Vulnerabilities > Cloudflare > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-29 CVE-2023-7078 Server-Side Request Forgery (SSRF) vulnerability in Cloudflare Miniflare
Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server.
low complexity
cloudflare CWE-918
8.1
2023-12-29 CVE-2023-7080 Unspecified vulnerability in Cloudflare Wrangler
The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging.
low complexity
cloudflare
8.0
2023-08-16 CVE-2023-4241 Unspecified vulnerability in Cloudflare Lol-Html
lol-html can cause panics on certain HTML inputs.
network
low complexity
cloudflare
7.5
2023-06-20 CVE-2023-1862 Unspecified vulnerability in Cloudflare Warp
Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe.
network
low complexity
cloudflare
7.3
2023-06-14 CVE-2023-3036 Out-of-bounds Read vulnerability in Cloudflare Cfnts
An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71  enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents.
network
low complexity
cloudflare CWE-125
7.5
2023-06-14 CVE-2023-3040 Out-of-bounds Read vulnerability in Cloudflare Lua-Resty-Json
A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data.
network
low complexity
cloudflare CWE-125
7.5
2023-05-12 CVE-2023-2512 Integer Overflow or Wraparound vulnerability in Cloudflare Workerd
Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow.
network
high complexity
cloudflare CWE-190
8.1
2023-05-10 CVE-2023-1732 Improper Handling of Exceptional Conditions vulnerability in Cloudflare Circl
When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error.
network
low complexity
cloudflare CWE-755
8.2
2023-04-06 CVE-2023-0652 Link Following vulnerability in Cloudflare Warp
Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files.
local
low complexity
cloudflare CWE-59
7.8
2023-04-05 CVE-2023-1412 Link Following vulnerability in Cloudflare Warp
An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer.
local
low complexity
cloudflare CWE-59
7.8