Transmissionbt : Security Vulnerabilities, CVEs, CVSS score >= 7
Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.
Max CVSS
7.8
EPSS Score
1.06%
Published
2020-05-15
Updated
2020-08-14
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.
Max CVSS
8.8
EPSS Score
1.46%
Published
2018-01-15
Updated
2019-10-03
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
Max CVSS
7.5
EPSS Score
2.06%
Published
2013-04-03
Updated
2013-04-03
Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.
Max CVSS
9.8
EPSS Score
0.61%
Published
2019-10-30
Updated
2020-08-18
Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.
Max CVSS
8.8
EPSS Score
0.82%
Published
2010-01-08
Updated
2024-01-26
5 vulnerabilities found