Search CVE reports


Toggle filters

1 – 3 of 3 results


CVE-2009-2473

Unknown priority
Not affected

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML...

3 affected packages

neon, neon26, neon27

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
neon
neon26
neon27
Show less packages

CVE-2009-2474

Medium priority

Some fixes available 4 of 9

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof...

3 affected packages

neon, neon26, neon27

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
neon
neon26
neon27
Show less packages

CVE-2008-3746

Low priority
Fixed

neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.

1 affected package

neon27

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
neon27
Show less packages