Lucene search

K

Neon Security Vulnerabilities

cve
cve

CVE-2023-5817

The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontext_box shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes (color). This makes it possible for authenticated....

5.4CVSS

6.1AI Score

0.001EPSS

2023-10-27 11:15 AM
62
cve
cve

CVE-2020-23576

Laborator Neon dashboard v3 is affected by stored Cross Site Scripting (XSS) via the chat...

5.4CVSS

6.3AI Score

0.001EPSS

2020-08-27 04:15 PM
20
cve
cve

CVE-2020-13890

The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an Add Task Input operation in a...

5.4CVSS

6.2AI Score

0.001EPSS

2020-06-06 09:15 PM
70
cve
cve

CVE-2019-20141

An XSS issue was discovered in the Laborator Neon theme 2.0 for WordPress via the data/autosuggest-remote.php q...

6.1CVSS

6.5AI Score

0.001EPSS

2019-12-30 06:15 PM
71
cve
cve

CVE-2018-5258

The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information via a crafted...

5.9CVSS

6.5AI Score

0.003EPSS

2018-01-17 05:29 PM
18
cve
cve

CVE-2009-2474

neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate...

8.5AI Score

0.003EPSS

2009-08-21 05:30 PM
50
cve
cve

CVE-2009-2473

neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue...

6.8AI Score

0.003EPSS

2009-08-21 05:30 PM
49
cve
cve

CVE-2008-3746

neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain...

6.3AI Score

0.02EPSS

2008-08-27 03:21 PM
26
cve
cve

CVE-2007-0157

Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a buffer under-read due to a type conversion error...

6.8AI Score

0.067EPSS

2007-01-09 09:28 PM
25
cve
cve

CVE-2004-0398

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the...

7.7AI Score

0.019EPSS

2004-07-07 04:00 AM
56
cve
cve

CVE-2004-0179

Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary...

7.1AI Score

0.006EPSS

2004-06-01 04:00 AM
23