Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
bitcoin vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2015-6964
MultiBit HD prior to 0.1.2 allows malicious users to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there...
Multibit Multibit Hd
1 Github repository
6.8
CVSSv3
CVE-2024-0675
Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and ...
Lamassu Douro Firmware 7.1
Lamassu Douro Ii Firmware 7.1
7.8
CVSSv3
CVE-2024-0674
Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the...
Lamassu Douro Firmware 7.1
Lamassu Douro Ii Firmware 7.1
6.5
CVSSv3
CVE-2020-14199
BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows malicious users to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was f...
Satoshilabs Trezor Model T Firmware
Satoshilabs Trezor One Firmware
7.5
CVSSv3
CVE-2018-10831
Z-NOMP prior to 2018-04-05 has an incorrect Equihash solution verifier that allows malicious users to spoof mining shares, as demonstrated by providing a solution with {x1=1,x2=1,x3=1,...,x512=1} to bypass this verifier for any blockheader. This originally affected (for example) ...
Zclassic Z-nomp
7.8
CVSSv3
CVE-2018-6353
The Python console in Electrum up to and including 2.9.4 and 3.x up to and including 3.0.5 supports arbitrary Python code without considering (1) social-engineering attacks in which a user pastes code that they do not understand and (2) code pasted by a physically proximate attac...
Electrum Electrum 3.0.3
Electrum Electrum
Electrum Electrum 3.0.5
Electrum Electrum 3.0.0
Electrum Electrum 3.0.1
Electrum Electrum 3.0.2
NA
CVE-2013-7372
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony up to and including 6.0M3, as used in the Java Cryptography Architecture ...
Google Android 4.0
Apache Harmony
Google Android 4.3
Google Android 4.0.3
Google Android 4.0.1
Google Android 4.2.2
Google Android 4.2.1
Google Android 4.2
Google Android 4.1.2
Google Android 4.1
Google Android
Google Android 4.0.4
Google Android 4.0.2
6.5
CVSSv3
CVE-2022-39389
Lightning Network Daemon (lnd) is an implementation of a lightning bitcoin overlay network node. All lnd nodes before version `v0.15.4` are vulnerable to a block parsing bug that can cause a node to enter a degraded state once encountered. In this degraded state, nodes can contin...
Lightning Network Daemon Project Lightning Network Daemon
Btcd Project Btcd
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4367
CVE-2024-35977
CVE-2023-49335
man-in-the-middle
CVE-2024-4947
CVE-2024-31714
memory leak
SQL
CVE-2024-35994
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7