Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    20 vulnerabilities by transmissionbt

    CVE-2018-10756 (GCVE-0-2018-10756)

    Vulnerability from cvelistv5 – Published: 2020-05-15 15:56 – Updated: 2024-08-05 07:46
    VLAI
    Summary
    Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:46.883Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
              },
              {
                "name": "FEDORA-2020-e67318b4b4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
              },
              {
                "name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
              },
              {
                "name": "FEDORA-2020-3ef028d53f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
              },
              {
                "name": "GLSA-202007-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-07"
              },
              {
                "name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-01T19:06:07.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
            },
            {
              "name": "FEDORA-2020-e67318b4b4",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
            },
            {
              "name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
            },
            {
              "name": "FEDORA-2020-3ef028d53f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
            },
            {
              "name": "GLSA-202007-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202007-07"
            },
            {
              "name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-10756",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e",
                  "refsource": "MISC",
                  "url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
                },
                {
                  "name": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/",
                  "refsource": "MISC",
                  "url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
                },
                {
                  "name": "FEDORA-2020-e67318b4b4",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
                },
                {
                  "name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
                },
                {
                  "name": "FEDORA-2020-3ef028d53f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
                },
                {
                  "name": "GLSA-202007-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202007-07"
                },
                {
                  "name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-10756",
        "datePublished": "2020-05-15T15:56:21.000Z",
        "dateReserved": "2018-05-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:46:46.883Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0749 (GCVE-0-2010-0749)

    Vulnerability from cvelistv5 – Published: 2019-10-30 22:45 – Updated: 2024-08-07 00:59
    VLAI
    Summary
    Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service - Malformed Input
    Assigner
    Impacted products
    Vendor Product Version
    transmission transmission Affected: before 1.92
    Create a notification for this product.
    Date Public
    2008-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:59:38.814Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2010-0749"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
              },
              {
                "name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/ticket/1242"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "transmission",
              "vendor": "transmission",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.92"
                }
              ]
            }
          ],
          "datePublic": "2008-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service - Malformed Input",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-30T22:45:13.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2010-0749"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
            },
            {
              "name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.transmissionbt.com/ticket/1242"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-0749",
        "datePublished": "2019-10-30T22:45:13.000Z",
        "dateReserved": "2010-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:59:38.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0748 (GCVE-0-2010-0748)

    Vulnerability from cvelistv5 – Published: 2019-10-30 22:34 – Updated: 2024-08-07 00:59
    VLAI
    Summary
    Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    transmission transmission Affected: before 1.92
    Create a notification for this product.
    Date Public
    2010-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:59:38.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2010-0748"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/ticket/2965"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
              },
              {
                "name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "transmission",
              "vendor": "transmission",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.92"
                }
              ]
            }
          ],
          "datePublic": "2010-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-30T22:38:21.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2010-0748"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.transmissionbt.com/ticket/2965"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
            },
            {
              "name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-0748",
        "datePublished": "2019-10-30T22:34:40.000Z",
        "dateReserved": "2010-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:59:38.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5702 (GCVE-0-2018-5702)

    Vulnerability from cvelistv5 – Published: 2018-01-15 16:00 – Updated: 2024-08-05 05:40
    VLAI
    Summary
    Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:51.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
              },
              {
                "name": "43665",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/43665/"
              },
              {
                "name": "DSA-4087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4087"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/transmission/transmission/pull/468"
              },
              {
                "name": "GLSA-201806-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201806-07"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/taviso/status/951526615145566208"
              },
              {
                "name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-21T09:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
            },
            {
              "name": "43665",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/43665/"
            },
            {
              "name": "DSA-4087",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4087"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/transmission/transmission/pull/468"
            },
            {
              "name": "GLSA-201806-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201806-07"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/taviso/status/951526615145566208"
            },
            {
              "name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-5702",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
                },
                {
                  "name": "43665",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/43665/"
                },
                {
                  "name": "DSA-4087",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4087"
                },
                {
                  "name": "https://github.com/transmission/transmission/pull/468",
                  "refsource": "MISC",
                  "url": "https://github.com/transmission/transmission/pull/468"
                },
                {
                  "name": "GLSA-201806-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201806-07"
                },
                {
                  "name": "https://twitter.com/taviso/status/951526615145566208",
                  "refsource": "MISC",
                  "url": "https://twitter.com/taviso/status/951526615145566208"
                },
                {
                  "name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-5702",
        "datePublished": "2018-01-15T16:00:00.000Z",
        "dateReserved": "2018-01-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:40:51.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4909 (GCVE-0-2014-4909)

    Vulnerability from cvelistv5 – Published: 2014-07-29 14:00 – Updated: 2024-08-06 11:27
    VLAI
    Summary
    Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://trac.transmissionbt.com/wiki/Changes#vers… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2014/07/10/4 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/68487 vdb-entryx_refsource_BID
    https://bugs.gentoo.org/show_bug.cgi?id=516822 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2014/07/11/5 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/60108 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/60527 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59897 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2988 vendor-advisoryx_refsource_DEBIAN
    http://inertiawar.com/submission.go x_refsource_MISC
    http://www.ubuntu.com/usn/USN-2279-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1118290 x_refsource_CONFIRM
    https://twitter.com/benhawkes/statuses/4843781519… x_refsource_MISC
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://www.osvdb.org/108997 vdb-entryx_refsource_OSVDB
    Date Public
    2014-07-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:27:36.988Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2014-8331",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
              },
              {
                "name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
              },
              {
                "name": "68487",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68487"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
              },
              {
                "name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
              },
              {
                "name": "60108",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60108"
              },
              {
                "name": "60527",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60527"
              },
              {
                "name": "59897",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59897"
              },
              {
                "name": "DSA-2988",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2988"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://inertiawar.com/submission.go"
              },
              {
                "name": "USN-2279-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2279-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/benhawkes/statuses/484378151959539712"
              },
              {
                "name": "openSUSE-SU-2014:0980",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
              },
              {
                "name": "108997",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/108997"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-11-05T22:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "FEDORA-2014-8331",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
            },
            {
              "name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
            },
            {
              "name": "68487",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68487"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
            },
            {
              "name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
            },
            {
              "name": "60108",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60108"
            },
            {
              "name": "60527",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60527"
            },
            {
              "name": "59897",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59897"
            },
            {
              "name": "DSA-2988",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2988"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://inertiawar.com/submission.go"
            },
            {
              "name": "USN-2279-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2279-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/benhawkes/statuses/484378151959539712"
            },
            {
              "name": "openSUSE-SU-2014:0980",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
            },
            {
              "name": "108997",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/108997"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4909",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2014-8331",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
                },
                {
                  "name": "https://trac.transmissionbt.com/wiki/Changes#version-2.84",
                  "refsource": "CONFIRM",
                  "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
                },
                {
                  "name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
                },
                {
                  "name": "68487",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/68487"
                },
                {
                  "name": "https://bugs.gentoo.org/show_bug.cgi?id=516822",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
                },
                {
                  "name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
                },
                {
                  "name": "60108",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60108"
                },
                {
                  "name": "60527",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60527"
                },
                {
                  "name": "59897",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59897"
                },
                {
                  "name": "DSA-2988",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2988"
                },
                {
                  "name": "http://inertiawar.com/submission.go",
                  "refsource": "MISC",
                  "url": "http://inertiawar.com/submission.go"
                },
                {
                  "name": "USN-2279-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2279-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
                },
                {
                  "name": "https://twitter.com/benhawkes/statuses/484378151959539712",
                  "refsource": "MISC",
                  "url": "https://twitter.com/benhawkes/statuses/484378151959539712"
                },
                {
                  "name": "openSUSE-SU-2014:0980",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
                },
                {
                  "name": "108997",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/108997"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4909",
        "datePublished": "2014-07-29T14:00:00.000Z",
        "dateReserved": "2014-07-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:27:36.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-6129 (GCVE-0-2012-6129)

    Vulnerability from cvelistv5 – Published: 2013-04-03 00:00 – Updated: 2024-09-16 22:50
    VLAI
    Summary
    Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:28:38.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2013:0485",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/ticket/5002"
              },
              {
                "name": "USN-1747-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1747-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
              },
              {
                "name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/changeset/13646"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-03T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "openSUSE-SU-2013:0485",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://trac.transmissionbt.com/ticket/5002"
            },
            {
              "name": "USN-1747-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1747-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
            },
            {
              "name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://trac.transmissionbt.com/changeset/13646"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-6129",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2013:0485",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
                },
                {
                  "name": "https://trac.transmissionbt.com/ticket/5002",
                  "refsource": "MISC",
                  "url": "https://trac.transmissionbt.com/ticket/5002"
                },
                {
                  "name": "USN-1747-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1747-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=909934",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
                },
                {
                  "name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
                },
                {
                  "name": "https://trac.transmissionbt.com/changeset/13646",
                  "refsource": "MISC",
                  "url": "https://trac.transmissionbt.com/changeset/13646"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-6129",
        "datePublished": "2013-04-03T00:00:00.000Z",
        "dateReserved": "2012-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:50:21.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-4037 (GCVE-0-2012-4037)

    Vulnerability from cvelistv5 – Published: 2012-08-15 20:00 – Updated: 2024-08-06 20:21
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.madirish.net/541 x_refsource_MISC
    http://secunia.com/advisories/50769 third-party-advisoryx_refsource_SECUNIA
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/54705 vdb-entryx_refsource_BID
    https://trac.transmissionbt.com/wiki/Changes#vers… x_refsource_CONFIRM
    https://trac.transmissionbt.com/ticket/4979 x_refsource_CONFIRM
    http://secunia.com/advisories/50027 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-1584-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2012-07-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:21:04.201Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/541"
              },
              {
                "name": "50769",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50769"
              },
              {
                "name": "20120726 Transmission BitTorrent XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
              },
              {
                "name": "54705",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/54705"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/ticket/4979"
              },
              {
                "name": "50027",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50027"
              },
              {
                "name": "USN-1584-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1584-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-10-30T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/541"
            },
            {
              "name": "50769",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50769"
            },
            {
              "name": "20120726 Transmission BitTorrent XSS Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
            },
            {
              "name": "54705",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/54705"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.transmissionbt.com/ticket/4979"
            },
            {
              "name": "50027",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50027"
            },
            {
              "name": "USN-1584-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1584-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-4037",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.madirish.net/541",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/541"
                },
                {
                  "name": "50769",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/50769"
                },
                {
                  "name": "20120726 Transmission BitTorrent XSS Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
                },
                {
                  "name": "54705",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/54705"
                },
                {
                  "name": "https://trac.transmissionbt.com/wiki/Changes#version-2.61",
                  "refsource": "CONFIRM",
                  "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
                },
                {
                  "name": "https://trac.transmissionbt.com/ticket/4979",
                  "refsource": "CONFIRM",
                  "url": "https://trac.transmissionbt.com/ticket/4979"
                },
                {
                  "name": "50027",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/50027"
                },
                {
                  "name": "USN-1584-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1584-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-4037",
        "datePublished": "2012-08-15T20:00:00.000Z",
        "dateReserved": "2012-07-20T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:21:04.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1853 (GCVE-0-2010-1853)

    Vulnerability from cvelistv5 – Published: 2010-05-07 20:00 – Updated: 2024-09-16 19:57
    VLAI
    Summary
    Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/38814 vdb-entryx_refsource_BID
    http://www.osvdb.org/63066 vdb-entryx_refsource_OSVDB
    http://trac.transmissionbt.com/wiki/Changes x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2010/0655 vdb-entryx_refsource_VUPEN
    http://trac.transmissionbt.com/ticket/2965 x_refsource_CONFIRM
    http://secunia.com/advisories/39031 third-party-advisoryx_refsource_SECUNIA
    http://trac.transmissionbt.com/changeset/10279 x_refsource_CONFIRM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:35:53.743Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "38814",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/38814"
              },
              {
                "name": "63066",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/63066"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.transmissionbt.com/wiki/Changes"
              },
              {
                "name": "ADV-2010-0655",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0655"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.transmissionbt.com/ticket/2965"
              },
              {
                "name": "39031",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39031"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.transmissionbt.com/changeset/10279"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-05-07T20:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "38814",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/38814"
            },
            {
              "name": "63066",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/63066"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.transmissionbt.com/wiki/Changes"
            },
            {
              "name": "ADV-2010-0655",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0655"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.transmissionbt.com/ticket/2965"
            },
            {
              "name": "39031",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39031"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.transmissionbt.com/changeset/10279"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1853",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "38814",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/38814"
                },
                {
                  "name": "63066",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/63066"
                },
                {
                  "name": "http://trac.transmissionbt.com/wiki/Changes",
                  "refsource": "CONFIRM",
                  "url": "http://trac.transmissionbt.com/wiki/Changes"
                },
                {
                  "name": "ADV-2010-0655",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/0655"
                },
                {
                  "name": "http://trac.transmissionbt.com/ticket/2965",
                  "refsource": "CONFIRM",
                  "url": "http://trac.transmissionbt.com/ticket/2965"
                },
                {
                  "name": "39031",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39031"
                },
                {
                  "name": "http://trac.transmissionbt.com/changeset/10279",
                  "refsource": "CONFIRM",
                  "url": "http://trac.transmissionbt.com/changeset/10279"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1853",
        "datePublished": "2010-05-07T20:00:00.000Z",
        "dateReserved": "2010-05-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:57:07.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0012 (GCVE-0-2010-0012)

    Vulnerability from cvelistv5 – Published: 2010-01-08 17:00 – Updated: 2024-08-07 00:37
    VLAI
    Summary
    Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-01-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:37:52.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
              },
              {
                "name": "[oss-security] 20100106 Re: CVE Request: Transmission",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/bugs/500625"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.transmissionbt.com/changeset/9829/"
              },
              {
                "name": "38005",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38005"
              },
              {
                "name": "ADV-2010-0071",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0071"
              },
              {
                "name": "DSA-1967",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2010/dsa-1967"
              },
              {
                "name": "transmission-name-directory-traversal(55454)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
              },
              {
                "name": "[oss-security] 20100106 CVE Request: Transmission",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
              },
              {
                "name": "37993",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37993"
              },
              {
                "name": "SUSE-SA:2010:008",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
              },
              {
                "name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-01-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
            },
            {
              "name": "[oss-security] 20100106 Re: CVE Request: Transmission",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.net/bugs/500625"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.transmissionbt.com/changeset/9829/"
            },
            {
              "name": "38005",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38005"
            },
            {
              "name": "ADV-2010-0071",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0071"
            },
            {
              "name": "DSA-1967",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2010/dsa-1967"
            },
            {
              "name": "transmission-name-directory-traversal(55454)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
            },
            {
              "name": "[oss-security] 20100106 CVE Request: Transmission",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
            },
            {
              "name": "37993",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37993"
            },
            {
              "name": "SUSE-SA:2010:008",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
            },
            {
              "name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2010-0012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://trac.transmissionbt.com/wiki/Changes#version-1.77",
                  "refsource": "CONFIRM",
                  "url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
                },
                {
                  "name": "[oss-security] 20100106 Re: CVE Request: Transmission",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
                },
                {
                  "name": "https://launchpad.net/bugs/500625",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.net/bugs/500625"
                },
                {
                  "name": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz",
                  "refsource": "CONFIRM",
                  "url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
                },
                {
                  "name": "http://trac.transmissionbt.com/changeset/9829/",
                  "refsource": "CONFIRM",
                  "url": "http://trac.transmissionbt.com/changeset/9829/"
                },
                {
                  "name": "38005",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38005"
                },
                {
                  "name": "ADV-2010-0071",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/0071"
                },
                {
                  "name": "DSA-1967",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2010/dsa-1967"
                },
                {
                  "name": "transmission-name-directory-traversal(55454)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
                },
                {
                  "name": "[oss-security] 20100106 CVE Request: Transmission",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
                },
                {
                  "name": "37993",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37993"
                },
                {
                  "name": "SUSE-SA:2010:008",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
                },
                {
                  "name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
                  "refsource": "MLIST",
                  "url": "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg264483.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-0012",
        "datePublished": "2010-01-08T17:00:00.000Z",
        "dateReserved": "2009-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:37:52.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1757 (GCVE-0-2009-1757)

    Vulnerability from cvelistv5 – Published: 2009-05-22 01:00 – Updated: 2024-09-16 20:06
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:27:53.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.transmissionbt.com/index.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-05-22T01:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.transmissionbt.com/index.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1757",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
                },
                {
                  "name": "http://www.transmissionbt.com/index.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.transmissionbt.com/index.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1757",
        "datePublished": "2009-05-22T01:00:00.000Z",
        "dateReserved": "2009-05-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:06:44.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-10756 (GCVE-0-2018-10756)

    Vulnerability from nvd – Published: 2020-05-15 15:56 – Updated: 2024-08-05 07:46
    VLAI
    Summary
    Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:46:46.883Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
              },
              {
                "name": "FEDORA-2020-e67318b4b4",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
              },
              {
                "name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
              },
              {
                "name": "FEDORA-2020-3ef028d53f",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
              },
              {
                "name": "GLSA-202007-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202007-07"
              },
              {
                "name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-01T19:06:07.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
            },
            {
              "name": "FEDORA-2020-e67318b4b4",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
            },
            {
              "name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
            },
            {
              "name": "FEDORA-2020-3ef028d53f",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
            },
            {
              "name": "GLSA-202007-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/202007-07"
            },
            {
              "name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-10756",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e",
                  "refsource": "MISC",
                  "url": "https://github.com/transmission/transmission/commit/2123adf8e5e1c2b48791f9d22fc8c747e974180e"
                },
                {
                  "name": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/",
                  "refsource": "MISC",
                  "url": "https://tomrichards.net/2020/05/cve-2018-10756-transmission/"
                },
                {
                  "name": "FEDORA-2020-e67318b4b4",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVAG2HNKNRLWOACFN5F2ANJD2SQ53WI7/"
                },
                {
                  "name": "[debian-lts-announce] 20200524 [SECURITY] [DLA 2218-1] transmission security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00022.html"
                },
                {
                  "name": "FEDORA-2020-3ef028d53f",
                  "refsource": "FEDORA",
                  "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CD3GLZ5URIK74RCGLSH72IVLDIJJMLQC/"
                },
                {
                  "name": "GLSA-202007-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/202007-07"
                },
                {
                  "name": "[debian-lts-announce] 20200801 [SECURITY] [DLA 2305-1] transmission security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00001.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-10756",
        "datePublished": "2020-05-15T15:56:21.000Z",
        "dateReserved": "2018-05-05T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:46:46.883Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0749 (GCVE-0-2010-0749)

    Vulnerability from nvd – Published: 2019-10-30 22:45 – Updated: 2024-08-07 00:59
    VLAI
    Summary
    Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.
    Severity
    No CVSS data available.
    CWE
    • Denial of Service - Malformed Input
    Assigner
    Impacted products
    Vendor Product Version
    transmission transmission Affected: before 1.92
    Create a notification for this product.
    Date Public
    2008-08-30 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:59:38.814Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2010-0749"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
              },
              {
                "name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/ticket/1242"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "transmission",
              "vendor": "transmission",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.92"
                }
              ]
            }
          ],
          "datePublic": "2008-08-30T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Denial of Service - Malformed Input",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-30T22:45:13.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2010-0749"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0749"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
            },
            {
              "name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.transmissionbt.com/ticket/1242"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-0749",
        "datePublished": "2019-10-30T22:45:13.000Z",
        "dateReserved": "2010-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:59:38.814Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0748 (GCVE-0-2010-0748)

    Vulnerability from nvd – Published: 2019-10-30 22:34 – Updated: 2024-08-07 00:59
    VLAI
    Summary
    Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
    Severity
    No CVSS data available.
    CWE
    • Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    transmission transmission Affected: before 1.92
    Create a notification for this product.
    Date Public
    2010-02-24 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:59:38.897Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2010-0748"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/ticket/2965"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
              },
              {
                "name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "transmission",
              "vendor": "transmission",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 1.92"
                }
              ]
            }
          ],
          "datePublic": "2010-02-24T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Buffer Overflow",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-30T22:38:21.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2010-0748"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.transmissionbt.com/ticket/2965"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314"
            },
            {
              "name": "[oss-security] 20100401 Re: CVE Request -- Transmission v1.92",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://www.openwall.com/lists/oss-security/2010/04/01/9"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-0748",
        "datePublished": "2019-10-30T22:34:40.000Z",
        "dateReserved": "2010-02-26T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:59:38.897Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-5702 (GCVE-0-2018-5702)

    Vulnerability from nvd – Published: 2018-01-15 16:00 – Updated: 2024-08-05 05:40
    VLAI
    Summary
    Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-01-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T05:40:51.206Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
              },
              {
                "name": "43665",
                "tags": [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
                  "x_transferred"
                ],
                "url": "https://www.exploit-db.com/exploits/43665/"
              },
              {
                "name": "DSA-4087",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "https://www.debian.org/security/2018/dsa-4087"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/transmission/transmission/pull/468"
              },
              {
                "name": "GLSA-201806-07",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_GENTOO",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/201806-07"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/taviso/status/951526615145566208"
              },
              {
                "name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-01-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-21T09:57:02.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
            },
            {
              "name": "43665",
              "tags": [
                "exploit",
                "x_refsource_EXPLOIT-DB"
              ],
              "url": "https://www.exploit-db.com/exploits/43665/"
            },
            {
              "name": "DSA-4087",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "https://www.debian.org/security/2018/dsa-4087"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/transmission/transmission/pull/468"
            },
            {
              "name": "GLSA-201806-07",
              "tags": [
                "vendor-advisory",
                "x_refsource_GENTOO"
              ],
              "url": "https://security.gentoo.org/glsa/201806-07"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/taviso/status/951526615145566208"
            },
            {
              "name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-5702",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447",
                  "refsource": "MISC",
                  "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1447"
                },
                {
                  "name": "43665",
                  "refsource": "EXPLOIT-DB",
                  "url": "https://www.exploit-db.com/exploits/43665/"
                },
                {
                  "name": "DSA-4087",
                  "refsource": "DEBIAN",
                  "url": "https://www.debian.org/security/2018/dsa-4087"
                },
                {
                  "name": "https://github.com/transmission/transmission/pull/468",
                  "refsource": "MISC",
                  "url": "https://github.com/transmission/transmission/pull/468"
                },
                {
                  "name": "GLSA-201806-07",
                  "refsource": "GENTOO",
                  "url": "https://security.gentoo.org/glsa/201806-07"
                },
                {
                  "name": "https://twitter.com/taviso/status/951526615145566208",
                  "refsource": "MISC",
                  "url": "https://twitter.com/taviso/status/951526615145566208"
                },
                {
                  "name": "[debian-lts-announce] 20180118 [SECURITY] [DLA 1246-1] transmission security update",
                  "refsource": "MLIST",
                  "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00020.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-5702",
        "datePublished": "2018-01-15T16:00:00.000Z",
        "dateReserved": "2018-01-15T00:00:00.000Z",
        "dateUpdated": "2024-08-05T05:40:51.206Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4909 (GCVE-0-2014-4909)

    Vulnerability from nvd – Published: 2014-07-29 14:00 – Updated: 2024-08-06 11:27
    VLAI
    Summary
    Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://lists.fedoraproject.org/pipermail/package-… vendor-advisoryx_refsource_FEDORA
    https://trac.transmissionbt.com/wiki/Changes#vers… x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2014/07/10/4 mailing-listx_refsource_MLIST
    http://www.securityfocus.com/bid/68487 vdb-entryx_refsource_BID
    https://bugs.gentoo.org/show_bug.cgi?id=516822 x_refsource_CONFIRM
    http://www.openwall.com/lists/oss-security/2014/07/11/5 mailing-listx_refsource_MLIST
    http://secunia.com/advisories/60108 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/60527 third-party-advisoryx_refsource_SECUNIA
    http://secunia.com/advisories/59897 third-party-advisoryx_refsource_SECUNIA
    http://www.debian.org/security/2014/dsa-2988 vendor-advisoryx_refsource_DEBIAN
    http://inertiawar.com/submission.go x_refsource_MISC
    http://www.ubuntu.com/usn/USN-2279-1 vendor-advisoryx_refsource_UBUNTU
    https://bugzilla.redhat.com/show_bug.cgi?id=1118290 x_refsource_CONFIRM
    https://twitter.com/benhawkes/statuses/4843781519… x_refsource_MISC
    http://lists.opensuse.org/opensuse-updates/2014-0… vendor-advisoryx_refsource_SUSE
    http://www.osvdb.org/108997 vdb-entryx_refsource_OSVDB
    Date Public
    2014-07-01 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:27:36.988Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2014-8331",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
              },
              {
                "name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
              },
              {
                "name": "68487",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68487"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
              },
              {
                "name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
              },
              {
                "name": "60108",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60108"
              },
              {
                "name": "60527",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/60527"
              },
              {
                "name": "59897",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59897"
              },
              {
                "name": "DSA-2988",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2014/dsa-2988"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://inertiawar.com/submission.go"
              },
              {
                "name": "USN-2279-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-2279-1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://twitter.com/benhawkes/statuses/484378151959539712"
              },
              {
                "name": "openSUSE-SU-2014:0980",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
              },
              {
                "name": "108997",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/108997"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-07-01T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-11-05T22:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "FEDORA-2014-8331",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
            },
            {
              "name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
            },
            {
              "name": "68487",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68487"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
            },
            {
              "name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
            },
            {
              "name": "60108",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60108"
            },
            {
              "name": "60527",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/60527"
            },
            {
              "name": "59897",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59897"
            },
            {
              "name": "DSA-2988",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2014/dsa-2988"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://inertiawar.com/submission.go"
            },
            {
              "name": "USN-2279-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2279-1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://twitter.com/benhawkes/statuses/484378151959539712"
            },
            {
              "name": "openSUSE-SU-2014:0980",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
            },
            {
              "name": "108997",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/108997"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4909",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2014-8331",
                  "refsource": "FEDORA",
                  "url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135539.html"
                },
                {
                  "name": "https://trac.transmissionbt.com/wiki/Changes#version-2.84",
                  "refsource": "CONFIRM",
                  "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.84"
                },
                {
                  "name": "[oss-security] 20140710 CVE request: transmission peer communication vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/07/10/4"
                },
                {
                  "name": "68487",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/68487"
                },
                {
                  "name": "https://bugs.gentoo.org/show_bug.cgi?id=516822",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.gentoo.org/show_bug.cgi?id=516822"
                },
                {
                  "name": "[oss-security] 20140711 Re: CVE request: transmission peer communication vulnerability",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2014/07/11/5"
                },
                {
                  "name": "60108",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60108"
                },
                {
                  "name": "60527",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/60527"
                },
                {
                  "name": "59897",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59897"
                },
                {
                  "name": "DSA-2988",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2014/dsa-2988"
                },
                {
                  "name": "http://inertiawar.com/submission.go",
                  "refsource": "MISC",
                  "url": "http://inertiawar.com/submission.go"
                },
                {
                  "name": "USN-2279-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-2279-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290",
                  "refsource": "CONFIRM",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118290"
                },
                {
                  "name": "https://twitter.com/benhawkes/statuses/484378151959539712",
                  "refsource": "MISC",
                  "url": "https://twitter.com/benhawkes/statuses/484378151959539712"
                },
                {
                  "name": "openSUSE-SU-2014:0980",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2014-08/msg00011.html"
                },
                {
                  "name": "108997",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/108997"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4909",
        "datePublished": "2014-07-29T14:00:00.000Z",
        "dateReserved": "2014-07-11T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:27:36.988Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-6129 (GCVE-0-2012-6129)

    Vulnerability from nvd – Published: 2013-04-03 00:00 – Updated: 2024-09-16 22:50
    VLAI
    Summary
    Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T21:28:38.970Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "openSUSE-SU-2013:0485",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/ticket/5002"
              },
              {
                "name": "USN-1747-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1747-1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
              },
              {
                "name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/changeset/13646"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2013-04-03T00:00:00.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "name": "openSUSE-SU-2013:0485",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://trac.transmissionbt.com/ticket/5002"
            },
            {
              "name": "USN-1747-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1747-1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
            },
            {
              "name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://trac.transmissionbt.com/changeset/13646"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2012-6129",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "openSUSE-SU-2013:0485",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
                },
                {
                  "name": "https://trac.transmissionbt.com/ticket/5002",
                  "refsource": "MISC",
                  "url": "https://trac.transmissionbt.com/ticket/5002"
                },
                {
                  "name": "USN-1747-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1747-1"
                },
                {
                  "name": "https://bugzilla.redhat.com/show_bug.cgi?id=909934",
                  "refsource": "MISC",
                  "url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
                },
                {
                  "name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
                },
                {
                  "name": "https://trac.transmissionbt.com/changeset/13646",
                  "refsource": "MISC",
                  "url": "https://trac.transmissionbt.com/changeset/13646"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2012-6129",
        "datePublished": "2013-04-03T00:00:00.000Z",
        "dateReserved": "2012-12-06T00:00:00.000Z",
        "dateUpdated": "2024-09-16T22:50:21.566Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-4037 (GCVE-0-2012-4037)

    Vulnerability from nvd – Published: 2012-08-15 20:00 – Updated: 2024-08-06 20:21
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.madirish.net/541 x_refsource_MISC
    http://secunia.com/advisories/50769 third-party-advisoryx_refsource_SECUNIA
    http://archives.neohapsis.com/archives/fulldisclo… mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/54705 vdb-entryx_refsource_BID
    https://trac.transmissionbt.com/wiki/Changes#vers… x_refsource_CONFIRM
    https://trac.transmissionbt.com/ticket/4979 x_refsource_CONFIRM
    http://secunia.com/advisories/50027 third-party-advisoryx_refsource_SECUNIA
    http://www.ubuntu.com/usn/USN-1584-1 vendor-advisoryx_refsource_UBUNTU
    Date Public
    2012-07-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:21:04.201Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.madirish.net/541"
              },
              {
                "name": "50769",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50769"
              },
              {
                "name": "20120726 Transmission BitTorrent XSS Vulnerability",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
              },
              {
                "name": "54705",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/54705"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://trac.transmissionbt.com/ticket/4979"
              },
              {
                "name": "50027",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/50027"
              },
              {
                "name": "USN-1584-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "http://www.ubuntu.com/usn/USN-1584-1"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2012-07-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-10-30T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.madirish.net/541"
            },
            {
              "name": "50769",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50769"
            },
            {
              "name": "20120726 Transmission BitTorrent XSS Vulnerability",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
            },
            {
              "name": "54705",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/54705"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://trac.transmissionbt.com/ticket/4979"
            },
            {
              "name": "50027",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/50027"
            },
            {
              "name": "USN-1584-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "http://www.ubuntu.com/usn/USN-1584-1"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-4037",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.madirish.net/541",
                  "refsource": "MISC",
                  "url": "http://www.madirish.net/541"
                },
                {
                  "name": "50769",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/50769"
                },
                {
                  "name": "20120726 Transmission BitTorrent XSS Vulnerability",
                  "refsource": "FULLDISC",
                  "url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
                },
                {
                  "name": "54705",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/54705"
                },
                {
                  "name": "https://trac.transmissionbt.com/wiki/Changes#version-2.61",
                  "refsource": "CONFIRM",
                  "url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
                },
                {
                  "name": "https://trac.transmissionbt.com/ticket/4979",
                  "refsource": "CONFIRM",
                  "url": "https://trac.transmissionbt.com/ticket/4979"
                },
                {
                  "name": "50027",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/50027"
                },
                {
                  "name": "USN-1584-1",
                  "refsource": "UBUNTU",
                  "url": "http://www.ubuntu.com/usn/USN-1584-1"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-4037",
        "datePublished": "2012-08-15T20:00:00.000Z",
        "dateReserved": "2012-07-20T00:00:00.000Z",
        "dateUpdated": "2024-08-06T20:21:04.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-1853 (GCVE-0-2010-1853)

    Vulnerability from nvd – Published: 2010-05-07 20:00 – Updated: 2024-09-16 19:57
    VLAI
    Summary
    Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/38814 vdb-entryx_refsource_BID
    http://www.osvdb.org/63066 vdb-entryx_refsource_OSVDB
    http://trac.transmissionbt.com/wiki/Changes x_refsource_CONFIRM
    http://www.vupen.com/english/advisories/2010/0655 vdb-entryx_refsource_VUPEN
    http://trac.transmissionbt.com/ticket/2965 x_refsource_CONFIRM
    http://secunia.com/advisories/39031 third-party-advisoryx_refsource_SECUNIA
    http://trac.transmissionbt.com/changeset/10279 x_refsource_CONFIRM
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T01:35:53.743Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "38814",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/38814"
              },
              {
                "name": "63066",
                "tags": [
                  "vdb-entry",
                  "x_refsource_OSVDB",
                  "x_transferred"
                ],
                "url": "http://www.osvdb.org/63066"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.transmissionbt.com/wiki/Changes"
              },
              {
                "name": "ADV-2010-0655",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0655"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.transmissionbt.com/ticket/2965"
              },
              {
                "name": "39031",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/39031"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.transmissionbt.com/changeset/10279"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2010-05-07T20:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "38814",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/38814"
            },
            {
              "name": "63066",
              "tags": [
                "vdb-entry",
                "x_refsource_OSVDB"
              ],
              "url": "http://www.osvdb.org/63066"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.transmissionbt.com/wiki/Changes"
            },
            {
              "name": "ADV-2010-0655",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0655"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.transmissionbt.com/ticket/2965"
            },
            {
              "name": "39031",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/39031"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.transmissionbt.com/changeset/10279"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2010-1853",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "38814",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/38814"
                },
                {
                  "name": "63066",
                  "refsource": "OSVDB",
                  "url": "http://www.osvdb.org/63066"
                },
                {
                  "name": "http://trac.transmissionbt.com/wiki/Changes",
                  "refsource": "CONFIRM",
                  "url": "http://trac.transmissionbt.com/wiki/Changes"
                },
                {
                  "name": "ADV-2010-0655",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/0655"
                },
                {
                  "name": "http://trac.transmissionbt.com/ticket/2965",
                  "refsource": "CONFIRM",
                  "url": "http://trac.transmissionbt.com/ticket/2965"
                },
                {
                  "name": "39031",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/39031"
                },
                {
                  "name": "http://trac.transmissionbt.com/changeset/10279",
                  "refsource": "CONFIRM",
                  "url": "http://trac.transmissionbt.com/changeset/10279"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2010-1853",
        "datePublished": "2010-05-07T20:00:00.000Z",
        "dateReserved": "2010-05-07T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:57:07.176Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2010-0012 (GCVE-0-2010-0012)

    Vulnerability from nvd – Published: 2010-01-08 17:00 – Updated: 2024-08-07 00:37
    VLAI
    Summary
    Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2010-01-05 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T00:37:52.483Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
              },
              {
                "name": "[oss-security] 20100106 Re: CVE Request: Transmission",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://launchpad.net/bugs/500625"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://trac.transmissionbt.com/changeset/9829/"
              },
              {
                "name": "38005",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/38005"
              },
              {
                "name": "ADV-2010-0071",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2010/0071"
              },
              {
                "name": "DSA-1967",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
                  "x_transferred"
                ],
                "url": "http://www.debian.org/security/2010/dsa-1967"
              },
              {
                "name": "transmission-name-directory-traversal(55454)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
              },
              {
                "name": "[oss-security] 20100106 CVE Request: Transmission",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
              },
              {
                "name": "37993",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/37993"
              },
              {
                "name": "SUSE-SA:2010:008",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_SUSE",
                  "x_transferred"
                ],
                "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
              },
              {
                "name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2010-01-05T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-08-16T14:57:01.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
            },
            {
              "name": "[oss-security] 20100106 Re: CVE Request: Transmission",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://launchpad.net/bugs/500625"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://trac.transmissionbt.com/changeset/9829/"
            },
            {
              "name": "38005",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/38005"
            },
            {
              "name": "ADV-2010-0071",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2010/0071"
            },
            {
              "name": "DSA-1967",
              "tags": [
                "vendor-advisory",
                "x_refsource_DEBIAN"
              ],
              "url": "http://www.debian.org/security/2010/dsa-1967"
            },
            {
              "name": "transmission-name-directory-traversal(55454)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
            },
            {
              "name": "[oss-security] 20100106 CVE Request: Transmission",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
            },
            {
              "name": "37993",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/37993"
            },
            {
              "name": "SUSE-SA:2010:008",
              "tags": [
                "vendor-advisory",
                "x_refsource_SUSE"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
            },
            {
              "name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2010-0012",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://trac.transmissionbt.com/wiki/Changes#version-1.77",
                  "refsource": "CONFIRM",
                  "url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77"
                },
                {
                  "name": "[oss-security] 20100106 Re: CVE Request: Transmission",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2010/01/06/4"
                },
                {
                  "name": "https://launchpad.net/bugs/500625",
                  "refsource": "CONFIRM",
                  "url": "https://launchpad.net/bugs/500625"
                },
                {
                  "name": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz",
                  "refsource": "CONFIRM",
                  "url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz"
                },
                {
                  "name": "http://trac.transmissionbt.com/changeset/9829/",
                  "refsource": "CONFIRM",
                  "url": "http://trac.transmissionbt.com/changeset/9829/"
                },
                {
                  "name": "38005",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/38005"
                },
                {
                  "name": "ADV-2010-0071",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2010/0071"
                },
                {
                  "name": "DSA-1967",
                  "refsource": "DEBIAN",
                  "url": "http://www.debian.org/security/2010/dsa-1967"
                },
                {
                  "name": "transmission-name-directory-traversal(55454)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454"
                },
                {
                  "name": "[oss-security] 20100106 CVE Request: Transmission",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2010/01/06/2"
                },
                {
                  "name": "37993",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/37993"
                },
                {
                  "name": "SUSE-SA:2010:008",
                  "refsource": "SUSE",
                  "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
                },
                {
                  "name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)",
                  "refsource": "MLIST",
                  "url": "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg264483.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2010-0012",
        "datePublished": "2010-01-08T17:00:00.000Z",
        "dateReserved": "2009-12-14T00:00:00.000Z",
        "dateUpdated": "2024-08-07T00:37:52.483Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2009-1757 (GCVE-0-2009-1757)

    Vulnerability from nvd – Published: 2009-05-22 01:00 – Updated: 2024-09-16 20:06
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T05:27:53.646Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.transmissionbt.com/index.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-05-22T01:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.transmissionbt.com/index.php"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2009-1757",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "[oss-security] 20090521 CVE request: transmission \u003c1.61 CSRF",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/05/21/1"
                },
                {
                  "name": "http://www.transmissionbt.com/index.php",
                  "refsource": "CONFIRM",
                  "url": "http://www.transmissionbt.com/index.php"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2009-1757",
        "datePublished": "2009-05-22T01:00:00.000Z",
        "dateReserved": "2009-05-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:06:44.769Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }