Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-36621: Offensive Security’s Exploit Database Archive

Sourcecodester Online Covid Vaccination Scheduler System 1.0 is vulnerable to SQL Injection. The username parameter is vulnerable to time-based SQL injection. Upon successful dumping the admin password hash, an attacker can decrypt and obtain the plain-text password. Hence, the attacker could authenticate as Administrator.

CVE

Related news

CVE-2021-44653: Offensive Security’s Exploit Database Archive

Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application.

CVE-2021-44655: Offensive Security’s Exploit Database Archive

Online Pre-owned/Used Car Showroom Management System 1.0 contains a SQL injection authentication bypass vulnerability. Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to get admin access on the application.

CVE-2021-42666: Engineers Online Portal in PHP with Free Source Code | Free Source Code, Projects & Tutorials

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.

CVE-2021-42668: Engineers Online Portal in PHP with Free Source Code | Free Source Code, Projects & Tutorials

A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a remote code execution on the remote web server.

CVE-2021-42667: GitHub - TheHackingRabbi/CVE-2021-42667: CVE-2021-42667 - SQL Injection vulnerability in the Online event booking and reservation system.

A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web server and in some cases he can use this vulnerability in order to get a remote code execution on the remote web server.

CVE-2021-42670: GitHub - TheHackingRabbi/CVE-2021-42670: CVE-2021-42670 - SQL Injection vulnerability in the Engineers online portal system.

A SQL injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to the announcements_student.php web page. As a result a malicious user can extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code execution on the remote web server.

CVE-2021-42671: GitHub - TheHackingRabbi/CVE-2021-42671: CVE-2021-42671 - Broken access control vulnerability in the Engineers online portal system.

An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization.

CVE-2021-1500: Cisco Webex Video Mesh Arbitrary Site Redirection Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the URL parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Attackers may use this type of vulnerability, known as an open redirect attack, as part of a phishing attack to persuade users to unknowingly visit malicious sites.

CVE-2021-40128: Cisco Webex Meetings Email Content Injection Vulnerability

A vulnerability in the account activation feature of Cisco Webex Meetings could allow an unauthenticated, remote attacker to send an account activation email with an activation link that points to an arbitrary domain. This vulnerability is due to insufficient validation of user-supplied parameters. An attacker could exploit this vulnerability by sending a crafted HTTP request to the account activation page of Cisco Webex Meetings. A successful exploit could allow the attacker to send to any recipient an account activation email that contains a tampered activation link, which could direct the user to an attacker-controlled website.

CVE-2021-36184: PSIRT Advisories | FortiGuard

A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.

CVE-2021-36184: FortiGuard

A improper neutralization of Special Elements used in an SQL Command ('SQL Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests.

CVE-2021-36185: PSIRT Advisories | FortiGuard

A improper neutralization of special elements used in an OS command ('OS Command Injection') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests.

CVE-2020-12814: PSIRT Advisories | FortiGuard

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI.

CVE-2021-41746: SQL injection · Issue #1 · purple-WL/Yonyou-TurboCRM-SQL-injection

SQL Injection vulnerability exists in all versions of Yonyou TurboCRM.via the orgcode parameter in changepswd.php. Attackers can use the vulnerabilities to obtain sensitive database information.

CVE-2021-41646: Offensive Security’s Exploit Database Archive

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Online Reviewer System 1.0 by uploading a maliciously crafted PHP file that bypasses the image upload filters..

CVE-2021-41643: Offensive Security’s Exploit Database Archive

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Church Management System 1.0 via the image upload field.

CVE-2021-41645: Offensive Security’s Exploit Database Archive

Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .

CVE-2021-41644: Offensive Security’s Exploit Database Archive

Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.

CVE-2021-37221: Offensive Security’s Exploit Database Archive

A file upload vulnerability exists in Sourcecodester Customer Relationship Management System 1.0 via the account update option & customer create option, which could let a remote malicious user upload an arbitrary php file. .

CVE-2021-25969: WhiteSource Vulnerability Database

In “Camaleon CMS” application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows unprivileged application users to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment.

CVE-2021-25968: Open Source Vulnerability Database | WhiteSource

In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field.

CVE-2021-20806: JVN#52694228: Multiple vulnerabilities in Cybozu Remote Service

Open redirect vulnerability in Cybozu Remote Service 3.0.0 to 3.1.9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

CVE-2021-38179

Debug function of Admin UI of SAP Business One Integration is enabled by default. This allows Admin User to see the captured packet contents which may include User credentials.

CVE-2021-40500

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to exploit missing XML validations at endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can enable the attacker to retrieve arbitrary files from the server.

CVE-2021-40542: Unauthenticated Reflect Cross-site Scripting in Ajax_url_encode.php file · Issue #189 · OS4ED/openSIS-Classic

Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php.

CVE-2021-41920: webTareas 2.4 - Multiple Vulnerabilities

webTareas version 2.4 and earlier allows an unauthenticated user to perform Time and Boolean-based blind SQL Injection on the endpoint /includes/library.php, via the sor_cible, sor_champs, and sor_ordre HTTP POST parameters. This allows an attacker to access all the data in the database and obtain access to the webTareas application.

CVE-2021-3312: Releases · alkacon/opencms-core

An XML external entity (XXE) vulnerability in Alkacon OpenCms 11.0, 11.0.1 and 11.0.2 allows remote authenticated users with edit privileges to exfiltrate files from the server's file system by uploading a crafted SVG document.

CVE-2021-3833: Automatic update & upgrade system - Integria IMS

Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in order to login in the system with different passwords.

CVE-2021-34772: Cisco Orbital Open Redirect Vulnerability

A vulnerability in the web-based management interface of Cisco Orbital could allow an unauthenticated, remote attacker to redirect users to a malicious webpage. This vulnerability is due to improper validation of URL paths in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted URL. A successful exploit could allow the attacker to redirect a user to a malicious website. This vulnerability, known as an open redirect attack, is used in phishing attacks to persuade users to visit malicious sites.

CVE-2021-1534: Cisco Email Security Appliance URL Filtering Bypass Vulnerability

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. This vulnerability is due to improper processing of URLs. An attacker could exploit this vulnerability by crafting a URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for an affected device, which could allow malicious URLs to pass through the device.

CVE-2021-35491: Vulnerability Research & Advisor

A Cross-Site Request Forgery (CSRF) vulnerability in Wowza Streaming Engine through 4.8.11+5 allows a remote attacker to delete a user account via the /enginemanager/server/user/delete.htm userName parameter. The application does not implement a CSRF token for the GET request.

CVE-2020-21387: There is a CSRF vulnerability and XSS vulnerability via admin.php/admin/type/info.html that can get the administrator's privileges · Issue #126 · magicblack/maccms10

A cross-site scripting (XSS) vulnerability in the parameter type_en of Maccms 10 allows attackers to obtain the administrator cookie and escalate privileges via a crafted payload.

CVE-2020-21386: There is a CSRF vulnerability and XSS vulnerability via admin.php/admin/type/info.html that can get the administrator's privileges · Issue #126 · magicblack/maccms10

A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/type/info.html of Maccms 10 allows attackers to gain administrator privileges.

CVE-2021-23858: Multiple vulnerabilities in Rexroth IndraMotion and IndraLogic series

Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, device details are exposed which include the serial number and the firmware version by another unprotected web server resource.

CVE-2021-23855: Multiple vulnerabilities in Rexroth IndraMotion and IndraLogic series

The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using rainbow tables.

CVE-2021-25964: WhiteSource Vulnerability Database

In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered.

CVE-2021-40921: [Security] XSS in _contactform.inc.php · Issue #35 · dmolsen/Detector

Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter.

CVE-2021-40970: [Security] six XSS in templates/installer/step-004.inc.php · Issue #711 · spotweb/spotweb

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter.

CVE-2021-40928: [Security] XSS in index.php of Phlex and FlexTV · Issue #37 · d8ahazard/FlexTV

Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter.

CVE-2021-40968: [Security] six XSS in templates/installer/step-004.inc.php · Issue #711 · spotweb/spotweb

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter.

CVE-2021-40971: [Security] six XSS in templates/installer/step-004.inc.php · Issue #711 · spotweb/spotweb

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter.

CVE-2021-40972: [Security] six XSS in templates/installer/step-004.inc.php · Issue #711 · spotweb/spotweb

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter.

CVE-2021-40969: [Security] six XSS in templates/installer/step-004.inc.php · Issue #711 · spotweb/spotweb

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter.

CVE-2021-41467: [Security] XSS in application/controllers/dropbox.php · Issue #106 · hjue/JustWriting

Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter.

CVE-2021-40927: [Security] XSS in callback.php · Issue #137 · citelao/Spotify-for-Alfred

Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter.

CVE-2021-40973: [Security] six XSS in templates/installer/step-004.inc.php · Issue #711 · spotweb/spotweb

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter.

CVE-2021-24016: PSIRT Advisories | FortiGuard

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in policy name, when exported as excel file and opened unsafely on the victim host.

CVE-2021-41295: TWCERT/CC台灣電腦網路危機處理暨協調中心-ECOA BAS controller - Cross-Site Request Forgery (CSRF)

ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the system.

CVE-2021-41729: Bug Report: Multiple Arbitrary File Deletion vulnerabilities · Issue #3 · meiko-S/BaiCloud-cms

BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an attacker to delete arbitrary files on the server through /user/ppsave.php.

CVE-2021-37104: Security Advisory - Server-Side Request Forgery Vulnerability in Huawei Product

There is a server-side request forgery vulnerability in HUAWEI P40 versions 10.1.0.118(C00E116R3P3). This vulnerability is due to insufficient validation of parameters while dealing with some messages. A successful exploit could allow the attacker to gain access to certain resource which the attacker are supposed not to do.

CVE-2021-34413: Security Bulletin

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context.

CVE-2021-34413: CWE - CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition (4.5)

All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context.

CVE-2021-21742: Security Bulletin Details

There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.

CVE-2021-21742: Security Bulletin Details

There is an information leak vulnerability in the message service app of a ZTE mobile phone. Due to improper parameter settings, attackers could use this vulnerability to obtain some sensitive information of users by accessing specific pages.

CVE-2021-40309: Offensive Security’s Exploit Database Archive

A SQL injection vulnerability exists in the Take Attendance functionality of OS4Ed's OpenSIS 8.0. allows an attacker to inject their own SQL query. The cp_id_miss_attn parameter from TakeAttendance.php is vulnerable to SQL injection. An attacker can make an authenticated HTTP request as a user with access to "Take Attendance" functionality to trigger this vulnerability.

CVE-2021-3824: Access Server Release Notes | OpenVPN

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL.

CVE-2021-1589: Cisco SD-WAN vManage Software Disaster Recovery Feature Password Exposure Vulnerability

A vulnerability in the disaster recovery feature of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain unauthorized access to user credentials. This vulnerability exists because access to API endpoints is not properly restricted. An attacker could exploit this vulnerability by sending a request to an API endpoint. A successful exploit could allow the attacker to gain unauthorized access to administrative credentials that could be used in further attacks.

CVE-2021-39239: Pony Mail!

A vulnerability in XML processing in Apache Jena, in versions up to 4.1.0, may allow an attacker to execute XML External Entities (XXE), including exposing the contents of local files to a remote server.

CVE-2021-33045: Security Advisory - Identity authentication bypass vulnerability found in some Dahua products

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

CVE-2021-33044: Security Advisory - Identity authentication bypass vulnerability found in some Dahua products

The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity authentication by constructing malicious data packets.

CVE-2021-40966: TinyFileManager Vulnerabilities

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server.

CVE-2021-33673:

Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting (XSS) vulnerability when a user browses through the employee directory and to execute arbitrary code on the victim's browser. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands.

CVE-2021-33674:

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary code on the victim's browser.

CVE-2021-33675:

Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability through phishing and to execute arbitrary code on the victim's browser.

CVE-2021-35061: security/CVE-2021-35061.md at main · sthierolf/security

Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components.

CVE-2020-10770: 1846270 – (CVE-2020-10770) CVE-2020-10770 keycloak: Default Client configuration is vulnerable to SSRF using "request_uri" parameter

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

CVE-2020-8169: HackerOne

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

CVE-2019-15974: Cisco Managed Services Accelerator Open Redirect Vulnerability

A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.

CVE-2019-15963: Cisco Unified Communications Manager Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.

CVE-2020-3546: Cisco Email Security Appliance Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to access sensitive information on an affected device. The vulnerability is due to insufficient validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the interface of an affected device. A successful exploit could allow the attacker to obtain the IP addresses that are configured on the internal interfaces of the affected device. There is a workaround that addresses this vulnerability.

CVE-2019-14886: 1771354 – (CVE-2019-14886) CVE-2019-14886 Business-central: Encrypted password shown under Object id 7 of errai_security_context

A vulnerability was found in business-central, as shipped in rhdm-7.5.1 and rhpam-7.5.1, where encoded passwords are stored in errai_security_context. The encoding used for storing the passwords is Base64, not an encryption algorithm, and any recovery of these passwords could lead to user passwords being exposed.

CVE-2019-1954: Cisco Webex Meetings Server Open Redirection Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Meetings Server Software could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.

CVE-2019-3907: [R3] Multiple Premisys Identicard Vulnerabilities - Research Advisory | Tenable®

Premisys Identicard version 3.1.190 stores user credentials and other sensitive information with a known weak encryption method (MD5 hash of a salt and password).

CVE-2014-3704: oss-security - Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability

The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907