Search CVE reports
1 – 3 of 3 results
CVE-2009-2473
Unknown priorityneon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML...
3 affected packages
neon, neon26, neon27
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
neon | — | — | — | — | — |
neon26 | — | — | — | — | — |
neon27 | — | — | — | — | — |
CVE-2009-2474
Medium prioritySome fixes available 4 of 9
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...
3 affected packages
neon, neon26, neon27
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
neon | — | — | — | — | — |
neon26 | — | — | — | — | — |
neon27 | — | — | — | — | — |
CVE-2008-3746
Low priorityneon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.
1 affected package
neon27
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
neon27 | — | — | — | — | — |