Known Vulnerabilities for products from Cloudflare
Listed below are 9 of the newest known vulnerabilities associated with the vendor "Cloudflare".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-22332 | Not Provided | 2025-01-31 | 2026-04-01 | |
| CVE-2021-3912 | OctoRPKI tries to load the entire contents of a repository in memory, and in the case of a GZIP bomb, unzip it in memory, mak... | 6.5 - MEDIUM | 2021-11-11 | 2022-08-09 |
| CVE-2021-3911 | If the ROA that a repository returns contains too many bits for the IP address then OctoRPKI will crash. | 6.5 - MEDIUM | 2021-11-11 | 2022-04-04 |
| CVE-2021-3910 | OctoRPKI crashes when encountering a repository that returns an invalid ROA (just an encoded NUL (\0) character). | 7.5 - HIGH | 2021-11-11 | 2022-04-04 |
| CVE-2021-3909 | OctoRPKI does not limit the length of a connection, allowing for a slowloris DOS attack to take place which makes OctoRPKI wa... | 7.5 - HIGH | 2021-11-11 | 2022-04-04 |
| CVE-2021-3908 | OctoRPKI does not limit the depth of a certificate chain, allowing for a CA to create children in an ad-hoc fashion, thereby ... | 7.5 - HIGH | 2021-11-11 | 2022-08-09 |
| CVE-2021-3907 | OctoRPKI does not escape a URI with a filename containing "..", this allows a repository to create a file, (ex. rsync://examp... | 9.8 - CRITICAL | 2021-11-11 | 2023-02-01 |
| CVE-2021-3761 | Any CA issuer in the RPKI can trick OctoRPKI prior to 1.3.0 into emitting an invalid VRP "MaxLength" value, causing RTR sessi... | 7.5 - HIGH | 2021-09-09 | 2022-04-04 |
| CVE-2020-35152 | Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running ... | 7.8 - HIGH | 2021-02-03 | 2021-02-05 |
| CVE-2020-24356 | `cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a... | 7.8 - HIGH | 2020-10-02 | 2021-07-21 |
Known software with vulnerabilities from Cloudflare
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Cloudflare | Warp | - |