rpm package
opensuse/transmission&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/transmission&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-5702 | Hig | 8.8 | < 3.00-2.8 | 3.00-2.8 | Jan 15, 2018 | Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conj | |
| CVE-2018-5072 | Med | 4.8 | < 3.00-2.8 | 3.00-2.8 | Jan 3, 2018 | Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. | |
| CVE-2014-4909 | — | < 2.92-3.1 | 2.92-3.1 | Jul 29, 2014 | Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write. |
- affected < 3.00-2.8fixed 3.00-2.8
Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conj
- affected < 3.00-2.8fixed 3.00-2.8
Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter.
- CVE-2014-4909Jul 29, 2014affected < 2.92-3.1fixed 2.92-3.1
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.