CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28710 – Apache Airflow Spark Provider Arbitrary File Read via JDBC
https://notcve.org/view.php?id=CVE-2023-28710
07 Apr 2023 — Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Spark Provider.This issue affects Apache Airflow Spark Provider: before 4.0.1. • http://www.openwall.com/lists/oss-security/2023/04/07/3 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0CVE-2023-28706 – Apache Airflow Hive Provider Beeline Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-28706
07 Apr 2023 — Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Software Foundation Apache Airflow Hive Provider.This issue affects Apache Airflow Hive Provider: before 6.0.0. • http://www.openwall.com/lists/oss-security/2023/04/07/2 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28707 – Airflow Apache Drill Provider Arbitrary File Read Vulnerability
https://notcve.org/view.php?id=CVE-2023-28707
07 Apr 2023 — Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Drill Provider.This issue affects Apache Airflow Drill Provider: before 2.3.2. • http://www.openwall.com/lists/oss-security/2023/04/07/1 • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25695 – Information disclosure in Apache Airflow
https://notcve.org/view.php?id=CVE-2023-25695
15 Mar 2023 — Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. • https://github.com/apache/airflow/pull/29501 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25956 – Apache Airflow AWS Provider: Arbitrary file read via AWS provider
https://notcve.org/view.php?id=CVE-2023-25956
24 Feb 2023 — Generation of Error Message Containing Sensitive Information vulnerability in the Apache Airflow AWS Provider. This issue affects Apache Airflow AWS Provider versions before 7.2.1. • https://github.com/apache/airflow/pull/29587 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25696 – Apache Airflow Hive Provider Beeline RCE
https://notcve.org/view.php?id=CVE-2023-25696
24 Feb 2023 — Improper Input Validation vulnerability in the Apache Airflow Hive Provider. This issue affects Apache Airflow Hive Provider versions before 5.1.3. • https://github.com/apache/airflow/pull/29502 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25693 – Sqoop Apache Airflow Provider Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2023-25693
24 Feb 2023 — Improper Input Validation vulnerability in the Apache Airflow Sqoop Provider. This issue affects Apache Airflow Sqoop Provider versions before 3.1.1. • https://github.com/apache/airflow/pull/29500 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25692 – Apache Airflow Google Provider: Google Cloud Sql Provider Denial Of Service
https://notcve.org/view.php?id=CVE-2023-25692
24 Feb 2023 — Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. • https://github.com/apache/airflow/pull/29499 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25691 – Apache Airflow Google Provider: Google Cloud Sql Provider Remote Command Execution
https://notcve.org/view.php?id=CVE-2023-25691
24 Feb 2023 — Improper Input Validation vulnerability in the Apache Airflow Google Provider. This issue affects Apache Airflow Google Provider versions before 8.10.0. • https://github.com/apache/airflow/pull/29497 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 63%CPEs: 2EXPL: 1CVE-2023-22884 – Apache Airflow, Apache Airflow MySQL Provider: Arbitrary file read via MySQL provider in Apache Airflow
https://notcve.org/view.php?id=CVE-2023-22884
21 Jan 2023 — Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Provider.This issue affects Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando ("Inyección de comando") en Apache Software Foundation Apache Airflow, Apache Software Foundation Apache Airflow MySQL Prov... • https://github.com/jakabakos/CVE-2023-22884-Airflow-SQLi • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •