CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-7239 – Gentoo Linux Security Advisory 201406-13
https://notcve.org/view.php?id=CVE-2013-7239
03 Jan 2014 — memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. memcached anterior 1.4.17 permite a atacantes remotos evadir la autenticación mediante el envío de una petición inválida con credenciales SASL, luego enviar otra petición con credenciales SASL incorrectas. Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use thi... • http://seclists.org/oss-sec/2013/q4/572 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 53%CPEs: 8EXPL: 3CVE-2011-4971 – Memcached Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-4971
22 Nov 2013 — Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet. Múltiples errores de signo de enteros en funciones (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend de Memcached 1.4.5 y anteriores... • https://packetstorm.news/files/id/180545 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 22%CPEs: 21EXPL: 2CVE-2010-1152 – memcached 1.4.2 - Memory Consumption Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-1152
12 Apr 2010 — memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information. memcached.c en memcached anterior a v1.4.3 permite a atacantes remotos provocar una denegación de servicio (fallo o bloqueo del demonio) a través de una línea larga que dispara la asignación de memoria excesiva. NOTA: algunos de estos detalles han sido obtenidos de in... • https://www.exploit-db.com/exploits/33850 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 2%CPEs: 15EXPL: 2CVE-2009-1255 – Mandriva Linux Security Advisory 2009-105
https://notcve.org/view.php?id=CVE-2009-1255
28 Apr 2009 — The process_stat function in (1) Memcached before 1.2.8 and (2) MemcacheDB 1.2.0 discloses (a) the contents of /proc/self/maps in response to a stats maps command and (b) memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain sensitive information such as the locations of memory regions, and defeat ASLR protection, by sending a command to the daemon's TCP port. La función process_stat en (1) Memcached antes de v1.2.8 y (2) MemcacheDB v1.2.0 revela (a) el ... • http://archives.neohapsis.com/archives/fulldisclosure/2009-04/0282.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •