CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28360
https://notcve.org/view.php?id=CVE-2023-28360
11 May 2023 — An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user. • https://hackerone.com/reports/1848062 • CWE-223: Omission of Security-relevant Information •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47932
https://notcve.org/view.php?id=CVE-2022-47932
24 Dec 2022 — Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933. Brave Browser anterior a 1.43.34 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) a través de un archivo HTML manipulado que menciona una URL ipfs:// o ipns://. Esta vulnerabilidad se debe a una solución incompleta para CVE-2022-47933. • https://github.com/brave/brave-browser/issues/24093 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47933
https://notcve.org/view.php?id=CVE-2022-47933
24 Dec 2022 — Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc. Brave Browser anterior a 1.42.51 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) a través de un archivo HTML manipulado que hace referencia al esquema IPFS. Esta vulnerabilidad es causada ... • https://github.com/brave/brave-browser/issues/23646 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47934
https://notcve.org/view.php?id=CVE-2022-47934
24 Dec 2022 — Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934. Brave Browser anterior a 1.43.88 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) en ventanas privadas e invitadas a través de un archivo HTML manipulado que menciona una URL ipfs:// o ipns://. Esto se debe a una solución incompleta par... • https://github.com/brave/brave-browser/issues/24211 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-30334
https://notcve.org/view.php?id=CVE-2022-30334
07 May 2022 — Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser." Brave versiones anteriores a 1.34, cuando se usa una Ventana Privada con Conectividad Tor, filtra URLs .onion en los enca... • https://github.com/brave/brave-browser/issues/18071 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-22929
https://notcve.org/view.php?id=CVE-2021-22929
31 Aug 2021 — An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log. Se presenta una divulgación de información en Brave Browser Desktop versiones anteriores a 1.28.62, donde se registraban mensajes de advertencia que incluían marcas de tiempo de conexiones a dominios V2 onion en tor.log • https://hackerone.com/reports/1249056 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10798
https://notcve.org/view.php?id=CVE-2018-10798
07 May 2018 — A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of 1 second. Se ha descubierto un problema de bloqueo en Brave en versiones anteriores a la 0.14.0 (por ejemplo, en Linux). La vulnerabilidad está provocada por la gestión incorrecta de código JavaScript que desencadena la recarga de una página continuamente con un intervalo de 1 segundo. • https://hackerone.com/reports/181686 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10799
https://notcve.org/view.php?id=CVE-2018-10799
07 May 2018 — A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). This vulnerability is caused by the mishandling of a long URL formed by window.location+='?\u202a\uFEFF\u202b'; concatenation in a SCRIPT element. Se ha descubierto un problema de bloqueo en Brave en versiones anteriores a la 0.14.0 (por ejemplo, en Linux). La vulnerabilidad está provocada por la gestión incorrecta de una URL larga formada por una concatenación window.location+='? • https://hackerone.com/reports/181558 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8458
https://notcve.org/view.php?id=CVE-2017-8458
03 May 2017 — Brave 0.12.4 has a URI Obfuscation issue in which a string such as https://safe.example.com@unsafe.example.com/ is displayed without a clear UI indication that it is not a resource on the safe.example.com web site. Brave Browser versión 0.12.4 tiene un problema de ofuscación URI en el que una cadena como https://safe.example.com@unsafe.example.com/ es mostrada sin una clara indicación a través de la interfaz de usuario de que no es un recurso del sitio web safe.example. • https://github.com/brave/browser-laptop/issues/4748 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2017-8459
https://notcve.org/view.php?id=CVE-2017-8459
03 May 2017 — Brave 0.12.4 has a Status Bar Obfuscation issue in which a redirection target is shown in a possibly unexpected way. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) the display of web-search results ** EN DISPUTA ** Brave Browser 0.12.4 tiene un problema de ofuscación de barra de estado en el que un destino de redirección es mostrado posiblemente de una manera inesperada. NOTA: terceras partes están debatiendo sobre este problema, ya q... • https://hackerone.com/reports/175701 •