Filtered by vendor Cloudflare
Subscriptions
Total
44 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0654 | 1 Cloudflare | 1 Warp | 2024-08-02 | 3.9 Low |
| Due to a misconfiguration, the WARP Mobile Client (< 6.29) for Android was susceptible to a tapjacking attack. In the event that an attacker built a malicious application and managed to install it on a victim's device, the attacker would be able to trick the user into believing that the app shown on the screen was the WARP client when in reality it was the attacker's app. | ||||
| CVE-2023-0652 | 1 Cloudflare | 1 Warp | 2024-08-02 | 7 High |
| Due to a hardlink created in the ProgramData folder during the repair process of the software, the installer (MSI) of WARP Client for Windows (<= 2022.12.582.0) allowed a malicious attacker to forge the destination of the hardlink and escalate privileges, overwriting SYSTEM protected files. As Cloudflare WARP client for Windows (up to version 2022.5.309.0) allowed creation of mount points from its ProgramData folder, during installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. | ||||
| CVE-2023-0238 | 1 Cloudflare | 1 Warp | 2024-08-02 | 3.9 Low |
| Due to lack of a security policy, the WARP Mobile Client (<=6.29) for Android was susceptible to this vulnerability which allowed a malicious app installed on a victim's device to exploit a peculiarity in an Android function, wherein under certain conditions, the malicious app could dictate the task behaviour of the WARP app. | ||||
| CVE-2024-0212 | 1 Cloudflare | 1 Cloudflare | 2024-08-01 | 8.1 High |
| The Cloudflare Wordpress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API. | ||||