CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

24 matches found

RedhatCVE•added 2026/01/09 12:33 p.m.•2 views

CVE-2023-31483

tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive...

7.5CVSS6.9AI score0.01399EPSS

Exploits1References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2020-7880

Malware in sbrugna...

7.5CVSS7.5AI score0.00255EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-35788

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.01399EPSS

Exploits1References2

OSV•added 2023/04/28 11:15 p.m.•7 views

CVE-2023-31483

7.5CVSS6.9AI score

Exploits0References2

Prion•added 2023/04/28 11:15 p.m.•9 views

Directory traversal

5CVSS7.4AI score0.01399EPSS

Exploits1References2Affected Software1

Positive Technologies•added 2023/04/28 12:0 a.m.•2 views

PT-2023-23359 · Unknown · Cauldron Cbang

Name of the Vulnerable Software and Affected Versions: Cauldron cbang versions prior to bastet-v8.1.17 Description: The issue allows for directory traversal during extraction, enabling an attacker to create or write to files outside the current directory by using a crafted tar archive. This is du...

7.5CVSS7.4AI score0.01399EPSS

Exploits1References7

CVE•added 2023/04/28 12:0 a.m.•53 views

CVE-2023-31483

Cauldron cbang (Cauldron Development) prior to bastet-v8.1.17 is affected by a directory-traversal vulnerability in tar/TarFileReader.cpp that can cause extraction to write or create files outside the target directory when processing crafted tar archives. The issue is explicitly tied to cbang bef...

7.5CVSS7.4AI score0.01399EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2023/04/28 12:0 a.m.•7 views

CVE-2023-31483

7.4AI score0.01399EPSS

Exploits1References2

Cvelist•added 2023/04/28 12:0 a.m.•10 views

CVE-2023-31483

7.6AI score0.01399EPSS

Exploits1References2

CNNVD•added 2023/04/28 12:0 a.m.•2 views

Cauldron Development cbang 路径遍历漏洞

Cauldron Development cbang is a C++ utility library from Cauldron Development. A security vulnerability exists in Cauldron Development cbang bastet-v8.1.17 and earlier, which stems from the presence of directory traversal. An attacker can exploit this vulnerability to create or write files outsid...

7.5CVSS7.3AI score0.01399EPSS

Exploits1References3

Code423n4•added 2022/07/17 12:0 a.m.•14 views

Vaults are not locked properly

Lines of code Vulnerability details Impact Even though after Auction starts, Vault ownership moves to Witch but still Cauldron Admin can perform operations on this Vault. This includes transferring funds from a Vault which has live Auction ongoing Proof of Concept 1. Auction is started on Vault i...

6.8AI score

Exploits0

Code423n4•added 2022/07/17 12:0 a.m.•8 views

Closing auction return value Of cauldron is not checked

Lines of code Vulnerability details Impact When the auction is ended, cauldron gaves vault id with related parameters. However, the return value is not checked on the cauldron. If the cauldron does not revert, the protocol can delete auction without functionality. Proof of Concept Tools Used Code...

6.9AI score

Exploits0

Code423n4•added 2022/01/31 12:0 a.m.•2 views

ConvexYieldWrapper Does Not Check If A Vault Is Undercollateralised In _getDepositedBalance

Handle leastwood Vulnerability details Impact The ConvexYieldWrapper.sol contract makes use of a user's total collateral held by all their vaults, however, there is no check to ensure the vault is sufficiently collateralised. Hence, it is possible for a user to claim protocol generated yield on a...

6.9AI score

Exploits0

Code423n4•added 2021/06/02 12:0 a.m.•9 views

Potential griefing with DoS by front-running vault creation with same vaultID

Handle 0xRajeev Vulnerability details Impact The vaultID for a new vault being built is required to be specified by the user building a vault via the build function instead of being assigned by the Cauldron/protocol. An attacker can observe a build as part of a batch transaction in the mempool,...

6.7AI score

Exploits0

Code423n4•added 2021/06/02 12:0 a.m.•12 views

Uninitialized or Incorrectly set auctionInterval may lead to liquidation engine livelock

Handle 0xRajeev Vulnerability details Impact The grab function in Cauldron is used by the Witch or other liquidation engines to grab vaults that are under-collateralized. To prevent re-grabbing without sufficient time for auctioning collateral/debt, the logic uses an auctionInterval threshold to...

6.8AI score

Exploits0

Code423n4•added 2021/06/01 12:0 a.m.•6 views

Duplication of Balance

Handle 0xsomeone Vulnerability details Impact It is possible to duplicate currently held ink or art within a Cauldron, thereby breaking the contract's accounting system minting units out of thin air. Proof of Concept The stir function of the Cauldron, which can be invoked via a Ladle operation,...

6.8AI score

Exploits0

OSV•added 2020/07/23 4:15 a.m.•9 views

CVE-2020-15908

tar/TarFileReader.cpp in Cauldron cbang aka C-Bang or C! before 1.6.0 allows Directory Traversal during extraction from a TAR archive...

7.5CVSS6.8AI score

Exploits0References2