CVE-2021-4249

HIGH Year: 2021
CVSS v3 Score
7.5
High
Weakness Type
CWE-404
View all →

Vulnerability Description

A vulnerability was found in xml-conduit. It has been classified as problematic. Affected is an unknown function of the file xml-conduit/src/Text/XML/Stream/Parse.hs of the component DOCTYPE Entity Expansion Handler. The manipulation leads to infinite loop. It is possible to launch the attack remotely. Upgrading to version 1.9.1.0 is able to address this issue. The name of the patch is 4be1021791dcdee8b164d239433a2043dc0939ea. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216204.

Related Vulnerabilities

CVE-2010-4038

HIGH
CVSS:7.5(High)

The Web Sockets implementation in Google Chrome before 7.0.517.41 does not properly handle a shutdown action, which allows remote attackers to cause a denial of service (application crash) via unspeci...

CWE-4042010

CVE-2012-2805

HIGH
CVSS:7.5(High)

Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to cause a denial of service.

CWE-4042012

CVE-2013-4133

HIGH
CVSS:7.5(High)

kde-workspace before 4.10.5 has a memory leak in plasma desktop

CWE-4042013

CVE-2014-125066

HIGH
CVSS:7.5(High)

A vulnerability was found in emmflo yuko-bot. It has been declared as problematic. This vulnerability affects unknown code. The manipulation of the argument title leads to denial of service. The attac...

CWE-4042014

CVE-2015-10025

HIGH
CVSS:7.5(High)

A vulnerability has been found in luelista miniConf up to 1.7.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file miniConf/MessageView.cs of the com...

CWE-4042015

CVE-2015-10085

HIGH
CVSS:7.5(High)

A vulnerability was found in GoPistolet. It has been declared as problematic. This vulnerability affects unknown code of the component MTA. The manipulation leads to denial of service. Continious deli...

CWE-4042015