| Hostnames |
gms.hulpdienstenzuid.nl mail.hulpdienstenzuid.nl ip85-215-43-82.pbiaas.com |
| Domains | hulpdienstenzuid.nl pbiaas.com |
| Country | Germany |
| City | Roßdorf |
| Organization | STRATO AG for IONOS SE |
| ISP | IONOS SE |
| ASN | AS8560 |
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
| CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. |
| CVE-2023-3824 | In PHP version 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. |
| CVE-2023-3823 | In PHP versions 8.0.* before 8.0.30, 8.1.* before 8.1.22, and 8.2.* before 8.2.8 various XML functions rely on libxml global state to track configuration variables, like whether external entities are loaded. This state is assumed to be unchanged unless the user explicitly changes it by calling appropriate function. However, since the state is process-global, other modules - such as ImageMagick - may also use this library within the same process, and change that global state for their internal purposes, and leave it in a state where external entities loading is enabled. This can lead to the situation where external XML is parsed with external entities loaded, which can lead to disclosure of any local files accessible to PHP. This vulnerable state may persist in the same process across many requests, until the process is shut down. |
| CVE-2023-3247 | In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. |
| CVE-2021-3618 | 5.8ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer. |
| CVE-2021-23017 | 6.8A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact. |
| CVE-2020-23064 | Cross Site Scripting vulnerability in jQuery 2.2.0 through 3.x before 3.5.0 allows a remote attacker to execute arbitrary code via the <options> element. |
| CVE-2020-11023 | 4.3In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
| CVE-2020-11022 | 4.3In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. |
| CVE-2019-8331 | 4.3In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. |
| CVE-2019-11358 | 4.3jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype. |
| CVE-2018-20677 | 4.3In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. |
| CVE-2018-20676 | 4.3In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. |
| CVE-2018-14042 | 4.3In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. |
| CVE-2018-14040 | 4.3In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. |
| CVE-2016-10735 | 4.3In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. |
| CVE-2013-2220 | 7.5Buffer overflow in the radius_get_vendor_attr function in the Radius extension before 1.2.7 for PHP allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large Vendor Specific Attributes (VSA) length value. |
| CVE-2007-3205 | 5.0The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin. |
1719793701 | 2024-04-15T02:24:54.79249222 / tcp
-1101648554 | 2024-04-21T14:45:48.18184125 / tcp
1410093119 | 2024-04-28T06:49:11.67500280 / tcp
-1921434939 | 2024-04-13T06:16:41.729902143 / tcp
-1528960662 | 2024-04-21T21:26:48.706710443 / tcp
245666290 | 2024-04-01T17:07:13.173609587 / tcp
1505986360 | 2024-04-28T17:20:20.951366993 / tcp
