Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
Max CVSS
7.8
EPSS Score
1.06%
Published
2020-05-15
Updated
2020-08-14
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
Max CVSS
8.8
EPSS Score
1.46%
Published
2018-01-15
Updated
2019-10-03
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.
Max CVSS
6.8
EPSS Score
4.00%
Published
2014-07-29
Updated
2014-11-14
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
Max CVSS
7.5
EPSS Score
2.06%
Published
2013-04-03
Updated
2013-04-03
Multiple stack-based buffer overflows in the tr_magnetParse function in libtransmission/magnet.c in Transmission 1.91 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted magnet URL with a large number of (1) tr or (2) ws links.
Max CVSS
6.8
EPSS Score
1.76%
Published
2010-05-07
Updated
2010-05-11
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
Max CVSS
9.8
EPSS Score
0.61%
Published
2019-10-30
Updated
2020-08-18
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
Max CVSS
8.8
EPSS Score
0.82%
Published
2010-01-08
Updated
2024-01-26
Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Max CVSS
6.8
EPSS Score
0.08%
Published
2009-05-22
Updated
2009-05-22
8 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!