Vendor CVEs
Cloudflare
All CVEs
49 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-1664 | Med | 0.45 | — | 0.00 | Feb 3, 2026 | Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentName and agentId without… | ||
| CVE-2026-1721 | Med | 0.33 | — | 0.00 | Feb 13, 2026 | Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary… | ||
| CVE-2025-8556 | Low | 0.24 | 3.7 | 0.00 | Aug 6, 2025 | A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange. | ||
| CVE-2021-3910 | Med | 0.22 | 4.4 | 0.01 | Nov 11, 2021 | OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). | ||
| CVE-2025-59427 | Low | 0.12 | — | 0.00 | Sep 19, 2025 | The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret… | ||
| CVE-2026-11941 | 0.00 | — | 0.00 | Jun 19, 2026 | Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quiche_connection_id_iter_next” and “quiche_conn_retired_scid_next” functions would return a pointer to a “ConnectionId” to the applications via… | |||
| CVE-2026-1229 | 0.00 | — | 0.00 | Feb 24, 2026 | The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3… | |||
| CVE-2026-0933 | 0.00 | — | 0.01 | Jan 20, 2026 | SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with… | |||
| CVE-2025-13353 | 0.00 | — | 0.00 | Dec 2, 2025 | In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The… | |||
| CVE-2025-7054 | 0.00 | — | 0.00 | Aug 7, 2025 | Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-5… | |||
| CVE-2025-4821 | 0.00 | — | 0.01 | Jun 18, 2025 | Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a… | |||
| CVE-2025-4820 | 0.00 | — | 0.01 | Jun 18, 2025 | Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a… | |||
| CVE-2025-4366 | 0.00 | — | 0.00 | May 22, 2025 | A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: … | |||
| CVE-2025-4144 | 0.00 | — | 0.00 | May 1, 2025 | PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: … | |||
| CVE-2025-4143 | 0.00 | — | 0.00 | May 1, 2025 | The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. Fixed in: … | |||
| CVE-2021-3978 | 0.00 | — | 0.00 | Jan 29, 2025 | When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow… | |||
| CVE-2024-1410 | 0.00 | — | 0.01 | Mar 12, 2024 | Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers (IDs); see RFC 9000 Section 5.1… | |||
| CVE-2024-1765 | 0.00 | — | 0.01 | Mar 12, 2024 | Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly… | |||
| CVE-2023-7080 | 0.00 | — | 0.01 | Dec 29, 2023 | The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and… | |||
| CVE-2023-7079 | 0.00 | — | 0.01 | Dec 29, 2023 | Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also… | |||
| CVE-2023-7078 | 0.00 | — | 0.01 | Dec 29, 2023 | Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the… | |||
| CVE-2023-6193 | 0.00 | — | 0.01 | Dec 12, 2023 | quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by… | |||
| CVE-2023-3747 | 0.00 | — | 0.00 | Sep 7, 2023 | Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker… | |||
| CVE-2023-0654 | 0.00 | — | 0.00 | Aug 29, 2023 | Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing… | |||
| CVE-2023-0238 | 0.00 | — | 0.00 | Aug 29, 2023 | Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app… | |||
| CVE-2023-2754 | 0.00 | — | 0.01 | Aug 3, 2023 | The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign… | |||
| CVE-2023-3766 | 0.00 | — | 0.01 | Aug 3, 2023 | A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this… | |||
| CVE-2023-3348 | 0.00 | — | 0.01 | Aug 3, 2023 | The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim… | |||
| CVE-2023-1862 | 0.00 | — | 0.01 | Jun 20, 2023 | Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands,… | |||
| CVE-2023-3040 | 0.00 | — | 0.01 | Jun 14, 2023 | A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is… | |||
| CVE-2023-3036 | 0.00 | — | 0.02 | Jun 14, 2023 | An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length… | |||
| CVE-2023-2512 | 0.00 | — | 0.01 | May 12, 2023 | Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements. This would… | |||
| CVE-2023-1732 | 0.00 | — | 0.00 | May 10, 2023 | When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and… | |||
| CVE-2023-0652 | 0.00 | — | 0.00 | Apr 6, 2023 | Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM… | |||
| CVE-2023-1412 | 0.00 | — | 0.00 | Apr 5, 2023 | An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic… | |||
| CVE-2022-4457 | 0.00 | — | 0.00 | Jan 11, 2023 | Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when… | |||
| CVE-2014-125026 | 0.00 | — | 0.01 | Dec 27, 2022 | LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. | |||
| CVE-2022-3320 | 0.00 | — | 0.00 | Oct 28, 2022 | It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero… | |||
| CVE-2022-3322 | 0.00 | — | 0.00 | Oct 28, 2022 | Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action. | |||
| CVE-2022-3321 | 0.00 | — | 0.00 | Oct 28, 2022 | It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks"… | |||
| CVE-2022-3616 | 0.00 | — | 0.00 | Oct 28, 2022 | Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya… | |||
| CVE-2022-2529 | 0.00 | — | 0.01 | Sep 30, 2022 | sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service. | |||
| CVE-2021-3912 | 0.00 | — | 0.01 | Nov 11, 2021 | OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash). | |||
| CVE-2021-3911 | 0.00 | — | 0.01 | Nov 11, 2021 | If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. | |||
| CVE-2021-3909 | 0.00 | — | 0.02 | Nov 11, 2021 | OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but… | |||
| CVE-2021-3908 | 0.00 | — | 0.01 | Nov 11, 2021 | OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | |||
| CVE-2021-3907 | 0.00 | — | 0.04 | Nov 11, 2021 | OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution… | |||
| CVE-2021-3761 | 0.00 | — | 0.01 | Sep 9, 2021 | Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launching a… | |||
| CVE-2020-35152 | 0.00 | — | 0.00 | Feb 2, 2021 | Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was… |
- risk 0.45cvss —epss 0.00
Summary An Insecure Direct Object Reference has been found to exist in `createHeaderBasedEmailResolver()` function within the Cloudflare Agents SDK. The issue occurs because the `Message-ID` and `References` headers are parsed to derive the target agentName and agentId without…
- risk 0.33cvss —epss 0.00
Summary A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the AI Playground's OAuth callback handler. The `error_description` query parameter was directly interpolated into an HTML script tag without proper escaping, allowing attackers to execute arbitrary…
- risk 0.24cvss 3.7epss 0.00
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
- risk 0.22cvss 4.4epss 0.01
OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character).
- risk 0.12cvss —epss 0.00
The Cloudflare Vite plugin enables a full-featured integration between Vite and the Workers runtime. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain secret…
- CVE-2026-11941Jun 19, 2026risk 0.00cvss —epss 0.00
Cloudflare Quiche was affected by 2 use-after-free vulnerabilities in the connection ID iterator FFI functions. The “quiche_connection_id_iter_next” and “quiche_conn_retired_scid_next” functions would return a pointer to a “ConnectionId” to the applications via…
- CVE-2026-1229Feb 24, 2026risk 0.00cvss —epss 0.00
The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected. The bug was fixed in v1.6.3…
- CVE-2026-0933Jan 20, 2026risk 0.00cvss —epss 0.01
SummaryA command injection vulnerability (CWE-78) has been found to exist in the `wrangler pages deploy` command. The issue occurs because the `--commit-hash` parameter is passed directly to a shell command without proper validation or sanitization, allowing an attacker with…
- CVE-2025-13353Dec 2, 2025risk 0.00cvss —epss 0.00
In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed. This issue has been fixed in gokey version 0.2.0. This is a breaking change. The…
- CVE-2025-7054Aug 7, 2025risk 0.00cvss —epss 0.00
Cloudflare quiche was discovered to be vulnerable to an infinite loop when sending packets containing RETIRE_CONNECTION_ID frames. QUIC connections possess a set of connection identifiers (IDs); see Section 5.1 of RFC 9000 https://datatracker.ietf.org/doc/html/rfc9000#section-5…
- CVE-2025-4821Jun 18, 2025risk 0.00cvss —epss 0.01
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a…
- CVE-2025-4820Jun 18, 2025risk 0.00cvss —epss 0.01
Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a…
- CVE-2025-4366May 22, 2025risk 0.00cvss —epss 0.00
A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache poisoning. Fixed in: …
- CVE-2025-4144May 1, 2025risk 0.00cvss —epss 0.00
PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . However, it was found that an attacker could cause the check to be skipped. Fixed in: …
- CVE-2025-4143May 1, 2025risk 0.00cvss —epss 0.00
The OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp , did not correctly validate that redirect_uri was on the allowed list of redirect URIs for the given client registration. Fixed in: …
- CVE-2021-3978Jan 29, 2025risk 0.00cvss —epss 0.00
When copying files with rsync, octorpki uses the "-a" flag 0, which forces rsync to copy binaries with the suid bit set as root. Since the provided service definition defaults to root ( https://github.com/cloudflare/cfrpki/blob/master/package/octorpki.service ) this could allow…
- CVE-2024-1410Mar 12, 2024risk 0.00cvss —epss 0.01
Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers (IDs); see RFC 9000 Section 5.1…
- CVE-2024-1765Mar 12, 2024risk 0.00cvss —epss 0.01
Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly…
- CVE-2023-7080Dec 29, 2023risk 0.00cvss —epss 0.01
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and…
- CVE-2023-7079Dec 29, 2023risk 0.00cvss —epss 0.01
Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. An attacker that could trick any user on the local network into opening a malicious website could also…
- CVE-2023-7078Dec 29, 2023risk 0.00cvss —epss 0.01
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the…
- CVE-2023-6193Dec 12, 2023risk 0.00cvss —epss 0.01
quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by…
- CVE-2023-3747Sep 7, 2023risk 0.00cvss —epss 0.00
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker…
- CVE-2023-0654Aug 29, 2023risk 0.00cvss —epss 0.00
Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing…
- CVE-2023-0238Aug 29, 2023risk 0.00cvss —epss 0.00
Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app…
- CVE-2023-2754Aug 3, 2023risk 0.00cvss —epss 0.01
The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign…
- CVE-2023-3766Aug 3, 2023risk 0.00cvss —epss 0.01
A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this…
- CVE-2023-3348Aug 3, 2023risk 0.00cvss —epss 0.01
The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim…
- CVE-2023-1862Jun 20, 2023risk 0.00cvss —epss 0.01
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands,…
- CVE-2023-3040Jun 14, 2023risk 0.00cvss —epss 0.01
A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is…
- CVE-2023-3036Jun 14, 2023risk 0.00cvss —epss 0.02
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length…
- CVE-2023-2512May 12, 2023risk 0.00cvss —epss 0.01
Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements. This would…
- CVE-2023-1732May 10, 2023risk 0.00cvss —epss 0.00
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and…
- CVE-2023-0652Apr 6, 2023risk 0.00cvss —epss 0.00
Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM…
- CVE-2023-1412Apr 5, 2023risk 0.00cvss —epss 0.00
An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic…
- CVE-2022-4457Jan 11, 2023risk 0.00cvss —epss 0.00
Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. An attacker could create a malicious mobile application which could hijack legitimate app and steal potentially sensitive information when…
- CVE-2014-125026Dec 27, 2022risk 0.00cvss —epss 0.01
LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.
- CVE-2022-3320Oct 28, 2022risk 0.00cvss —epss 0.00
It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. Using this command with an unreachable endpoint caused the WARP Client to disconnect and allowed bypassing administrative restrictions on a Zero…
- CVE-2022-3322Oct 28, 2022risk 0.00cvss —epss 0.00
Lock Warp switch is a feature of Zero Trust platform which, when enabled, prevents users of enrolled devices from disabling WARP client. Due to insufficient policy verification by WARP iOS client, this feature could be bypassed by using the "Disable WARP" quick action.
- CVE-2022-3321Oct 28, 2022risk 0.00cvss —epss 0.00
It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks"…
- CVE-2022-3616Oct 28, 2022risk 0.00cvss —epss 0.00
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. In consequence it would cause the program to crash, preventing it from finishing the validation and leading to a denial of service. Credits to Donika Mirdita and Haya…
- CVE-2022-2529Sep 30, 2022risk 0.00cvss —epss 0.01
sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.
- CVE-2021-3912Nov 11, 2021risk 0.00cvss —epss 0.01
OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash).
- CVE-2021-3911Nov 11, 2021risk 0.00cvss —epss 0.01
If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash.
- CVE-2021-3909Nov 11, 2021risk 0.00cvss —epss 0.02
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. Specifically, the repository that OctoRPKI sends HTTP requests to will keep the connection open for a day before a response is returned, but…
- CVE-2021-3908Nov 11, 2021risk 0.00cvss —epss 0.01
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.
- CVE-2021-3907Nov 11, 2021risk 0.00cvss —epss 0.04
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution…
- CVE-2021-3761Sep 9, 2021risk 0.00cvss —epss 0.01
Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. An attacker can use this to disable RPKI Origin Validation in a victim network (for example AS 13335 - Cloudflare) prior to launching a…
- CVE-2020-35152Feb 2, 2021risk 0.00cvss —epss 0.00
Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was…