Neon

neon

Vendor: Webdav • 5 CVEs

CVEs (5)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2009-2474 4Apple CanonicalFedoraproject+1 more 4Fedora Mac Os XNeon+1 more Apr 23, 2026 Aug 21, 2009 N/A· v4 N/A· v3 5.8 MEDIUM· v2 neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to...Show more neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.Show less
CVE-2009-2473 1Webdav 1Neon Apr 23, 2026 Aug 21, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML doc...Show more neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.Show less
CVE-2008-3746 1Webdav 1Neon Apr 23, 2026 Aug 27, 2008 N/A· v4 N/A· v3 4.3 MEDIUM· v2 neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain funct...Show more neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.Show less
CVE-2004-0398 2Debian Webdav 3Cadaver Debian LinuxNeon Apr 16, 2026 Jul 7, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the cl...Show more Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.Show less
CVE-2004-0179 2Debian Webdav 2Debian Linux Neon Apr 16, 2026 Jun 1, 2004 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrar...Show more Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.Show less