Vulnerabilities > Cloudflare > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-01-11 | CVE-2022-4457 | Unspecified vulnerability in Cloudflare Warp Due to a misconfiguration in the manifest file of the WARP client for Android, it was possible to a perform a task hijacking attack. | 5.5 |
2022-06-23 | CVE-2022-2147 | Unquoted Search Path or Element vulnerability in Cloudflare Warp 2022.2.247.0/2022.2.95.0/2022.3.63.0 Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. | 4.6 |
2021-11-11 | CVE-2021-3908 | Infinite Loop vulnerability in multiple products OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | 5.0 |
2021-11-11 | CVE-2021-3909 | Resource Exhaustion vulnerability in multiple products OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wait forever. | 5.0 |
2021-11-11 | CVE-2021-3910 | Improper Input Validation vulnerability in multiple products OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). | 5.0 |
2021-11-11 | CVE-2021-3911 | Unchecked Return Value vulnerability in multiple products If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. | 4.3 |
2021-11-11 | CVE-2021-3912 | Allocation of Resources Without Limits or Throttling vulnerability in multiple products OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, making it possible to create a repository that makes OctoRPKI run out of memory (and thus crash). | 4.3 |
2021-09-09 | CVE-2021-3761 | Out-of-bounds Write vulnerability in multiple products Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessions to terminate. | 5.0 |
2021-02-03 | CVE-2020-35152 | Unquoted Search Path or Element vulnerability in Cloudflare Warp Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. | 4.6 |
2020-10-02 | CVE-2020-24356 | Improper Privilege Management vulnerability in Cloudflare Cloudflared `cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. | 4.6 |