CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 1CVE-2009-2473 – Expat 2.0.1 - UTF-8 Character XML Parsing Remote Denial of Service
https://notcve.org/view.php?id=CVE-2009-2473
21 Aug 2009 — neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564. neon, en versiones anteriores a la 0.28.6, cuando se usa expat, no detecta adecuadamente la recursividad en la expansión de una entidad, esto permite a atacantes dependientes del contexto provocar ... • https://www.exploit-db.com/exploits/10206 • CWE-399: Resource Management Errors •
CVSS: 5.9EPSS: 0%CPEs: 8EXPL: 0CVE-2009-2474 – neon: Improper verification of x509v3 certificate with NULL (zero) byte in certain fields
https://notcve.org/view.php?id=CVE-2009-2474
21 Aug 2009 — neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. neon, en versiones anteriores a la 0.28.6, cuando OpenSSL está habilitado, no maneja adecuadamente un caracter '\0' en un nombre de dominio, en el campo Com... • http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html • CWE-326: Inadequate Encryption Strength •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2008-3746
https://notcve.org/view.php?id=CVE-2008-3746
27 Aug 2008 — neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function. neon versiones 0.28.0 hasta 0.28.2, permite a servidores remotos causar una denegación de servicio (desreferencia del puntero NULL y bloqueo de aplicación) por medio de vectores relacionados con la autenticación de Digest, el soporte del parámetro domain de Digest y la función parse_dom... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571 •
CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 0CVE-2004-0398
https://notcve.org/view.php?id=CVE-2004-0398
20 May 2004 — Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client. Desbordamiento de búfer en la función de proceso de de fecha ne_rfc1036_parse de la librería neon (libneon) 0.24.5 y anteriores, usada en cadaver 0.22 permite a servidores WebDAV ejecutar código arbitrario en el cliente. • http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0982.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 8%CPEs: 5EXPL: 1CVE-2004-0179 – Neon WebDAV Client Library 0.2x - Format String
https://notcve.org/view.php?id=CVE-2004-0179
16 Apr 2004 — Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. Multiples vulenerabilidades de cadena de formato en (1) neon 0.24.4 y anteriores, y otros productos que usan neon incluyendo (2) Cadaver, (3) Subversion, o (4) OpenOffice, permite a servidores remotos WebDAV maliciosos ejecutar código arbitrario. • https://www.exploit-db.com/exploits/23999 • CWE-134: Use of Externally-Controlled Format String •