Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-2754 | 1 Cloudflare | 1 Warp | 2023-08-09 | N/A | 6.8 MEDIUM |
| The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device. | |||||
| CVE-2022-2145 | 1 Cloudflare | 1 Warp | 2022-07-08 | 7.2 HIGH | 7.8 HIGH |
| Cloudflare WARP client for Windows (up to v. 2022.5.309.0) allowed creation of mount points from its ProgramData folder. During installation of the WARP client, it was possible to escalate privileges and overwrite SYSTEM protected files. | |||||
| CVE-2022-2147 | 1 Cloudflare | 1 Warp | 2022-07-01 | 4.6 MEDIUM | 7.8 HIGH |
| Cloudflare Warp for Windows from version 2022.2.95.0 contained an unquoted service path which enables arbitrary code execution leading to privilege escalation. The fix was released in version 2022.3.186.0. | |||||
| CVE-2020-35152 | 1 Cloudflare | 1 Warp | 2021-02-05 | 4.6 MEDIUM | 7.8 HIGH |
| Cloudflare WARP for Windows allows privilege escalation due to an unquoted service path. A malicious user or process running with non-administrative privileges can become an administrator by abusing the unquoted service path issue. Since version 1.2.2695.1, the vulnerability was fixed by adding quotes around the service's binary path. This issue affects Cloudflare WARP for Windows, versions prior to 1.2.2695.1. | |||||