CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-31876
https://notcve.org/view.php?id=CVE-2021-31876
13 May 2021 — Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence <= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implem... • https://bitcoinops.org/en/newsletters/2021/05/12 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-3401
https://notcve.org/view.php?id=CVE-2021-3401
04 Feb 2021 — Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited." Bitcoin Core versiones anteriores a 0.19.0, podría permitir a atacantes remotos ejecutar código arbitrario cuando otra aplicación pasa de mane... • https://achow101.com/2021/02/0.18-uri-vuln • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •