Filtered by vendor Cloudflare
Subscribe
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3911 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. | |||||
| CVE-2021-3908 | 2 Cloudflare, Debian | 2 Octorpki, Debian Linux | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby making tree traversal never end. | |||||
| CVE-2020-24356 | 1 Cloudflare | 1 Cloudflared | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| `cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue. | |||||
| CVE-2020-35152 | 1 Cloudflare | 1 Warp | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1. | |||||