CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

RedhatCVE•added 2025/05/23 1:10 a.m.•3 views

CVE-2022-36007

Venice is a Clojure inspired sandboxed Lisp dialect with excellent Java interoperability. A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the lo...

6.1CVSS6.4AI score0.00137EPSS

Exploits1

SUSE CVE•added 2023/02/15 6:3 a.m.•1 views

SUSE CVE-2009-2841

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attacke...

5CVSS6.5AI score0.03879EPSS

Exploits2References4

Github Security Blog•added 2022/08/18 7:7 p.m.•34 views

Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource`

Impact A partial path traversal issue exists within the functions load-file and load-resource. These functions can be limited to load files from a list of load paths. Assuming Venice has been configured with the load paths: "/Users/foo/resources" When passing relative paths to these two vulnerabl...

6.1CVSS4.4AI score0.00137EPSS

Exploits1References6Affected Software1

CVE•added 2022/08/14 12:25 a.m.•88 views

CVE-2022-36007

Venice (com.github.jlangch:venice) contains a Partial Path Traversal flaw in the load-file and load-resource functions. When given absolute paths whose name prefix matches a configured load path (e.g., "/Users/foo/resources"), an attacker can access files outside the intended directory (e.g., "/U...

6.1CVSS4.2AI score0.00137EPSS

Exploits1References4Affected Software1