This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Qbittorrent First view 2017-03-05
Product Qbittorrent Last view 2019-07-17
Version * Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:qbittorrent:qbittorrent

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2019-07-17 CVE-2019-13640

In qBittorrent before 4.1.7, the function Application::runExternalProgram() located in app/application.cpp allows command injection via shell metacharacters in the torrent name parameter or current tracker parameter, as demonstrated by remote command execution via a crafted name within an RSS feed.

6.1 2017-03-05 CVE-2017-6504

WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options header, which could potentially lead to clickjacking.

6.1 2017-03-05 CVE-2017-6503

WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS.

CWE : Common Weakness Enumeration

%idName
33% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
33% (1) CWE-78 Improper Sanitization of Special Elements used in an OS Command ('O...
33% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

id Description
2017-04-17 Name: The remote Debian host is missing a security update.
File: debian_DLA-897.nasl - Type: ACT_GATHER_INFO
2017-03-30 Name: The remote Fedora host is missing a security update.
File: fedora_2017-66593c367e.nasl - Type: ACT_GATHER_INFO
2017-03-28 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-381.nasl - Type: ACT_GATHER_INFO
2017-03-16 Name: The remote Fedora host is missing a security update.
File: fedora_2017-b59943dcae.nasl - Type: ACT_GATHER_INFO