CVSS: 4.8EPSS: 1%CPEs: 17EXPL: 0CVE-2013-7239
https://notcve.org/view.php?id=CVE-2013-7239
memcached before 1.4.17 allows remote attackers to bypass authentication by sending an invalid request with SASL credentials, then sending another request with incorrect SASL credentials. memcached anterior 1.4.17 permite a atacantes remotos evadir la autenticación mediante el envío de una petición inválida con credenciales SASL, luego enviar otra petición con credenciales SASL incorrectas. • http://seclists.org/oss-sec/2013/q4/572 http://secunia.com/advisories/56183 http://www.debian.org/security/2014/dsa-2832 http://www.securityfocus.com/bid/64559 http://www.ubuntu.com/usn/USN-2080-1 https://code.google.com/p/memcached/wiki/ReleaseNotes1417 • CWE-287: Improper Authentication •
CVSS: 5.0EPSS: 7%CPEs: 8EXPL: 2CVE-2011-4971 – Memcached Remote Denial of Service
https://notcve.org/view.php?id=CVE-2011-4971
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet. Múltiples errores de signo de enteros en funciones (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend de Memcached 1.4.5 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída) a través de un gran valor de longitud de cuerpo en un paquete. • http://insecurety.net/?p=872 http://secunia.com/advisories/56183 http://www.debian.org/security/2014/dsa-2832 http://www.mandriva.com/security/advisories?name=MDVSA-2013:280 http://www.securityfocus.com/bid/59567 http://www.ubuntu.com/usn/USN-2080-1 https://code.google.com/p/memcached/issues/detail?id=192 https://puppet.com/security/cve/cve-2011-4971 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 10%CPEs: 21EXPL: 2CVE-2010-1152 – memcached 1.4.2 - Memory Consumption Remote Denial of Service
https://notcve.org/view.php?id=CVE-2010-1152
memcached.c in memcached before 1.4.3 allows remote attackers to cause a denial of service (daemon hang or crash) via a long line that triggers excessive memory allocation. NOTE: some of these details are obtained from third party information. memcached.c en memcached anterior a v1.4.3 permite a atacantes remotos provocar una denegación de servicio (fallo o bloqueo del demonio) a través de una línea larga que dispara la asignación de memoria excesiva. NOTA: algunos de estos detalles han sido obtenidos de información de terceros. • https://www.exploit-db.com/exploits/33850 http://blogs.sun.com/security/entry/input_validation_vulnerability_in_memcached http://code.google.com/p/memcached/issues/detail?id=102 http://github.com/memcached/memcached/commit/75cc83685e103bc8ba380a57468c8f04413033f9 http://github.com/memcached/memcached/commit/d9cd01ede97f4145af9781d448c62a3318952719 http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://marc.info/?l= • CWE-20: Improper Input Validation •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2009-1494
https://notcve.org/view.php?id=CVE-2009-1494
The process_stat function in Memcached 1.2.8 discloses memory-allocation statistics in response to a stats malloc command, which allows remote attackers to obtain potentially sensitive information by sending this command to the daemon's TCP port. La función process_stat en Memcached v1.2.8 divulga las estadísticas de asignación de memoria en respuesta a un comando stats malloc, lo cual permite a atacantes remotos obtener información potencialmente sensible mediante el envío de este comando al puerto TCP del demonio. • http://code.google.com/p/memcachedb/source/browse/trunk/ChangeLog?spec=svn98&r=98 http://code.google.com/p/memcachedb/source/detail?r=98 http://code.google.com/p/memcachedb/source/diff?spec=svn98&r=98&format=side&path=/trunk/memcachedb.c http://groups.google.com/group/memcached/browse_thread/thread/ff96a9b88fb5d40e http://memcached.googlecode.com/files/memcached-1.2.8.tar.gz https://exchange.xforce.ibmcloud.com/vulnerabilities/50444 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •