Filtered by vendor Cloudflare
Subscriptions
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0238 | 1 Cloudflare | 1 Warp | 2023-09-01 | 5.5 Medium |
| Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app. | ||||
| CVE-2023-3348 | 1 Cloudflare | 1 Wrangler | 2023-08-29 | 5.7 Medium |
| The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. | ||||
| CVE-2023-4241 | 1 Cloudflare | 1 Lol-html | 2023-08-22 | 7.5 High |
| lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. | ||||
| CVE-2023-3766 | 1 Cloudflare | 1 Odoh-rs | 2023-08-10 | 5.9 Medium |
| A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable. | ||||
| CVE-2023-2754 | 1 Cloudflare | 1 Warp | 2023-08-09 | 6.8 Medium |
| The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. | ||||
| CVE-2023-1862 | 1 Cloudflare | 1 Warp | 2023-06-29 | 7.3 High |
| Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials. | ||||
| CVE-2023-3040 | 1 Cloudflare | 1 Lua-resty-json | 2023-06-28 | 7.5 High |
| A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. It is important to note that because this debug function was only used in tests and demos, it was not exploitable in a normal environment. | ||||
| CVE-2023-3036 | 1 Cloudflare | 1 Cfnts | 2023-06-27 | 7.5 High |
| An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents. | ||||
| CVE-2014-125026 | 1 Cloudflare | 1 Golz4 | 2023-06-12 | 9.8 Critical |
| LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input. | ||||
| CVE-2023-2512 | 1 Cloudflare | 1 Workerd | 2023-05-26 | 8.1 High |
| Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. If a FormData instance contained more than 2^31 elements, the forEach() method could end up reading from the wrong location in memory while iterating over elements. This would most likely lead to a segmentation fault, but could theoretically allow arbitrary undefined behavior. In order for the bug to be exploitable, the process would need to be able to allocate 160GB of RAM. Due to this, the bug was never exploitable on the Cloudflare Workers platform, but could theoretically be exploitable on deployments of workerd running on machines with a huge amount of memory. Moreover, in order to be remotely exploited, an attacker would have to upload a single form-encoded HTTP request of at least tens of gigabytes in size. The application code would then have to use request.formData() to parse the request and formData.forEach() to iterate over this data. Due to these limitations, the exploitation likelihood was considered Low. A fix that addresses this vulnerability has been released in version v1.20230419.0 and users are encouraged to update to the latest version available. | ||||
| CVE-2023-1732 | 1 Cloudflare | 1 Circl | 2023-05-17 | 8.2 High |
| When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret. The tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20. | ||||
| CVE-2021-3907 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2023-02-01 | 9.8 Critical |
| OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://example.org/repo/../../etc/cron.daily/evil.roa), which would then be written to disk outside the base cache folder. This could allow for remote code execution on the host machine OctoRPKI is running on. | ||||
| CVE-2022-2529 | 1 Cloudflare | 1 Goflow | 2022-10-04 | 7.5 High |
| sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service. | ||||
| CVE-2021-3912 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2022-08-09 | 6.5 Medium |
| OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash). | ||||
| CVE-2021-3908 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2022-08-09 | 7.5 High |
| OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | ||||
| CVE-2022-2225 | 1 Cloudflare | 1 Warp | 2022-08-01 | 7.8 High |
| By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. Secure Web Gateway policies) and features such as 'Lock WARP switch'. | ||||
| CVE-2022-2145 | 1 Cloudflare | 1 Warp | 2022-07-08 | 7.8 High |
| Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. | ||||
| CVE-2022-2147 | 1 Cloudflare | 1 Warp | 2022-07-01 | 7.8 High |
| Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0. | ||||
| CVE-2021-3911 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2022-04-04 | 6.5 Medium |
| If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. | ||||
| CVE-2021-3910 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2022-04-04 | 7.5 High |
| OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). | ||||