Search CVE reports
1 – 6 of 6 results
CVE-2009-2473
Unknown priorityneon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML...
3 affected packages
neon, neon26, neon27
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| neon | — | — | — | — | — |
| neon26 | — | — | — | — | — |
| neon27 | — | — | — | — | — |
CVE-2009-2474
Medium prioritySome fixes available 4 of 9
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...
3 affected packages
neon, neon26, neon27
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| neon | — | — | — | — | — |
| neon26 | — | — | — | — | — |
| neon27 | — | — | — | — | — |
CVE-2008-3746
Low priorityneon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.
1 affected packages
neon27
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| neon27 | — | — | — | — | — |
CVE-2007-0157
Unknown prioritySome fixes available 11 of 14
Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters,...
3 affected packages
cadaver, neon, neon26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cadaver | — | — | — | — | — |
| neon | — | — | — | — | — |
| neon26 | — | — | — | — | — |
CVE-2004-0398
Unknown priorityHeap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
4 affected packages
cadaver, neon, neon24, neon26
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| cadaver | — | — | — | — | — |
| neon | — | — | — | — | — |
| neon24 | — | — | — | — | — |
| neon26 | — | — | — | — | — |
CVE-2004-0179
Unknown priorityMultiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.
7 affected packages
bazaar, neon, neon24, neon26, openoffice.org...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| bazaar | — | — | — | — | — |
| neon | — | — | — | — | — |
| neon24 | — | — | — | — | — |
| neon26 | — | — | — | — | — |
| openoffice.org | — | — | — | — | — |
| openoffice.org-l10n | — | — | — | — | — |
| tla | — | — | — | — | — |