Vulnerabilities > Cloudflare > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2024-0212 | Unspecified vulnerability in Cloudflare The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. | 6.5 |
| 2024-01-04 | CVE-2023-6992 | Out-of-bounds Write vulnerability in Cloudflare Zlib Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation (deflate.c). | 5.5 |
| 2023-12-29 | CVE-2023-7079 | Improper Authentication vulnerability in Cloudflare Wrangler Sending specially crafted HTTP requests and inspector messages to Wrangler's dev server could result in any file on the user's computer being accessible over the local network. | 5.7 |
| 2023-12-12 | CVE-2023-6193 | Resource Exhaustion vulnerability in Cloudflare Quiche quiche v. | 5.3 |
| 2023-12-05 | CVE-2023-6180 | Memory Leak vulnerability in Cloudflare Boring 4.0.0 The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. | 5.3 |
| 2023-09-07 | CVE-2023-3747 | Reliance on Cookies without Validation and Integrity Checking vulnerability in Cloudflare Warp 6.29 Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. | 5.5 |
| 2023-08-29 | CVE-2023-0238 | Unspecified vulnerability in Cloudflare Warp Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app. | 5.5 |
| 2023-08-03 | CVE-2023-2754 | Cleartext Transmission of Sensitive Information vulnerability in Cloudflare Warp The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. | 6.8 |
| 2023-08-03 | CVE-2023-3348 | Path Traversal vulnerability in Cloudflare Wrangler The Wrangler command line tool (<[email protected] or <[email protected]) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). | 5.7 |
| 2023-08-03 | CVE-2023-3766 | Classic Buffer Overflow vulnerability in Cloudflare Odoh-Rs A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. | 5.9 |