CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 0CVE-2021-3401
https://notcve.org/view.php?id=CVE-2021-3401
04 Feb 2021 — Bitcoin Core before 0.19.0 might allow remote attackers to execute arbitrary code when another application unsafely passes the -platformpluginpath argument to the bitcoin-qt program, as demonstrated by an x-scheme-handler/bitcoin handler for a .desktop file or a web browser. NOTE: the discoverer states "I believe that this vulnerability cannot actually be exploited." Bitcoin Core versiones anteriores a 0.19.0, podría permitir a atacantes remotos ejecutar código arbitrario cuando otra aplicación pasa de mane... • https://achow101.com/2021/02/0.18-uri-vuln • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3195
https://notcve.org/view.php?id=CVE-2021-3195
21 Jan 2021 — bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions ** EN DISPUTA ** bitcoind en Bitcoin Core versiones hasta 0.21.0, puede crear un nuevo archivo en un directorio arbitrario (por ejemplo, fuera del directorio ~/.bitcoin) por medio de una llam... • https://github.com/bitcoin/bitcoin/issues/20866 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-14198 – Gentoo Linux Security Advisory 202009-18
https://notcve.org/view.php?id=CVE-2020-14198
10 Sep 2020 — Bitcoin Core 0.20.0 allows remote denial of service. Bitcoin Core versión 0.20.0, permite una denegación de servicio remota Multiple vulnerabilities have been found in Bitcoin, the worst of which could result in a Denial of Service condition. Versions less than 0.20.1 are affected. • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198 •
CVSS: 7.5EPSS: 1%CPEs: 24EXPL: 1CVE-2018-17145
https://notcve.org/view.php?id=CVE-2018-17145
10 Sep 2020 — Bitcoin Core 0.16.x before 0.16.2 and Bitcoin Knots 0.16.x before 0.16.2 allow remote denial of service via a flood of multiple transaction inv messages with random hashes, aka INVDoS. NOTE: this can also affect other cryptocurrencies, e.g., if they were forked from Bitcoin Core after 2017-11-15. Bitcoin Core versiones 0.16.x anteriores a 0.16.2 y Bitcoin Knots versiones 0.16.x anteriores a 0.16.2, permite la denegación de servicio remota por medio de una avalancha de mensajes inv de transacciones múltiples... • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-17145 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2020-11944
https://notcve.org/view.php?id=CVE-2020-11944
20 Apr 2020 — Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call__ in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception. Abe (también se conoce como bitcoin-abe) versiones hasta la versión 0.7.2 y versión 0.8pre, permite un ataque de tipo XSS en __call__ en el archivo abe.py porque la variable de entorno PATH_INFO se maneja inapropiadamente durante una excepción PageNotFound. • https://geeknik-labs.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2017-12842
https://notcve.org/view.php?id=CVE-2017-12842
16 Mar 2020 — Bitcoin Core before 0.14 allows an attacker to create an ostensibly valid SPV proof for a payment to a victim who uses an SPV wallet, even if that payment did not actually occur. Completing the attack would cost more than a million dollars, and is relevant mainly only in situations where an autonomous system relies solely on an SPV proof for transactions of a greater dollar amount. Bitcoin Core versiones anteriores a 0.14, permite a un atacante crear una prueba SPV ostensiblemente válida para un pago a una ... • https://bitslog.wordpress.com/2018/06/09/leaf-node-weakness-in-bitcoin-merkle-tree-design • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3641
https://notcve.org/view.php?id=CVE-2015-3641
12 Mar 2020 — bitcoind and Bitcoin-Qt prior to 0.10.2 allow attackers to cause a denial of service (disabled functionality such as a client application crash) via an "Easy" attack. bitcoind y Bitcoin-Qt versiones anteriores a 0.10.2, permiten a atacantes causar una denegación de servicio (funcionalidad desactivada tal y como un bloqueo de aplicación cliente) por medio de un ataque "Easy". • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures •
CVSS: 5.3EPSS: 0%CPEs: 51EXPL: 1CVE-2018-20586
https://notcve.org/view.php?id=CVE-2018-20586
12 Mar 2020 — bitcoind and Bitcoin-Qt prior to 0.17.1 allow injection of arbitrary data into the debug log via an RPC call. bitcoind y Bitcoin-Qt versiones anteriores a 0.17.1, permiten una inyección de datos arbitrarios en el registro de depuración por medio de una llamada RPC. • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2018-20586 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18350
https://notcve.org/view.php?id=CVE-2017-18350
12 Mar 2020 — bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name. bitcoind y Bitcoin-Qt versiones anteriores a 0.15.1, presentan un desbordamiento de búfer en la región stack de la memoria si es usado un servidor proxy SOCKS controlado por el atacante. Esto resulta de un error de la propiedad signedness de ent... • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15947 – Gentoo Linux Security Advisory 202009-18
https://notcve.org/view.php?id=CVE-2019-15947
05 Sep 2019 — In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted in memory. Upon a crash, it may dump a core file. If a user were to mishandle a core file, an attacker can reconstruct the user's wallet.dat file, including their private keys, via a grep "6231 0500" command. En Bitcoin Core versión 0.18.0, bitcoin-qt almacena los datos de wallet.dat sin cifrar en la memoria. Ante un bloqueo, puede volcar un archivo core. • https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2019-15947 • CWE-312: Cleartext Storage of Sensitive Information •