CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7078 – Server-Side Request Forgery (SSRF) in Miniflare
https://notcve.org/view.php?id=CVE-2023-7078
29 Dec 2023 — Sending specially crafted HTTP requests to Miniflare's server could result in arbitrary HTTP and WebSocket requests being sent from the server. If Miniflare was configured to listen on external network interfaces (as was the default in wrangler until 3.19.0), an attacker on the local network could access other local servers. El envío de solicitudes HTTP especialmente manipuladas al Miniflare's server podría dar como resultado el envío de solicitudes HTTP y WebSocket arbitrarias desde el servidor. Si Minifla... • https://github.com/cloudflare/workers-sdk/pull/4532 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6193 – Unbounded queuing of path validation messages in cloudflare-quiche
https://notcve.org/view.php?id=CVE-2023-6193
12 Dec 2023 — quiche v. 0.15.0 through 0.19.0 was discovered to be vulnerable to unbounded queuing of path validation messages, which could lead to excessive resource consumption. QUIC path validation (RFC 9000 Section 8.2) requires that the recipient of a PATH_CHALLENGE frame responds by sending a PATH_RESPONSE. An unauthenticated remote attacker can exploit the vulnerability by sending PATH_CHALLENGE frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that PATH_RESPONSE fra... • https://datatracker.ietf.org/doc/html/rfc9000#section-8.2 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-6180 – Resource exhaustion via memory leak in tokio-boring
https://notcve.org/view.php?id=CVE-2023-6180
05 Dec 2023 — The tokio-boring library in version 4.0.0 is affected by a memory leak issue that can lead to excessive resource consumption and potential DoS by resource exhaustion. The set_ex_data function used by the library did not deallocate memory used by pre-existing data in memory each time after completing a TLS connection causing the program to consume more resources with each new connection. La librería tokio-boring en la versión 4.0.0 se ve afectada por un problema de pérdida de memoria que puede provocar un co... • https://github.com/cloudflare/boring/security/advisories/GHSA-pjrj-h4fg-6gm4 • CWE-400: Uncontrolled Resource Consumption CWE-401: Missing Release of Memory after Effective Lifetime CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3747 – Insufficient Validation on Override Codes for Always-Enabled WARP Mode
https://notcve.org/view.php?id=CVE-2023-3747
07 Sep 2023 — Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running. Los Administradores de Zero Trust ... • https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-settings/#retrieve-the-override-code • CWE-565: Reliance on Cookies without Validation and Integrity Checking CWE-602: Client-Side Enforcement of Server-Side Security •
CVSS: 3.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0654 – Spoofing User's Activity Loads in WARP Mobile Client (Android)
https://notcve.org/view.php?id=CVE-2023-0654
29 Aug 2023 — Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app. • https://developers.cloudflare.com/warp-client • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0238 – Injecting Activity Loads in WARP Mobile Client
https://notcve.org/view.php?id=CVE-2023-0238
29 Aug 2023 — Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app. • https://developers.cloudflare.com/warp-client • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4241 – lol-html panics on certain HTML inputs
https://notcve.org/view.php?id=CVE-2023-4241
16 Aug 2023 — lol-html can cause panics on certain HTML inputs. Anyone processing arbitrary 3rd party HTML with the library is affected. • https://github.com/cloudflare/lol-html/security/advisories/GHSA-c3x7-354f-4p2x • CWE-20: Improper Input Validation •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-2754 – Plaintext transmission of DNS requests in Windows 1.1.1.1 WARP client
https://notcve.org/view.php?id=CVE-2023-2754
03 Aug 2023 — The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. • https://developers.cloudflare.com/warp-client • CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3766 – Invalid Slice Split Results in Server Panic
https://notcve.org/view.php?id=CVE-2023-3766
03 Aug 2023 — A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service tempo... • https://github.com/cloudflare/odoh-rs/pull/28 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3348 – Directory traversal vulnerability in Cloudflare Wrangler
https://notcve.org/view.php?id=CVE-2023-3348
03 Aug 2023 — The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server. The Wrangler command line tool (<=wrangler@3.1.0 or <=wrangler@2.20.1) was affected by a directory tra... • https://developers.cloudflare.com/workers/wrangler • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •