CVSS: 7.5EPSS: 0%CPEs: 17EXPL: 1CVE-2013-7291 – Gentoo Linux Security Advisory 201406-13
https://notcve.org/view.php?id=CVE-2013-7291
13 Jan 2014 — memcached before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (crash) via a request that triggers an "unbounded key print" during logging, related to an issue that was "quickly grepped out of the source tree," a different vulnerability than CVE-2013-0179 and CVE-2013-7290. memcached anterior a la versión 1.4.17, cuando se ejecuta en modo verboso, permite a atacantes remotos provocar una denegación de servicio (caída) a través de una petición que desencadena una ... • http://www.securityfocus.com/bid/64989 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 13EXPL: 1CVE-2013-0179 – Gentoo Linux Security Advisory 201406-13
https://notcve.org/view.php?id=CVE-2013-0179
13 Jan 2014 — The process_bin_delete function in memcached.c in memcached 1.4.4 and other versions before 1.4.17, when running in verbose mode, allows remote attackers to cause a denial of service (segmentation fault) via a request to delete a key, which does not account for the lack of a null terminator in the key and triggers a buffer over-read when printing to stderr. La función process_bin_delete en memcached.c de memcached 1.4.4 y otras versiones anteriores a 1.4.17, cuando se ejecutan en modo verboso, permite a ata... • http://secunia.com/advisories/56183 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-7239 – Gentoo Linux Security Advisory 201406-13
https://notcve.org/view.php?id=CVE-2013-7239
03 Jan 2014 — memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. memcached anterior 1.4.17 permite a atacantes remotos evadir la autenticación mediante el envío de una petición inválida con credenciales SASL, luego enviar otra petición con credenciales SASL incorrectas. Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use thi... • http://seclists.org/oss-sec/2013/q4/572 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 53%CPEs: 8EXPL: 3CVE-2011-4971 – Memcached Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-4971
22 Nov 2013 — Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet. Múltiples errores de signo de enteros en funciones (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend de Memcached 1.4.5 y anteriores... • https://packetstorm.news/files/id/180545 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 22%CPEs: 21EXPL: 2CVE-2010-1152 – memcached 1.4.2 - Memory Consumption Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-1152
12 Apr 2010 — memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information. memcached.c en memcached anterior a v1.4.3 permite a atacantes remotos provocar una denegación de servicio (fallo o bloqueo del demonio) a través de una línea larga que dispara la asignación de memoria excesiva. NOTA: algunos de estos detalles han sido obtenidos de in... • https://www.exploit-db.com/exploits/33850 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 12%CPEs: 2EXPL: 0CVE-2009-2415 – Gentoo Linux Security Advisory 201406-13
https://notcve.org/view.php?id=CVE-2009-2415
10 Aug 2009 — Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows. Múltiples desbordamientos de entero en memcached v1.1.12 y v1.2.2 permiten a atacantes remotos ejecutar código de su elección a través de vectores de ataque que involucran los atributos de longitud que provocan desbordamientos de búfer basados en memoria dinámica. Multiple integer overflows in memcached 1.1.12 and 1.2.2 al... • http://osvdb.org/56906 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1494 – Mandriva Linux Security Advisory 2009-105
https://notcve.org/view.php?id=CVE-2009-1494
30 Apr 2009 — The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port. La función process_stat en Memcached v1.2.8 divulga las estadísticas de asignación de memoria en respuesta a un comando stats malloc, lo cual permite a atacantes remotos obtener información potencialmente sensible mediante el envío de este comando al puerto TCP del... • http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 15EXPL: 2CVE-2009-1255 – Mandriva Linux Security Advisory 2009-105
https://notcve.org/view.php?id=CVE-2009-1255
28 Apr 2009 — The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port. La función process_stat en (1) Memcached antes de v1.2.8 y (2) MemcacheDB v1.2.0 revela (a) el ... • http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •