Neon

This hub aggregates every CVE we track for Neon, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 10 most recently published vulnerabilities affecting Neon.

• CVE-2020-23576Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat tab.5.4Aug 27, 2020
• CVE-2020-13890The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a dashboard.5.4Jun 6, 2020
• CVE-2019-20141An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q parameter.6.1Dec 30, 2019
• CVE-2018-5258The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted certificate.5.9Jan 17, 2018
• CVE-2009-2474neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-t...5.8Aug 21, 2009
• CVE-2009-2473neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption...4.3Aug 21, 2009
• CVE-2008-3746neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and...4.3Aug 27, 2008
• CVE-2007-0157Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via...7.8Jan 9, 2007
• CVE-2004-0398Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute a...7.5May 20, 2004
• CVE-2004-0179Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV serv...6.8Apr 16, 2004