Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

cloudflare — Vulnerabilities & Security Advisories 57

Browse all 57 CVE security advisories affecting cloudflare. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by cloudflare:WARPoctorpkiquicheWARP ClientWranglerhttps://github.com/cloudflare/pingoraCIRCLcloudflaredodoh-rsgokeyworkers-sdkCloudflare-WordPresszlibminiflaretokio-boringlol-htmlcfntslua-resty-jsonworkerdgoflowCloudflare WARP for Windows
CVE IDTitleCVSSSeverityPublished
CVE-2023-3036 Out of Bounds Slice index in cfnts leads to remote panic — cfntsCWE-119 8.6 High2023-06-14
CVE-2023-2512 Buffer under-read in workerd — workerdCWE-125 6.5 Medium2023-05-12
CVE-2023-1732 Improper random reading in CIRCL — CIRCLCWE-20 5.3 Medium2023-05-10
CVE-2023-0652 Local Privilege Escalation in Cloudflare WARP Installer (Windows) — WARPCWE-59 7.0 High2023-04-06
CVE-2023-1412 Local Privilege Escalation Vulnerability in WARP's MSI Installer — WARPCWE-59 7.0 High2023-04-05
CVE-2023-1314 Local Privilege Escalation Vulnerability in cloudflared's Installer — cloudflaredCWE-59 7.5 High2023-03-21
CVE-2022-4428 support_uri validation missing in WARP client for Windows — WARPCWE-20 8.9 High2023-01-11
CVE-2022-4457 WARP client manifest misconfiguration leading to Task Hijacking — WARPCWE-200 5.5 Medium2023-01-11
CVE-2022-3320 Bypassing Cloudflare Zero Trust policies using warp-cli set-custom-endpoint command — WARPCWE-862 6.7 Medium2022-10-28
CVE-2022-3322 Lock WARP switch bypass on WARP mobile client using iOS quick action — WARPCWE-862 6.7 Medium2022-10-28
CVE-2022-3337 Lock WARP switch bypass by removing VPN profile on iOS mobile client — WARPCWE-862 6.7 Medium2022-10-28
CVE-2022-3321 Lock WARP switch feature bypass on WARP mobile client for iOS — WARPCWE-862 6.7 Medium2022-10-28
CVE-2022-3512 Lock WARP switch bypass using warp-cli 'add-trusted-ssid' command — WARPCWE-862 6.7 Medium2022-10-28
CVE-2022-3616 OctoRPKI crash when maximum iterations number is reached — OctoRPKICWE-754 5.4 Medium2022-10-28
CVE-2022-2529 Multiple DoS Attack Vectors in sflow packet handling — goflowCWE-20 7.5 High2022-09-30
CVE-2022-2225 Zero Trust Secure Web Gateway policies bypass using WARP client subcommands — WARPCWE-284 8.1 High2022-07-26
CVE-2022-2145 Cloudlfare WARP Arbitrary File Overwrite — WARPCWE-20 5.8 Medium2022-06-28
CVE-2022-2147 Unquoted Service Path in Cloudflare WARP for Windows — WARPCWE-428 6.5 Medium2022-06-23
CVE-2021-3912 OctoRPKI crashes when processing GZIP bomb returned via malicious repository — octorpkiCWE-400 4.2 Medium2021-11-11
CVE-2021-3911 Misconfigured IP address field in ROA leads to OctoRPKI crash — octorpkiCWE-20 4.2 Medium2021-11-11
CVE-2021-3910 NUL character in ROA causes OctoRPKI to crash — octorpkiCWE-20 4.4 Medium2021-11-11
CVE-2021-3909 Infinite open connection causes OctoRPKI to hang forever — octorpkiCWE-400 4.4 Medium2021-11-11
CVE-2021-3908 Infinite certificate chain depth results in OctoRPKI running forever — octorpkiCWE-400 5.9 Medium2021-11-11
CVE-2021-3907 Arbitrary filepath traversal via URI injection — octorpkiCWE-20 7.4 High2021-11-11
CVE-2021-3761 OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values — octorpki 7.5 High2021-09-09
CVE-2020-35152 Privilege escalation through unquoted service binary path on Cloudflare WARP for Windows — Cloudflare WARP for WindowsCWE-428 4.5 Medium2021-02-02
CVE-2020-24356 Local Privilege Escalation in cloudflared — cloudflared 6.4 Medium2020-10-02

This page lists every published CVE security advisory associated with cloudflare. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.