Security Vulnerabilities, CVEs, Published In 2013 (Denial of service)
schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) before 1.11.3 does not properly validate UDP packets before sending responses, which allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged packet that triggers a communication loop, as demonstrated by krb_pingpong.nasl, a related issue to CVE-1999-0103.
Max CVSS
5.0
EPSS Score
95.52%
Published
2013-05-29
Updated
2021-02-02
Integer overflow in the __tzfile_read function in glibc before 2.15 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted timezone (TZ) file, as demonstrated using vsftpd.
Max CVSS
6.8
EPSS Score
0.84%
Published
2013-05-02
Updated
2023-02-13
Buffer overflow in the "create torrent dialog" functionality in uTorrent 1.8.3 build 15772, and possibly other versions before 1.8.3 (Build 16010), allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a text file containing a large string. NOTE: some of these details are obtained from third party information.
Max CVSS
6.8
EPSS Score
12.56%
Published
2013-01-18
Updated
2017-09-19
The policy definition evaluator in Condor before 7.4.2 does not properly handle attributes in a WANT_SUSPEND policy that evaluate to an UNDEFINED state, which allows remote authenticated users to cause a denial of service (condor_startd exit) via a crafted job.
Max CVSS
4.0
EPSS Score
0.34%
Published
2013-10-11
Updated
2021-07-15
Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.
Max CVSS
6.8
EPSS Score
42.55%
Published
2013-10-28
Updated
2013-10-29
ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows remote attackers to cause a denial of service (unresponsive IRC) via multiple Client-To-Client Protocol (CTCP) requests in a PRIVMSG message.
Max CVSS
5.0
EPSS Score
3.16%
Published
2013-11-23
Updated
2023-02-13
The default configuration of OpenSSH through 6.1 enforces a fixed time limit between establishing a TCP connection and completing a login, which makes it easier for remote attackers to cause a denial of service (connection-slot exhaustion) by periodically making many new TCP connections.
Max CVSS
5.0
EPSS Score
7.87%
Published
2013-03-07
Updated
2017-09-19
Buffer overflow in the lsConnectionCached function in editcp in EDItran Communications Platform 4.1 R7 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted packet to TCP port 7777.
Max CVSS
7.5
EPSS Score
0.54%
Published
2013-06-28
Updated
2013-07-01
Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in the first argument.
Max CVSS
7.5
EPSS Score
2.43%
Published
2013-08-25
Updated
2013-08-27
Multiple stack-based buffer overflows in the iriap_getvaluebyclass_indication function in net/irda/iriap.c in the Linux kernel before 2.6.39 allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging connectivity to an IrDA infrared network and sending a large integer value for a (1) name length or (2) attribute length.
Max CVSS
9.8
EPSS Score
0.35%
Published
2013-06-08
Updated
2020-07-27
wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564.
Max CVSS
5.0
EPSS Score
1.10%
Published
2013-07-29
Updated
2019-10-09
The IPv6 implementation in the kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (CPU consumption) via crafted ICMPv6 packets.
Max CVSS
6.1
EPSS Score
3.09%
Published
2013-09-19
Updated
2017-08-29
The Linux kernel before 2.6.39 does not properly create transparent huge pages in response to a MAP_PRIVATE mmap system call on /dev/zero, which allows local users to cause a denial of service (system crash) via a crafted application.
Max CVSS
5.5
EPSS Score
0.04%
Published
2013-03-01
Updated
2023-02-13
A certain Red Hat patch to the sctp_sock_migrate function in net/sctp/socket.c in the Linux kernel before 2.6.21, as used in Red Hat Enterprise Linux (RHEL) 5, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted SCTP packet.
Max CVSS
7.8
EPSS Score
1.13%
Published
2013-06-08
Updated
2023-02-13
The Network Lock Manager (NLM) protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service (system hang) via a LOCK_UN flock system call.
Max CVSS
4.9
EPSS Score
0.04%
Published
2013-03-01
Updated
2023-02-13
Xen in the Linux kernel, when running a guest on a host without hardware assisted paging (HAP), allows guest users to cause a denial of service (invalid pointer dereference and hypervisor crash) via the SAHF instruction.
Max CVSS
5.5
EPSS Score
0.06%
Published
2013-12-27
Updated
2020-12-08
The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red Hat Enterprise Linux (RHEL) 6 does not properly handle NMIs, which might allow local users to cause a denial of service (excessive log messages) via unspecified vectors.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-06-08
Updated
2023-02-13
Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows local 64 bit PV guest administrators to cause a denial of service (host crash) via unspecified hypercalls that ignore virtual-address bits.
Max CVSS
5.5
EPSS Score
0.06%
Published
2013-10-01
Updated
2023-02-13
A certain Red Hat patch to the __br_deliver function in net/bridge/br_forward.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging connectivity to a network interface that uses an Ethernet bridge device.
Max CVSS
6.8
EPSS Score
0.48%
Published
2013-06-08
Updated
2023-02-13
A certain Red Hat patch to the be2net implementation in the kernel package before 2.6.32-218.el6 on Red Hat Enterprise Linux (RHEL) 6, when promiscuous mode is enabled, allows remote attackers to cause a denial of service (system crash) via non-member VLAN packets.
Max CVSS
4.6
EPSS Score
0.26%
Published
2013-06-08
Updated
2023-02-13
A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames.
Max CVSS
5.7
EPSS Score
0.46%
Published
2013-06-08
Updated
2023-02-13
The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 3.0 does not properly handle invalid parameters, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact by writing to a /proc/#####/attr/current file.
Max CVSS
4.6
EPSS Score
0.04%
Published
2013-06-08
Updated
2023-02-13
fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a modified extent as dirty in certain cases of extent splitting, which allows local users to cause a denial of service (system crash) via vectors involving ext4 umount and mount operations.
Max CVSS
4.0
EPSS Score
0.04%
Published
2013-03-01
Updated
2023-02-13
The br_parse_ip_options function in net/bridge/br_netfilter.c in the Linux kernel before 2.6.39 does not properly initialize a certain data structure, which allows remote attackers to cause a denial of service by leveraging connectivity to a network interface that uses an Ethernet bridge device.
Max CVSS
7.5
EPSS Score
0.52%
Published
2013-06-08
Updated
2020-07-27
The fallocate implementation in the GFS2 filesystem in the Linux kernel before 3.2 relies on the page cache, which might allow local users to cause a denial of service by preallocating blocks in certain situations involving insufficient memory.
Max CVSS
1.9
EPSS Score
0.04%
Published
2013-06-08
Updated
2013-06-10