U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): utorrent
  • Search Type: Search All
  • Match: Exact
  • CPE Name Search: false
There are 15 matching records.
Displaying matches 1 through 15.
Vuln ID Summary CVSS Severity
CVE-2018-25044

A vulnerability, which was classified as critical, has been found in uTorrent. This issue affects some unknown processing of the component Guest Account. The manipulation leads to privilege escalation. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Published: June 17, 2022; 9:15:11 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-25043

A vulnerability classified as critical was found in uTorrent. This vulnerability affects unknown code of the component PRNG. The manipulation leads to weak authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Published: June 17, 2022; 9:15:11 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-25042

A vulnerability classified as critical has been found in uTorrent. This affects an unknown part. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. It is recommended to upgrade the affected component.

Published: June 17, 2022; 9:15:11 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-25041

A vulnerability was found in uTorrent. It has been rated as critical. Affected by this issue is some unknown functionality of the component JSON RPC Server. The manipulation leads to privilege escalation. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Published: June 17, 2022; 9:15:11 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-25040

A vulnerability was found in uTorrent Web. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component HTTP RPC Server. The manipulation leads to privilege escalation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Published: June 17, 2022; 9:15:11 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2020-8437

The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service.

Published: March 02, 2020; 2:15:12 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-5474

BitTorrent and uTorrent allow remote attackers to inject command line parameters and execute arbitrary commands via a crafted URL using the (1) bittorrent or (2) magnet protocol.

Published: August 13, 2015; 10:59:06 AM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2014-5727

The uTorrent Remote (aka com.utorrent.web) application 1.0.20110929 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: September 09, 2014; 6:55:09 AM -0400
V3.x:(not available)
V2.0: 5.4 MEDIUM
CVE-2009-5134

Buffer overflow in the "create torrent dialog" functionality in uTorrent 1.8.3 build 15772, and possibly other versions before 1.8.3 (Build 16010), allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a text file containing a large string. NOTE: some of these details are obtained from third party information.

Published: January 18, 2013; 6:55:01 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-3129

Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse plugin_dll.dll, userenv.dll, shfolder.dll, dnsapi.dll, dwmapi.dll, iphlpapi.dll, dhcpcsvc.dll, dhcpcsvc6.dll, or rpcrtremote.dll that is located in the same folder as a .torrent or .btsearch file.

Published: August 26, 2010; 2:36:35 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-7166

Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) and earlier, and uTorrent 1.7.6 (build 7859) and earlier, allows remote attackers to cause a denial of service (memory consumption and crash) via a crafted Range header. NOTE: this is probably a different vulnerability than CVE-2008-0071 and CVE-2008-0364.

Published: September 04, 2009; 6:30:01 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-4434

Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.

Published: October 03, 2008; 6:22:45 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-0071

The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) uTorrent before 1.8beta build 10524 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a malformed Range header.

Published: June 16, 2008; 2:41:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2008-0364

Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.

Published: January 18, 2008; 6:00:00 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2007-0927

Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header.

Published: February 14, 2007; 6:28:00 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH