Debian : Security Vulnerabilities, CVEs, Published In November 2013 (Denial of service)
The scan function in ext/date/lib/parse_iso_intervals.c in PHP through 5.5.6 does not properly restrict creation of DateInterval objects, which might allow remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted interval specification.
Max CVSS
5.0
EPSS Score
58.97%
Published
2013-11-28
Updated
2022-10-31
Integer overflow in Google Chrome before 31.0.1650.57 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013.
Max CVSS
9.3
EPSS Score
2.03%
Published
2013-11-18
Updated
2018-12-13
Use-after-free vulnerability in Google Chrome before 31.0.1650.48 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the x-webkit-speech attribute in a text INPUT element.
Max CVSS
7.5
EPSS Score
1.98%
Published
2013-11-13
Updated
2018-10-30
Use-after-free vulnerability in lighttpd before 1.4.33 allows remote attackers to cause a denial of service (segmentation fault and crash) via unspecified vectors that trigger FAMMonitorDirectory failures.
Max CVSS
5.0
EPSS Score
2.89%
Published
2013-11-20
Updated
2021-03-04
Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.
Max CVSS
5.2
EPSS Score
0.06%
Published
2013-11-02
Updated
2018-12-13
The setup_server_realm function in main.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.7, when multiple realms are configured, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted request.
Max CVSS
4.3
EPSS Score
93.63%
Published
2013-11-18
Updated
2021-02-02
6 vulnerabilities found