VYPR

Neon

by Neon

CVEs (10)

  • CVE-2018-5258MedJan 17, 2018
    risk 0.38cvss 5.9epss 0.01

    The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.

  • CVE-2009-2473Aug 21, 2009
    risk 0.04cvss epss 0.08

    neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity…

  • CVE-2006-4952Sep 23, 2006
    risk 0.04cvss epss 0.08

    The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter.

  • CVE-2004-0179Jun 1, 2004
    risk 0.04cvss epss 0.11

    Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code.

  • CVE-2006-4956Sep 23, 2006
    risk 0.03cvss epss 0.05

    Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field.

  • CVE-2006-4953Sep 23, 2006
    risk 0.03cvss epss 0.04

    Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in…

  • CVE-2009-2474Aug 21, 2009
    risk 0.00cvss epss 0.01

    neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate…

  • CVE-2008-3746Aug 27, 2008
    risk 0.00cvss epss 0.02

    neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function.

  • CVE-2007-0157Jan 9, 2007
    risk 0.00cvss epss 0.02

    Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type…

  • CVE-2004-0398Jul 7, 2004
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.