CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2013-7239 – Gentoo Linux Security Advisory 201406-13
https://notcve.org/view.php?id=CVE-2013-7239
03 Jan 2014 — memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. memcached anterior 1.4.17 permite a atacantes remotos evadir la autenticación mediante el envío de una petición inválida con credenciales SASL, luego enviar otra petición con credenciales SASL incorrectas. Stefan Bucur discovered that Memcached incorrectly handled certain large body lengths. A remote attacker could use thi... • http://seclists.org/oss-sec/2013/q4/572 • CWE-287: Improper Authentication •
CVSS: 7.5EPSS: 53%CPEs: 8EXPL: 3CVE-2011-4971 – Memcached Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-4971
22 Nov 2013 — Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet. Múltiples errores de signo de enteros en funciones (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend de Memcached 1.4.5 y anteriores... • https://packetstorm.news/files/id/180545 • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 22%CPEs: 21EXPL: 2CVE-2010-1152 – memcached 1.4.2 - Memory Consumption Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-1152
12 Apr 2010 — memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information. memcached.c en memcached anterior a v1.4.3 permite a atacantes remotos provocar una denegación de servicio (fallo o bloqueo del demonio) a través de una línea larga que dispara la asignación de memoria excesiva. NOTA: algunos de estos detalles han sido obtenidos de in... • https://www.exploit-db.com/exploits/33850 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1494
https://notcve.org/view.php?id=CVE-2009-1494
30 Apr 2009 — The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port. La función process_stat en Memcached v1.2.8 divulga las estadísticas de asignación de memoria en respuesta a un comando stats malloc, lo cual permite a atacantes remotos obtener información potencialmente sensible mediante el envío de este comando al puerto TCP del... • http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •