", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-30 23:15
Modified
2024-11-21 01:12
Severity ?
Summary
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | * | |
| linux | linux_kernel | - | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*", matchCriteriaId: "A15489B4-BA11-4BC8-8F75-D1D91B200BFC", versionEndExcluding: "1.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.", }, { lang: "es", value: "Transmission versiones anteriores a 1.92, permite a un atacante causar una denegación de servicio (bloqueo) o posiblemente tener otro impacto no especificado por medio de una gran cantidad de argumentos tr en un enlace magnético.", }, ], id: "CVE-2010-0748", lastModified: "2024-11-21T01:12:52.810", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-30T23:15:10.000", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2010-0748", }, { source: "secalert@redhat.com", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://trac.transmissionbt.com/ticket/2965", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2010/04/01/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2010-0748", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Vendor Advisory", ], url: "https://trac.transmissionbt.com/ticket/2965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2010/04/01/9", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-20", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2012-08-15 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*", matchCriteriaId: "66CC6C74-97E1-4EB1-9DA7-19995386BC9A", versionEndIncluding: "2.60", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*", matchCriteriaId: "EAF93408-3A3D-4FD8-A857-C7A872964D8E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*", matchCriteriaId: "DE58C6BE-513E-458F-9A74-F037F287D415", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*", matchCriteriaId: "1B877F9A-C73B-4B81-9E5C-B92E7C080E7E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*", matchCriteriaId: "0F9AE0C3-5609-42C5-A08E-C299ECEE82E0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*", matchCriteriaId: "135D1D2D-4A9F-4EBB-9D50-92B25DC60879", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*", matchCriteriaId: "040D1568-6213-4A5C-99D5-AB4ECAF345A5", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*", matchCriteriaId: "8240A86D-3B9A-4128-9645-331A18C16C4F", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*", matchCriteriaId: "48B583C2-48AD-4EC9-AA64-9FCBF7840AE2", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*", matchCriteriaId: "01489B59-895D-45AA-846E-521961E7C0DE", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*", matchCriteriaId: "C4C8E851-6FE0-469B-BA93-B5E46CEA9DDB", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*", matchCriteriaId: "DD7165AE-5A4D-4FDD-95BF-5D2754778FE9", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*", matchCriteriaId: "FE9CFEEC-E2F4-456E-A7AE-94F822A0F333", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*", matchCriteriaId: "4DE49E40-8F91-4885-8F46-9E038E978563", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*", matchCriteriaId: "4A43CB7E-0126-46EA-BEB6-8C1AB1E5AC1C", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*", matchCriteriaId: "03E04D86-17AA-4777-AD8C-FF62477767EB", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*", matchCriteriaId: "9587577D-CEFD-4E92-A667-B40357FBFF04", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*", matchCriteriaId: "0EDD24F7-412D-4922-B803-23D53F95FBDA", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*", matchCriteriaId: "73E89FF5-FC50-4F90-8419-8D2F941FA42E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*", matchCriteriaId: "FA3795D4-AC23-4F9F-B6B4-5BD429BCAE05", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*", matchCriteriaId: "06444C9C-252E-4303-9BCA-B2C0332B04A6", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*", matchCriteriaId: "2BB85CAB-5987-4066-BB78-8B71A7E3510F", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*", matchCriteriaId: "630B75D1-9E59-4EBE-8D53-BE4893F62774", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*", matchCriteriaId: "D72BD649-9E99-425D-BC95-C54FB15AEFF0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*", matchCriteriaId: "105E1FA8-08AE-477E-B7F2-68BCDE6EEA42", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*", matchCriteriaId: "F076D056-0292-40F7-A50C-8B13922A3C47", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*", matchCriteriaId: "B6F3AEA3-C68A-4A76-8BFC-52CAF4C91106", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*", matchCriteriaId: "A2928593-E0E1-429E-A67F-B5A61E8E5199", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*", matchCriteriaId: "8D2CFA06-5B3B-40BC-8D2F-450408A0E616", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*", matchCriteriaId: "6C46E575-274E-43F9-B815-BC1F3C29552A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*", matchCriteriaId: "62611674-01EB-4AB3-90E5-CF22935E3DF4", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*", matchCriteriaId: "2E151076-5286-4FBF-B53C-28F5D9D41566", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*", matchCriteriaId: "8A583FF8-E8A5-48AB-AE2F-D7F64BE9F9A2", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*", matchCriteriaId: "B90969C1-C1A4-4C3B-9313-56E1985DCD2A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*", matchCriteriaId: "C7BC6E21-3766-4D78-9F44-5EFDCD5F38D8", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*", matchCriteriaId: "70E61E47-D922-4219-A220-153EA38E7A8B", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*", matchCriteriaId: "D13E7B38-B905-4048-A75B-1AA3A28A49F9", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*", matchCriteriaId: "421BD25F-E03F-41DA-8E81-444DE5C5622A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*", matchCriteriaId: "7E6A7241-50D3-4E5E-8FEA-6BF600E5E4B9", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*", matchCriteriaId: "98DC0548-67E2-474C-AF06-9101DF378484", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*", matchCriteriaId: "B4B2A9F0-BE57-4846-BD7C-C2A39FF7E5A1", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*", matchCriteriaId: "CCD404C1-CDD6-4118-8FCE-905C401FD3F0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*", matchCriteriaId: "C570DD0B-CB0D-4451-AC24-47853DCE4E44", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*", matchCriteriaId: "8976E88E-6F6C-4E77-87A4-8F1AAA854C7A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*", matchCriteriaId: "C53FAA2E-0DA8-4E61-A27F-B3A163664848", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*", matchCriteriaId: "D07949FB-2E87-4B8A-B7E2-60444ED696B4", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*", matchCriteriaId: "0EE2FA6F-B00F-487E-ADAA-B1D143EC0E32", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*", matchCriteriaId: "91A94B6D-5A85-413D-AE62-BF3AA92DF907", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*", matchCriteriaId: "2CCE11DA-4DA7-4514-B36B-31CA63152C9C", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*", matchCriteriaId: "7E760518-A52C-4A3F-83FB-ACCA48B7923F", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*", matchCriteriaId: "1A781F17-EF6E-45F5-9839-36C026CF9CD2", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*", matchCriteriaId: "02A55EC6-EECB-4804-9F67-02F21A7BFB51", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*", matchCriteriaId: "F55CA862-6178-4FEC-A122-6A62885D29EB", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*", matchCriteriaId: "44F8B086-2248-415B-8021-C9C94A4E2FBC", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*", matchCriteriaId: "7D9C12FB-48A9-441A-9FA1-CBAB73F2F58D", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*", matchCriteriaId: "C8B75889-EBAC-445A-A533-BA3C1364221E", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*", matchCriteriaId: "D208640B-D2E6-46A3-BBC7-9C0762936539", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*", matchCriteriaId: "216E8246-8E7B-4EAB-9452-E56AAE16765A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*", matchCriteriaId: "DC4F3F54-2AE0-46B3-97E4-39696C1AE6C1", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*", matchCriteriaId: "0DA16CCA-ABED-402E-9EE1-454B8E120892", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*", matchCriteriaId: "8FA75982-D35A-42FA-A2E9-928AD9FE9CB7", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*", matchCriteriaId: "5EFB745A-88F7-4A47-9A44-8711E3606E08", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*", matchCriteriaId: "AFAC0FAB-F158-4E2F-B7AC-FFE63BA565D7", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*", matchCriteriaId: "5BF4D6A2-DBC1-49EE-9638-A3A22511CB5D", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*", matchCriteriaId: "41DB6C12-279A-4B0A-BE64-144AD038524A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*", matchCriteriaId: "4BDDD4AD-C0C8-4FDA-97E7-F1395340AFBC", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*", matchCriteriaId: "22C27354-98E7-47D2-95CB-FF59963F24EC", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*", matchCriteriaId: "8E94CFB0-5945-4A0A-A40B-BB8ABDC6911A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*", matchCriteriaId: "5F21460D-70BE-4F66-BEA7-C6700310F8A0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*", matchCriteriaId: "C44CFB78-950B-4354-BF51-B4DE70723F8A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*", matchCriteriaId: "812C82F6-EB76-43D0-8EA6-E917FE544139", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*", matchCriteriaId: "943A3E15-3069-4B55-90F9-A36EB82E1FBA", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*", matchCriteriaId: "090E313A-9FD2-4D07-9D41-FE9450E12110", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*", matchCriteriaId: "71E3FEC6-9C1D-4975-9B29-1510587416D0", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*", matchCriteriaId: "952EBA2A-DCEC-41F0-A5D6-4EDC18DCBFDD", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*", matchCriteriaId: "6A6D8E86-B710-4C18-BCAD-81A6CAEC5DBB", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*", matchCriteriaId: "C52C0634-FBC2-47CF-B1FA-E3E873D8AB84", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*", matchCriteriaId: "86B4DB35-A633-4D6C-928A-FB016CF87A9B", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*", matchCriteriaId: "4AA5759E-A7DC-48B0-8BEA-616D5615FE5A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*", matchCriteriaId: "8420D18C-D4D5-4FB6-A5B2-F4DD3286C99D", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*", matchCriteriaId: "160BE257-6A76-411E-8E5D-E5CA65C2B891", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*", matchCriteriaId: "AE182574-8650-4A4A-91F0-5D1497D1ADA7", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*", matchCriteriaId: "8465A93C-2761-4DE8-A0B8-BF54912EC132", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*", matchCriteriaId: "5487F402-49C4-4DB3-92CA-5B40E760AE42", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*", matchCriteriaId: "98ABCA8A-AFE4-48F0-842C-27C4D45EDAB3", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*", matchCriteriaId: "8DD4B602-A244-4410-BD90-57B4F7FE4668", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*", matchCriteriaId: "801EE163-E97C-4D5D-A4AB-F62DDFE2A593", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.", }, { lang: "es", value: "Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados (XSS) en el cliente web en (Transmission) anterior a v2.61 permite a atacantes remotos inyectar código web o HTML arbitrario a través de (1) un comentario, (2) el campo (created by), o (3) el campo de nombre en un fichero (torrent).", }, ], id: "CVE-2012-4037", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "HIGH", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.6, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:H/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 4.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2012-08-15T20:55:03.930", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50027", }, { source: "cve@mitre.org", url: "http://secunia.com/advisories/50769", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.madirish.net/541", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/bid/54705", }, { source: "cve@mitre.org", url: "http://www.ubuntu.com/usn/USN-1584-1", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "https://trac.transmissionbt.com/ticket/4979", }, { source: "cve@mitre.org", url: "https://trac.transmissionbt.com/wiki/Changes#version-2.61", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/50027", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/50769", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.madirish.net/541", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/54705", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.ubuntu.com/usn/USN-1584-1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "https://trac.transmissionbt.com/ticket/4979", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://trac.transmissionbt.com/wiki/Changes#version-2.61", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2009-05-22 11:52
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | 1.50 | |
| transmissionbt | transmission | 1.51 | |
| transmissionbt | transmission | 1.52 | |
| transmissionbt | transmission | 1.60 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*", matchCriteriaId: "C570DD0B-CB0D-4451-AC24-47853DCE4E44", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*", matchCriteriaId: "8976E88E-6F6C-4E77-87A4-8F1AAA854C7A", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*", matchCriteriaId: "C53FAA2E-0DA8-4E61-A27F-B3A163664848", vulnerable: true, }, { criteria: "cpe:2.3:a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*", matchCriteriaId: "91A94B6D-5A85-413D-AE62-BF3AA92DF907", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.", }, { lang: "es", value: "Vulnerabilidad de falsificación de petición en sitios cruzados (CSRF) en Transmission v1.5 anterior a v1.53 y v1.6 anterior a v1.61, permite a los atacantes remotos secuestrar la autenticación de víctimas no especificadas a través de vectores desconocidos.", }, ], id: "CVE-2009-1757", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2009-05-22T11:52:40.593", references: [ { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2009/05/21/1", }, { source: "cve@mitre.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.transmissionbt.com/index.php", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.openwall.com/lists/oss-security/2009/05/21/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.transmissionbt.com/index.php", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-10-30 23:15
Modified
2024-11-21 01:12
Severity ?
Summary
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | * | |
| linux | linux_kernel | - | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:transmissionbt:transmission:*:*:*:*:*:*:*:*", matchCriteriaId: "A15489B4-BA11-4BC8-8F75-D1D91B200BFC", versionEndExcluding: "1.92", vulnerable: true, }, ], negate: false, operator: "OR", }, { cpeMatch: [ { criteria: "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", matchCriteriaId: "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", vulnerable: false, }, ], negate: false, operator: "OR", }, ], operator: "AND", }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", matchCriteriaId: "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", matchCriteriaId: "DEECE5FC-CACF-4496-A3E7-164736409252", vulnerable: true, }, { criteria: "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", matchCriteriaId: "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.", }, { lang: "es", value: "Transmission versiones anteriores a 1.92, permite a atacantes impedir la descarga de un archivo mediante datos corruptos durante el final del juego.", }, ], id: "CVE-2010-0749", lastModified: "2024-11-21T01:12:52.923", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 1.4, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-30T23:15:10.080", references: [ { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749", }, { source: "secalert@redhat.com", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314", }, { source: "secalert@redhat.com", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2010-0749", }, { source: "secalert@redhat.com", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://trac.transmissionbt.com/ticket/1242", }, { source: "secalert@redhat.com", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2010/04/01/9", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Patch", "Third Party Advisory", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", "Third Party Advisory", ], url: "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://security-tracker.debian.org/tracker/CVE-2010-0749", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Issue Tracking", "Vendor Advisory", ], url: "https://trac.transmissionbt.com/ticket/1242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Mailing List", "Patch", "Third Party Advisory", ], url: "https://www.openwall.com/lists/oss-security/2010/04/01/9", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2010-05-07 20:30
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| transmissionbt | transmission | 1.91 |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*", matchCriteriaId: "AFAC0FAB-F158-4E2F-B7AC-FFE63BA565D7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.", }, { lang: "es", value: "Múltiples desbordamientos de búfer basado en pila en la función tr_magnetParse en libtransmission/magnet.c en Transmission v1.91, permite a atacantes remotos provocar una denegación de servicio (caída) o posiblemente ejecución de código a través de una URL manipulada con un número de enlaces (1) tr o (2) ws muy grande.", }, ], id: "CVE-2010-1853", lastModified: "2025-04-11T00:51:21.963", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 6.8, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:M/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 8.6, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: true, }, ], }, published: "2010-05-07T20:30:01.093", references: [ { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/39031", }, { source: "cve@mitre.org", url: "http://trac.transmissionbt.com/changeset/10279", }, { source: "cve@mitre.org", url: "http://trac.transmissionbt.com/ticket/2965", }, { source: "cve@mitre.org", url: "http://trac.transmissionbt.com/wiki/Changes", }, { source: "cve@mitre.org", url: "http://www.osvdb.org/63066", }, { source: "cve@mitre.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/38814", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/0655", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/39031", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://trac.transmissionbt.com/changeset/10279", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://trac.transmissionbt.com/ticket/2965", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://trac.transmissionbt.com/wiki/Changes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/63066", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/38814", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2010/0655", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2018-10756
Vulnerability from cvelistv5
Published
2020-05-15 15:56
Modified
2024-08-05 07:46
Severity ?
EPSS score ?
Summary
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e | x_refsource_MISC | |
| https://tomrichards.net/2020/05/cve-2018-10756-transmission/ | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/202007-07 | vendor-advisory, x_refsource_GENTOO | |
| https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T07:46:46.883Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://tomrichards.net/2020/05/cve-2018-10756-transmission/", }, { name: "FEDORA-2020-e67318b4b4", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/", }, { name: "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html", }, { name: "FEDORA-2020-3ef028d53f", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/", }, { name: "GLSA-202007-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/202007-07", }, { name: "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-08-01T19:06:07", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e", }, { tags: [ "x_refsource_MISC", ], url: "https://tomrichards.net/2020/05/cve-2018-10756-transmission/", }, { name: "FEDORA-2020-e67318b4b4", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/", }, { name: "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html", }, { name: "FEDORA-2020-3ef028d53f", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/", }, { name: "GLSA-202007-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/202007-07", }, { name: "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-10756", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e", refsource: "MISC", url: "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e", }, { name: "https://tomrichards.net/2020/05/cve-2018-10756-transmission/", refsource: "MISC", url: "https://tomrichards.net/2020/05/cve-2018-10756-transmission/", }, { name: "FEDORA-2020-e67318b4b4", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/", }, { name: "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html", }, { name: "FEDORA-2020-3ef028d53f", refsource: "FEDORA", url: "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/", }, { name: "GLSA-202007-07", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/202007-07", }, { name: "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-10756", datePublished: "2020-05-15T15:56:21", dateReserved: "2018-05-05T00:00:00", dateUpdated: "2024-08-05T07:46:46.883Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-1853
Vulnerability from cvelistv5
Published
2010-05-07 20:00
Modified
2024-09-16 19:57
Severity ?
EPSS score ?
Summary
Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/38814 | vdb-entry, x_refsource_BID | |
| http://www.osvdb.org/63066 | vdb-entry, x_refsource_OSVDB | |
| http://trac.transmissionbt.com/wiki/Changes | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2010/0655 | vdb-entry, x_refsource_VUPEN | |
| http://trac.transmissionbt.com/ticket/2965 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/39031 | third-party-advisory, x_refsource_SECUNIA | |
| http://trac.transmissionbt.com/changeset/10279 | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T01:35:53.743Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "38814", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/38814", }, { name: "63066", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/63066", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://trac.transmissionbt.com/wiki/Changes", }, { name: "ADV-2010-0655", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/0655", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://trac.transmissionbt.com/ticket/2965", }, { name: "39031", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/39031", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://trac.transmissionbt.com/changeset/10279", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2010-05-07T20:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "38814", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/38814", }, { name: "63066", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/63066", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://trac.transmissionbt.com/wiki/Changes", }, { name: "ADV-2010-0655", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/0655", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://trac.transmissionbt.com/ticket/2965", }, { name: "39031", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/39031", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://trac.transmissionbt.com/changeset/10279", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2010-1853", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "38814", refsource: "BID", url: "http://www.securityfocus.com/bid/38814", }, { name: "63066", refsource: "OSVDB", url: "http://www.osvdb.org/63066", }, { name: "http://trac.transmissionbt.com/wiki/Changes", refsource: "CONFIRM", url: "http://trac.transmissionbt.com/wiki/Changes", }, { name: "ADV-2010-0655", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/0655", }, { name: "http://trac.transmissionbt.com/ticket/2965", refsource: "CONFIRM", url: "http://trac.transmissionbt.com/ticket/2965", }, { name: "39031", refsource: "SECUNIA", url: "http://secunia.com/advisories/39031", }, { name: "http://trac.transmissionbt.com/changeset/10279", refsource: "CONFIRM", url: "http://trac.transmissionbt.com/changeset/10279", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2010-1853", datePublished: "2010-05-07T20:00:00Z", dateReserved: "2010-05-07T00:00:00Z", dateUpdated: "2024-09-16T19:57:07.176Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2014-4909
Vulnerability from cvelistv5
Published
2014-07-29 14:00
Modified
2024-08-06 11:27
Severity ?
EPSS score ?
Summary
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T11:27:36.988Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "FEDORA-2014-8331", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://trac.transmissionbt.com/wiki/Changes#version-2.84", }, { name: "[oss-security] 20140710 CVE request: transmission peer communication vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/07/10/4", }, { name: "68487", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/68487", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=516822", }, { name: "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2014/07/11/5", }, { name: "60108", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60108", }, { name: "60527", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/60527", }, { name: "59897", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/59897", }, { name: "DSA-2988", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2014/dsa-2988", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://inertiawar.com/submission.go", }, { name: "USN-2279-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-2279-1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1118290", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://twitter.com/benhawkes/statuses/484378151959539712", }, { name: "openSUSE-SU-2014:0980", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html", }, { name: "108997", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/108997", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2014-07-01T00:00:00", descriptions: [ { lang: "en", value: "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2014-11-05T22:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "FEDORA-2014-8331", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://trac.transmissionbt.com/wiki/Changes#version-2.84", }, { name: "[oss-security] 20140710 CVE request: transmission peer communication vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2014/07/10/4", }, { name: "68487", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/68487", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=516822", }, { name: "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2014/07/11/5", }, { name: "60108", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60108", }, { name: "60527", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/60527", }, { name: "59897", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/59897", }, { name: "DSA-2988", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2014/dsa-2988", }, { tags: [ "x_refsource_MISC", ], url: "http://inertiawar.com/submission.go", }, { name: "USN-2279-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-2279-1", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=1118290", }, { tags: [ "x_refsource_MISC", ], url: "https://twitter.com/benhawkes/statuses/484378151959539712", }, { name: "openSUSE-SU-2014:0980", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html", }, { name: "108997", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/108997", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2014-4909", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "FEDORA-2014-8331", refsource: "FEDORA", url: "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html", }, { name: "https://trac.transmissionbt.com/wiki/Changes#version-2.84", refsource: "CONFIRM", url: "https://trac.transmissionbt.com/wiki/Changes#version-2.84", }, { name: "[oss-security] 20140710 CVE request: transmission peer communication vulnerability", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2014/07/10/4", }, { name: "68487", refsource: "BID", url: "http://www.securityfocus.com/bid/68487", }, { name: "https://bugs.gentoo.org/show_bug.cgi?id=516822", refsource: "CONFIRM", url: "https://bugs.gentoo.org/show_bug.cgi?id=516822", }, { name: "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2014/07/11/5", }, { name: "60108", refsource: "SECUNIA", url: "http://secunia.com/advisories/60108", }, { name: "60527", refsource: "SECUNIA", url: "http://secunia.com/advisories/60527", }, { name: "59897", refsource: "SECUNIA", url: "http://secunia.com/advisories/59897", }, { name: "DSA-2988", refsource: "DEBIAN", url: "http://www.debian.org/security/2014/dsa-2988", }, { name: "http://inertiawar.com/submission.go", refsource: "MISC", url: "http://inertiawar.com/submission.go", }, { name: "USN-2279-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-2279-1", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=1118290", refsource: "CONFIRM", url: "https://bugzilla.redhat.com/show_bug.cgi?id=1118290", }, { name: "https://twitter.com/benhawkes/statuses/484378151959539712", refsource: "MISC", url: "https://twitter.com/benhawkes/statuses/484378151959539712", }, { name: "openSUSE-SU-2014:0980", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html", }, { name: "108997", refsource: "OSVDB", url: "http://www.osvdb.org/108997", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2014-4909", datePublished: "2014-07-29T14:00:00", dateReserved: "2014-07-11T00:00:00", dateUpdated: "2024-08-06T11:27:36.988Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-4037
Vulnerability from cvelistv5
Published
2012-08-15 20:00
Modified
2024-08-06 20:21
Severity ?
EPSS score ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.madirish.net/541 | x_refsource_MISC | |
| http://secunia.com/advisories/50769 | third-party-advisory, x_refsource_SECUNIA | |
| http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/54705 | vdb-entry, x_refsource_BID | |
| https://trac.transmissionbt.com/wiki/Changes#version-2.61 | x_refsource_CONFIRM | |
| https://trac.transmissionbt.com/ticket/4979 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/50027 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.ubuntu.com/usn/USN-1584-1 | vendor-advisory, x_refsource_UBUNTU |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T20:21:04.201Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.madirish.net/541", }, { name: "50769", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50769", }, { name: "20120726 Transmission BitTorrent XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", "x_transferred", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html", }, { name: "54705", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/54705", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://trac.transmissionbt.com/wiki/Changes#version-2.61", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://trac.transmissionbt.com/ticket/4979", }, { name: "50027", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/50027", }, { name: "USN-1584-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1584-1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2012-07-26T00:00:00", descriptions: [ { lang: "en", value: "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2012-10-30T09:00:00", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.madirish.net/541", }, { name: "50769", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50769", }, { name: "20120726 Transmission BitTorrent XSS Vulnerability", tags: [ "mailing-list", "x_refsource_FULLDISC", ], url: "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html", }, { name: "54705", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/54705", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://trac.transmissionbt.com/wiki/Changes#version-2.61", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://trac.transmissionbt.com/ticket/4979", }, { name: "50027", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/50027", }, { name: "USN-1584-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1584-1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2012-4037", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.madirish.net/541", refsource: "MISC", url: "http://www.madirish.net/541", }, { name: "50769", refsource: "SECUNIA", url: "http://secunia.com/advisories/50769", }, { name: "20120726 Transmission BitTorrent XSS Vulnerability", refsource: "FULLDISC", url: "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html", }, { name: "54705", refsource: "BID", url: "http://www.securityfocus.com/bid/54705", }, { name: "https://trac.transmissionbt.com/wiki/Changes#version-2.61", refsource: "CONFIRM", url: "https://trac.transmissionbt.com/wiki/Changes#version-2.61", }, { name: "https://trac.transmissionbt.com/ticket/4979", refsource: "CONFIRM", url: "https://trac.transmissionbt.com/ticket/4979", }, { name: "50027", refsource: "SECUNIA", url: "http://secunia.com/advisories/50027", }, { name: "USN-1584-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1584-1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2012-4037", datePublished: "2012-08-15T20:00:00", dateReserved: "2012-07-20T00:00:00", dateUpdated: "2024-08-06T20:21:04.201Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-0749
Vulnerability from cvelistv5
Published
2019-10-30 22:45
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-0749 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749 | x_refsource_MISC | |
| https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314 | x_refsource_CONFIRM | |
| https://www.openwall.com/lists/oss-security/2010/04/01/9 | mailing-list, x_refsource_MLIST | |
| https://trac.transmissionbt.com/ticket/1242 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| transmission | transmission |
Version: before 1.92 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:59:38.814Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2010-0749", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314", }, { name: "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2010/04/01/9", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://trac.transmissionbt.com/ticket/1242", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "transmission", vendor: "transmission", versions: [ { status: "affected", version: "before 1.92", }, ], }, ], datePublic: "2008-08-30T00:00:00", descriptions: [ { lang: "en", value: "Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service - Malformed Input", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-30T22:45:13", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-tracker.debian.org/tracker/CVE-2010-0749", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314", }, { name: "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.openwall.com/lists/oss-security/2010/04/01/9", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://trac.transmissionbt.com/ticket/1242", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-0749", datePublished: "2019-10-30T22:45:13", dateReserved: "2010-02-26T00:00:00", dateUpdated: "2024-08-07T00:59:38.814Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-0748
Vulnerability from cvelistv5
Published
2019-10-30 22:34
Modified
2024-08-07 00:59
Severity ?
EPSS score ?
Summary
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
References
| ▼ | URL | Tags |
|---|---|---|
| https://security-tracker.debian.org/tracker/CVE-2010-0748 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748 | x_refsource_MISC | |
| https://trac.transmissionbt.com/ticket/2965 | x_refsource_CONFIRM | |
| https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314 | x_refsource_CONFIRM | |
| https://www.openwall.com/lists/oss-security/2010/04/01/9 | mailing-list, x_refsource_MLIST |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| transmission | transmission |
Version: before 1.92 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:59:38.897Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://security-tracker.debian.org/tracker/CVE-2010-0748", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://trac.transmissionbt.com/ticket/2965", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314", }, { name: "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://www.openwall.com/lists/oss-security/2010/04/01/9", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "transmission", vendor: "transmission", versions: [ { status: "affected", version: "before 1.92", }, ], }, ], datePublic: "2010-02-24T00:00:00", descriptions: [ { lang: "en", value: "Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.", }, ], problemTypes: [ { descriptions: [ { description: "Buffer Overflow", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-30T22:38:21", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://security-tracker.debian.org/tracker/CVE-2010-0748", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://trac.transmissionbt.com/ticket/2965", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314", }, { name: "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://www.openwall.com/lists/oss-security/2010/04/01/9", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-0748", datePublished: "2019-10-30T22:34:40", dateReserved: "2010-02-26T00:00:00", dateUpdated: "2024-08-07T00:59:38.897Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2010-0012
Vulnerability from cvelistv5
Published
2010-01-08 17:00
Modified
2024-08-07 00:37
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T00:37:52.483Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://trac.transmissionbt.com/wiki/Changes#version-1.77", }, { name: "[oss-security] 20100106 Re: CVE Request: Transmission", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/01/06/4", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://launchpad.net/bugs/500625", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://trac.transmissionbt.com/changeset/9829/", }, { name: "38005", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/38005", }, { name: "ADV-2010-0071", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2010/0071", }, { name: "DSA-1967", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2010/dsa-1967", }, { name: "transmission-name-directory-traversal(55454)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454", }, { name: "[oss-security] 20100106 CVE Request: Transmission", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2010/01/06/2", }, { name: "37993", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/37993", }, { name: "SUSE-SA:2010:008", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html", }, { name: "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2010-01-05T00:00:00", descriptions: [ { lang: "en", value: "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-08-16T14:57:01", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://trac.transmissionbt.com/wiki/Changes#version-1.77", }, { name: "[oss-security] 20100106 Re: CVE Request: Transmission", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/01/06/4", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://launchpad.net/bugs/500625", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://trac.transmissionbt.com/changeset/9829/", }, { name: "38005", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/38005", }, { name: "ADV-2010-0071", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2010/0071", }, { name: "DSA-1967", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2010/dsa-1967", }, { name: "transmission-name-directory-traversal(55454)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454", }, { name: "[oss-security] 20100106 CVE Request: Transmission", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2010/01/06/2", }, { name: "37993", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/37993", }, { name: "SUSE-SA:2010:008", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html", }, { name: "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2010-0012", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://trac.transmissionbt.com/wiki/Changes#version-1.77", refsource: "CONFIRM", url: "http://trac.transmissionbt.com/wiki/Changes#version-1.77", }, { name: "[oss-security] 20100106 Re: CVE Request: Transmission", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2010/01/06/4", }, { name: "https://launchpad.net/bugs/500625", refsource: "CONFIRM", url: "https://launchpad.net/bugs/500625", }, { name: "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz", refsource: "CONFIRM", url: "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz", }, { name: "http://trac.transmissionbt.com/changeset/9829/", refsource: "CONFIRM", url: "http://trac.transmissionbt.com/changeset/9829/", }, { name: "38005", refsource: "SECUNIA", url: "http://secunia.com/advisories/38005", }, { name: "ADV-2010-0071", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2010/0071", }, { name: "DSA-1967", refsource: "DEBIAN", url: "http://www.debian.org/security/2010/dsa-1967", }, { name: "transmission-name-directory-traversal(55454)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454", }, { name: "[oss-security] 20100106 CVE Request: Transmission", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2010/01/06/2", }, { name: "37993", refsource: "SECUNIA", url: "http://secunia.com/advisories/37993", }, { name: "SUSE-SA:2010:008", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html", }, { name: "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)", refsource: "MLIST", url: "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg264483.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2010-0012", datePublished: "2010-01-08T17:00:00", dateReserved: "2009-12-14T00:00:00", dateUpdated: "2024-08-07T00:37:52.483Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2009-1757
Vulnerability from cvelistv5
Published
2009-05-22 01:00
Modified
2024-09-16 20:06
Severity ?
EPSS score ?
Summary
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2009/05/21/1 | mailing-list, x_refsource_MLIST | |
| http://www.transmissionbt.com/index.php | x_refsource_CONFIRM |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T05:27:53.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "[oss-security] 20090521 CVE request: transmission <1.61 CSRF", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2009/05/21/1", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.transmissionbt.com/index.php", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2009-05-22T01:00:00Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "[oss-security] 20090521 CVE request: transmission <1.61 CSRF", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2009/05/21/1", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://www.transmissionbt.com/index.php", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2009-1757", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "[oss-security] 20090521 CVE request: transmission <1.61 CSRF", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2009/05/21/1", }, { name: "http://www.transmissionbt.com/index.php", refsource: "CONFIRM", url: "http://www.transmissionbt.com/index.php", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2009-1757", datePublished: "2009-05-22T01:00:00Z", dateReserved: "2009-05-21T00:00:00Z", dateUpdated: "2024-09-16T20:06:44.769Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2018-5702
Vulnerability from cvelistv5
Published
2018-01-15 16:00
Modified
2024-08-05 05:40
Severity ?
EPSS score ?
Summary
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.chromium.org/p/project-zero/issues/detail?id=1447 | x_refsource_MISC | |
| https://www.exploit-db.com/exploits/43665/ | exploit, x_refsource_EXPLOIT-DB | |
| https://www.debian.org/security/2018/dsa-4087 | vendor-advisory, x_refsource_DEBIAN | |
| https://github.com/transmission/transmission/pull/468 | x_refsource_MISC | |
| https://security.gentoo.org/glsa/201806-07 | vendor-advisory, x_refsource_GENTOO | |
| https://twitter.com/taviso/status/951526615145566208 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html | mailing-list, x_refsource_MLIST |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T05:40:51.206Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447", }, { name: "43665", tags: [ "exploit", "x_refsource_EXPLOIT-DB", "x_transferred", ], url: "https://www.exploit-db.com/exploits/43665/", }, { name: "DSA-4087", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2018/dsa-4087", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/transmission/transmission/pull/468", }, { name: "GLSA-201806-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "https://security.gentoo.org/glsa/201806-07", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://twitter.com/taviso/status/951526615145566208", }, { name: "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2018-01-15T00:00:00", descriptions: [ { lang: "en", value: "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-21T09:57:02", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447", }, { name: "43665", tags: [ "exploit", "x_refsource_EXPLOIT-DB", ], url: "https://www.exploit-db.com/exploits/43665/", }, { name: "DSA-4087", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2018/dsa-4087", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/transmission/transmission/pull/468", }, { name: "GLSA-201806-07", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "https://security.gentoo.org/glsa/201806-07", }, { tags: [ "x_refsource_MISC", ], url: "https://twitter.com/taviso/status/951526615145566208", }, { name: "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2018-5702", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447", }, { name: "43665", refsource: "EXPLOIT-DB", url: "https://www.exploit-db.com/exploits/43665/", }, { name: "DSA-4087", refsource: "DEBIAN", url: "https://www.debian.org/security/2018/dsa-4087", }, { name: "https://github.com/transmission/transmission/pull/468", refsource: "MISC", url: "https://github.com/transmission/transmission/pull/468", }, { name: "GLSA-201806-07", refsource: "GENTOO", url: "https://security.gentoo.org/glsa/201806-07", }, { name: "https://twitter.com/taviso/status/951526615145566208", refsource: "MISC", url: "https://twitter.com/taviso/status/951526615145566208", }, { name: "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2018-5702", datePublished: "2018-01-15T16:00:00", dateReserved: "2018-01-15T00:00:00", dateUpdated: "2024-08-05T05:40:51.206Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2012-6129
Vulnerability from cvelistv5
Published
2013-04-03 00:00
Modified
2024-09-16 22:50
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html | vendor-advisory, x_refsource_SUSE | |
| https://trac.transmissionbt.com/ticket/5002 | x_refsource_MISC | |
| http://www.ubuntu.com/usn/USN-1747-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://bugzilla.redhat.com/show_bug.cgi?id=909934 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2013/02/13/1 | mailing-list, x_refsource_MLIST | |
| https://trac.transmissionbt.com/changeset/13646 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-06T21:28:38.970Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "openSUSE-SU-2013:0485", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://trac.transmissionbt.com/ticket/5002", }, { name: "USN-1747-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", "x_transferred", ], url: "http://www.ubuntu.com/usn/USN-1747-1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=909934", }, { name: "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "http://www.openwall.com/lists/oss-security/2013/02/13/1", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://trac.transmissionbt.com/changeset/13646", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\"", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2013-04-03T00:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { name: "openSUSE-SU-2013:0485", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html", }, { tags: [ "x_refsource_MISC", ], url: "https://trac.transmissionbt.com/ticket/5002", }, { name: "USN-1747-1", tags: [ "vendor-advisory", "x_refsource_UBUNTU", ], url: "http://www.ubuntu.com/usn/USN-1747-1", }, { tags: [ "x_refsource_MISC", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=909934", }, { name: "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "http://www.openwall.com/lists/oss-security/2013/02/13/1", }, { tags: [ "x_refsource_MISC", ], url: "https://trac.transmissionbt.com/changeset/13646", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2012-6129", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\"", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "openSUSE-SU-2013:0485", refsource: "SUSE", url: "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html", }, { name: "https://trac.transmissionbt.com/ticket/5002", refsource: "MISC", url: "https://trac.transmissionbt.com/ticket/5002", }, { name: "USN-1747-1", refsource: "UBUNTU", url: "http://www.ubuntu.com/usn/USN-1747-1", }, { name: "https://bugzilla.redhat.com/show_bug.cgi?id=909934", refsource: "MISC", url: "https://bugzilla.redhat.com/show_bug.cgi?id=909934", }, { name: "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely", refsource: "MLIST", url: "http://www.openwall.com/lists/oss-security/2013/02/13/1", }, { name: "https://trac.transmissionbt.com/changeset/13646", refsource: "MISC", url: "https://trac.transmissionbt.com/changeset/13646", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2012-6129", datePublished: "2013-04-03T00:00:00Z", dateReserved: "2012-12-06T00:00:00Z", dateUpdated: "2024-09-16T22:50:21.566Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }