Vulnerabilities > Cloudflare
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-28 | CVE-2022-3337 | Missing Authorization vulnerability in Cloudflare Warp Mobile Client It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. | 8.5 |
| 2022-10-28 | CVE-2022-3512 | Unspecified vulnerability in Cloudflare Warp Using warp-cli command "add-trusted-ssid", a user was able to disconnect WARP client and bypass the "Lock WARP switch" feature resulting in Zero Trust policies not being enforced on an affected endpoint. | 8.8 |
| 2022-10-28 | CVE-2022-3616 | Excessive Iteration vulnerability in Cloudflare Octorpki Attackers can create long chains of CAs that would lead to OctoRPKI exceeding its max iterations parameter. | 7.5 |
| 2022-09-30 | CVE-2022-2529 | Resource Exhaustion vulnerability in Cloudflare Goflow sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. | 7.5 |
| 2022-07-26 | CVE-2022-2225 | Unspecified vulnerability in Cloudflare Warp By using warp-cli subcommands (disable-ethernet, disable-wifi), it was possible for a user without admin privileges to bypass configured Zero Trust security policies (e.g. | 7.8 |
| 2022-06-28 | CVE-2022-2145 | Link Following vulnerability in Cloudflare Warp Cloudflare WARP client for Windows (up to v. | 7.8 |
| 2022-06-23 | CVE-2022-2147 | Unquoted Search Path or Element vulnerability in Cloudflare Warp 2022.2.247.0/2022.2.95.0/2022.3.63.0 Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. | 7.8 |
| 2021-11-11 | CVE-2021-3907 | Path Traversal vulnerability in multiple products OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. | 9.8 |
| 2021-11-11 | CVE-2021-3908 | Infinite Loop vulnerability in multiple products OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | 7.5 |
| 2021-11-11 | CVE-2021-3909 | Resource Exhaustion vulnerability in multiple products OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. | 7.5 |