Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 3 of 3 results

CVE-2009-2473

Unknown priority
Not affected

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML...

3 affected packages

neon, neon26, neon27

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
neon
neon26
neon27
Show less packages

CVE-2009-2474

Medium priority

Some fixes available 4 of 9

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...

3 affected packages

neon, neon26, neon27

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
neon
neon26
neon27
Show less packages

CVE-2008-3746

Low priority
Fixed

neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.

1 affected packages

neon27

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
neon27
Show less packages