0.15.0

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-09	CVE-2023-50428	In Bitcoin Core through 26.0 and Bitcoin Knots before 25.1.knots20231115, datacarrier size limits can be bypassed by obfuscating data as code (e.g., with OP_FALSE OP_IF), as exploited in the wild by Inscriptions in 2022 and 2023. network low complexity bitcoin bitcoinknots	5.3
2023-05-22	CVE-2023-33297	Resource Exhaustion vulnerability in Bitcoin Core Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service (e.g., CPU consumption) because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023. network low complexity bitcoin CWE-400	7.5
2021-01-26	CVE-2021-3195	Improper Input Validation vulnerability in Bitcoin Core bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. network low complexity bitcoin CWE-20	7.5
2020-03-12	CVE-2018-20586	Improper Encoding or Escaping of Output vulnerability in Bitcoin Core bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call. network low complexity bitcoin CWE-116	5.3
2020-03-12	CVE-2017-18350	Classic Buffer Overflow vulnerability in Bitcoin Core bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. network high complexity bitcoin CWE-120	5.9
2019-02-11	CVE-2018-20587	Bitcoin Core 0.12.0 through 0.17.1 and Bitcoin Knots 0.12.0 through 0.17.x before 0.17.1.knots20181229 have Incorrect Access Control. local low complexity bitcoinknots bitcoin	5.5
2018-09-19	CVE-2018-17144	Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. network low complexity bitcoinknots bitcoin	7.5