Vulnerabilities > Cloudflare > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-29 | CVE-2023-7078 | Server-Side Request Forgery (SSRF) vulnerability in Cloudflare Miniflare Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. | 8.1 |
| 2023-12-29 | CVE-2023-7080 | Unspecified vulnerability in Cloudflare Wrangler The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. low complexity cloudflare | 8.0 |
| 2023-08-16 | CVE-2023-4241 | Unspecified vulnerability in Cloudflare Lol-Html lol-html can cause panics on certain HTML inputs. | 7.5 |
| 2023-06-20 | CVE-2023-1862 | Unspecified vulnerability in Cloudflare Warp Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. | 7.3 |
| 2023-06-14 | CVE-2023-3036 | Out-of-bounds Read vulnerability in Cloudflare Cfnts An unchecked read in NTP server in github.com/cloudflare/cfnts prior to commit 783490b https://github.com/cloudflare/cfnts/commit/783490b913f05e508a492cd7b02e3c4ec2297b71 enabled a remote attacker to trigger a panic by sending an NTSAuthenticator packet with extension length longer than the packet contents. | 7.5 |
| 2023-06-14 | CVE-2023-3040 | Out-of-bounds Read vulnerability in Cloudflare Lua-Resty-Json A debug function in the lua-resty-json package, up to commit id 3ef9492bd3a44d9e51301d6adc3cd1789c8f534a (merged in PR #14) contained an out of bounds access bug that could have allowed an attacker to launch a DoS if the function was used to parse untrusted input data. | 7.5 |
| 2023-05-12 | CVE-2023-2512 | Integer Overflow or Wraparound vulnerability in Cloudflare Workerd Prior to version v1.20230419.0, the FormData API implementation was subject to an integer overflow. | 8.1 |
| 2023-05-10 | CVE-2023-1732 | Improper Handling of Exceptional Conditions vulnerability in Cloudflare Circl When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. | 8.2 |
| 2023-04-06 | CVE-2023-0652 | Link Following vulnerability in Cloudflare Warp Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. | 7.8 |
| 2023-04-05 | CVE-2023-1412 | Link Following vulnerability in Cloudflare Warp An unprivileged (non-admin) user can exploit an Improper Access Control vulnerability in the Cloudflare WARP Client for Windows (<= 2022.12.582.0) to perform privileged operations with SYSTEM context by working with a combination of opportunistic locks (oplock) and symbolic links (which can both be created by an unprivileged user). After installing the Cloudflare WARP Client (admin privileges required), an MSI-Installer is placed under C:\Windows\Installer. | 7.8 |