EUVD-2023-31250

Malicious code in bioql PyPI...

Gopherus

This tool is called Gopherus and it generates gopher links for exploiting Server-Side Request Forgery SSRF and gaining Remote Code Execution RCE in various servers. The tool can be used to exploit vulnerabilities in MySQL, PostgreSQL, FastCGI, Memcached, Redis, Zabbix, and SMTP servers. The tool...

CBL Mariner 2.0 Security Update: libmemcached-awesome (CVE-2023-27478)

The version of libmemcached-awesome installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27478 advisory. - libmemcached-awesome is an open source C/C++ client library and tools for the memcached server...

BIT-LIBMEMCACHED-2023-27478 Disclosure of unrelated data in libmemcached-awesome

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. libmemcached could return data for a previously requested key, if that previous request timed out due to a low POLLTIMEOUT. This issue has been addressed in version 1.1.4. Users are advised to upgrade...

Buffer Overflows

libmemcached.so is vulnerable to Buffer Overflows. An attacker could exploit this vulnerability by tricking a user into visiting a malicious website or opening a malicious file. The website or file would contain a specially crafted multiget request that would be forwarded to a vulnerable Memcache...

Denial Of Service (DoS)

libmemcached.so is vulnerable to Denial of Service DoS attacks. An attacker is able to exploit this vulnerability by sending a specially crafted UDP packet to the memcached server, which could cause the server to crash...

[SECURITY] Fedora 37 Update: libmemcached-awesome-1.1.4-1.fc37

libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...

Fedora: Security Advisory for libmemcached-awesome (FEDORA-2023-7da1639d3f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 37 : libmemcached-awesome (2023-c9bbaadcbf)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-c9bbaadcbf advisory. Version 1.1.4 - released 2022-03-06 Fix gh 107: macOS: deprecated sasl API improve detection of libsasl2. Fix gh 131: Consider renaming tools add CLIENTPREFI...

Fedora: Security Advisory for libmemcached-awesome (FEDORA-2023-fd848970c4)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: libmemcached-awesome-1.1.4-1.fc38

libmemcached-awesome is a C/C++ client library and tools for the memcached server https://memcached.org/. It has been designed to be light on memory usage, and provide full access to server side methods. This is a resurrection of the original work from Brian Aker at libmemcached.o rg...

CVE-2023-27478

libmemcached-awesome is an open source C/C++ client library and tools for the memcached server. libmemcached could return data for a previously requested key, if that previous request timed out due to a low POLLTIMEOUT. This issue has been addressed in version 1.1.4. Users are advised to upgrade...

CVE-2023-27478

The CVE-2023-27478 issue affects the libmemcached-awesome library (C/C++ client for memcached). Affected behavior: libmemcached could return data for a previously requested key when a prior request timed out due to a low POLL_TIMEOUT. Root cause is limited to that timing condition; the advisory n...

SUSE CVE-2018-3062

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Memcached. Supported versions that are affected are 5.6.40 and prior, 5.7.22 and prior and 8.0.11 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via memcached to...

UBUNTU-CVE-2021-2340

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Memcached. Supported versions that are affected are 8.0.25 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful...

Gopherus

This is a Python script for generating gopher links to exploit Server-Side Request Forgery SSRF vulnerabilities in various servers. The script is designed to be used with the Metasploit framework. The script defines several classes for different types of servers, including MySQL, FastCGI,...

Out-of-bounds

The Memcache::getextendedstats function can be used to trigger an out-of-bounds read. Exploiting this issue requires control over memcached server hostnames and/or ports. This affects all supported versions of HHVM 3.30 and 3.27.4 and below...

CVE-2018-6340

The CVE-2018-6340 issue affects Facebook HHVM where the Memcache::getextendedstats function can trigger an out-of-bounds read. The vulnerability requires control over memcached hostnames/ports and impacts all supported HHVM versions up to 3.30 and 3.27.4 and earlier. The root cause is an out-of-b...

memcached: UDP server support allows spoofed traffic amplification DoS

It was discovered that the memcached connections using UDP transport protocol can be abused for efficient traffic amplification distributed denial of service DDoS attacks. A remote attacker could send a malicious UDP request using a spoofed source IP address of a target system to memcached, causi...

UBUNTU-CVE-2018-1000115

Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume Network Amplification, CWE-406 vulnerability in the UDP support of the memcached server that can result in denial of service via network flood traffic amplification of 1:50,000 has been reported by reliable sources...