Vulnerabilities > Cloudflare

DATE CVE VULNERABILITY TITLE RISK
2022-10-28 CVE-2022-3337 Missing Authorization vulnerability in Cloudflare Warp Mobile Client
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch  feature being enabled on Zero Trust Platform.
network
low complexity
cloudflare CWE-862
8.5
2022-10-28 CVE-2022-3512 Unspecified vulnerability in Cloudflare Warp
Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint.
network
low complexity
cloudflare
8.8
2022-10-28 CVE-2022-3616 Excessive Iteration vulnerability in Cloudflare Octorpki
Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter.
network
low complexity
cloudflare CWE-834
7.5
2022-09-30 CVE-2022-2529 Resource Exhaustion vulnerability in Cloudflare Goflow
sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack.
network
low complexity
cloudflare CWE-400
7.5
2022-07-26 CVE-2022-2225 Unspecified vulnerability in Cloudflare Warp
By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g.
local
low complexity
cloudflare
7.8
2022-06-28 CVE-2022-2145 Link Following vulnerability in Cloudflare Warp
Cloudflare WARP client for Windows (up to v.
local
low complexity
cloudflare CWE-59
7.8
2022-06-23 CVE-2022-2147 Unquoted Search Path or Element vulnerability in Cloudflare Warp 2022.2.247.0/2022.2.95.0/2022.3.63.0
Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation.
local
low complexity
cloudflare CWE-428
7.8
2021-11-11 CVE-2021-3907 Path Traversal vulnerability in multiple products
OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex.
network
low complexity
cloudflare debian CWE-22
critical
9.8
2021-11-11 CVE-2021-3908 Infinite Loop vulnerability in multiple products
OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end.
network
low complexity
cloudflare debian CWE-835
7.5
2021-11-11 CVE-2021-3909 Resource Exhaustion vulnerability in multiple products
OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever.
network
low complexity
cloudflare debian CWE-400
7.5