Vulnerabilities > Bitcoin
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-05-13 | CVE-2021-31876 | Incorrect Authorization vulnerability in Bitcoin Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. | 6.4 |
| 2021-02-04 | CVE-2021-3401 | Command Injection vulnerability in Bitcoin Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. | 7.5 |
| 2021-01-26 | CVE-2021-3195 | Improper Input Validation vulnerability in Bitcoin Core ** DISPUTED ** bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. | 5.0 |
| 2020-09-10 | CVE-2020-14198 | Unspecified vulnerability in Bitcoin Core 0.20.0 Bitcoin Core 0.20.0 allows remote denial of service. | 5.0 |
| 2020-09-10 | CVE-2018-17145 | Resource Exhaustion vulnerability in multiple products Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. | 5.0 |
| 2020-03-16 | CVE-2017-12842 | Improper Input Validation vulnerability in Bitcoin Core Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. | 5.0 |
| 2020-03-12 | CVE-2018-20586 | Improper Encoding or Escaping of Output vulnerability in Bitcoin Core bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call. | 4.3 |
| 2020-03-12 | CVE-2017-18350 | Classic Buffer Overflow vulnerability in Bitcoin Core bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. | 4.3 |
| 2020-03-12 | CVE-2015-3641 | Unspecified vulnerability in Bitcoin Core bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack. | 5.0 |
| 2019-09-05 | CVE-2019-15947 | Cleartext Storage of Sensitive Information vulnerability in Bitcoin Core 0.18.0 In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. | 5.0 |