Vulnerabilities > Cloudflare
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-16 | CVE-2023-4241 | Unspecified vulnerability in Cloudflare Lol-Html lol-html can cause panics on certain HTML inputs. | 7.5 |
| 2023-08-03 | CVE-2023-2754 | Cleartext Transmission of Sensitive Information vulnerability in Cloudflare Warp The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. | 6.8 |
| 2023-08-03 | CVE-2023-3348 | Path Traversal vulnerability in Cloudflare Wrangler The Wrangler command line tool (<[email protected] or <[email protected]) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). | 5.7 |
| 2023-08-03 | CVE-2023-3766 | Classic Buffer Overflow vulnerability in Cloudflare Odoh-Rs A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. | 5.9 |
| 2023-06-20 | CVE-2023-1862 | Unspecified vulnerability in Cloudflare Warp Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. | 7.3 |
| 2023-06-14 | CVE-2023-3036 | Out-of-bounds Read vulnerability in Cloudflare Cfnts An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents. | 7.5 |
| 2023-06-14 | CVE-2023-3040 | Out-of-bounds Read vulnerability in Cloudflare Lua-Resty-Json A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. | 7.5 |
| 2023-05-12 | CVE-2023-2512 | Integer Overflow or Wraparound vulnerability in Cloudflare Workerd Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. | 8.1 |
| 2023-05-10 | CVE-2023-1732 | Improper Handling of Exceptional Conditions vulnerability in Cloudflare Circl When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. | 8.2 |
| 2023-04-06 | CVE-2023-0652 | Link Following vulnerability in Cloudflare Warp Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. | 7.8 |