This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Transmissionbt First view 2010-01-08
Product Transmission Last view 2020-05-15
Version 1.34 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:transmissionbt:transmission

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2020-05-15 CVE-2018-10756

Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.

5.3 2019-10-30 CVE-2010-0749

Transmission before 1.92 allows attackers to prevent download of a file by corrupted data during the endgame.

9.8 2019-10-30 CVE-2010-0748

Transmission before 1.92 allows an attacker to cause a denial of service (crash) or possibly have other unspecified impact via a large number of tr arguments in a magnet link.

8.8 2018-01-15 CVE-2018-5702

Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.

6.8 2014-07-29 CVE-2014-4909

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

7.5 2013-04-02 CVE-2012-6129

Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."

2.6 2012-08-15 CVE-2012-4037

Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file.

6.8 2010-01-08 CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

CWE : Common Weakness Enumeration

%idName
28% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14% (1) CWE-416 Use After Free
14% (1) CWE-189 Numeric Errors
14% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
14% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
14% (1) CWE-20 Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-23 File System Function Injection, Content Based
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-76 Manipulating Input to File System Calls
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-139 Relative Path Traversal

Open Source Vulnerability Database (OSVDB)

id Description
61601 Transmission libtransmission/metainfo.c Torrent File Traversal Arbitrary File...

OpenVAS Exploits

id Description
2012-09-27 Name : Ubuntu Update for transmission USN-1584-1
File : nvt/gb_ubuntu_USN_1584_1.nasl
2010-01-29 Name : SuSE Update for acroread SUSE-SA:2010:008
File : nvt/gb_suse_2010_008.nasl
2010-01-20 Name : Mandriva Update for transmission MDVSA-2010:013 (transmission)
File : nvt/gb_mandriva_MDVSA_2010_013.nasl
2010-01-20 Name : Mandriva Update for transmission MDVSA-2010:014 (transmission)
File : nvt/gb_mandriva_MDVSA_2010_014.nasl
2010-01-19 Name : Ubuntu Update for transmission vulnerabilities USN-885-1
File : nvt/gb_ubuntu_USN_885_1.nasl
2010-01-11 Name : Debian Security Advisory DSA 1967-1 (transmission)
File : nvt/deb_1967_1.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-06-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201806-07.nasl - Type: ACT_GATHER_INFO
2018-02-09 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2018-950.nasl - Type: ACT_GATHER_INFO
2018-01-19 Name: The remote Debian host is missing a security update.
File: debian_DLA-1246.nasl - Type: ACT_GATHER_INFO
2018-01-18 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d1e263e68e.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4087.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_0523fb7e84444e86812d8de05f6f0dce.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_transmission_20140522.nasl - Type: ACT_GATHER_INFO
2014-10-12 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2014-390.nasl - Type: ACT_GATHER_INFO
2014-08-15 Name: The remote Fedora host is missing a security update.
File: fedora_2014-8332.nasl - Type: ACT_GATHER_INFO
2014-08-12 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2014-484.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2988.nasl - Type: ACT_GATHER_INFO
2014-07-21 Name: The remote Fedora host is missing a security update.
File: fedora_2014-8331.nasl - Type: ACT_GATHER_INFO
2014-07-17 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-2279-1.nasl - Type: ACT_GATHER_INFO
2014-06-13 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2013-220.nasl - Type: ACT_GATHER_INFO
2013-02-26 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1747-1.nasl - Type: ACT_GATHER_INFO
2012-09-27 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-1584-1.nasl - Type: ACT_GATHER_INFO
2010-07-30 Name: The remote Mandriva Linux host is missing one or more security updates.
File: mandriva_MDVSA-2010-014.nasl - Type: ACT_GATHER_INFO
2010-07-30 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2010-013.nasl - Type: ACT_GATHER_INFO
2010-04-09 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_transmission-100406.nasl - Type: ACT_GATHER_INFO
2010-04-09 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_transmission-100406.nasl - Type: ACT_GATHER_INFO
2010-04-09 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_transmission-100406.nasl - Type: ACT_GATHER_INFO
2010-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1967.nasl - Type: ACT_GATHER_INFO
2010-01-22 Name: The remote openSUSE host is missing a security update.
File: suse_11_2_transmission-100111.nasl - Type: ACT_GATHER_INFO
2010-01-22 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_transmission-100111.nasl - Type: ACT_GATHER_INFO
2010-01-22 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_transmission-100111.nasl - Type: ACT_GATHER_INFO