CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28360
https://notcve.org/view.php?id=CVE-2023-28360
An omission of security-relevant information vulnerability exists in Brave desktop prior to version 1.48.171 when a user was saving a file there was no download safety check dialog presented to the user. • https://hackerone.com/reports/1848062 • CWE-223: Omission of Security-relevant Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-22798
https://notcve.org/view.php?id=CVE-2023-22798
Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as "debouncing" and is intended to remove unnecessary redirects that track users across the web. • https://hackerone.com/reports/1579374 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47932
https://notcve.org/view.php?id=CVE-2022-47932
Brave Browser before 1.43.34 allowed a remote attacker to cause a denial of service via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This vulnerability is caused by an incomplete fix for CVE-2022-47933. Brave Browser anterior a 1.43.34 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) a través de un archivo HTML manipulado que menciona una URL ipfs:// o ipns://. Esta vulnerabilidad se debe a una solución incompleta para CVE-2022-47933. • https://github.com/brave/brave-browser/issues/24093 https://github.com/brave/brave-core/commit/e73309665508c17e48a67e302d3ab02a38d3ef50 https://github.com/brave/brave-core/pull/14211 https://hackerone.com/reports/1636430 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47933
https://notcve.org/view.php?id=CVE-2022-47933
Brave Browser before 1.42.51 allowed a remote attacker to cause a denial of service via a crafted HTML file that references the IPFS scheme. This vulnerability is caused by an uncaught exception in the function ipfs::OnBeforeURLRequest_IPFSRedirectWork() in ipfs_redirect_network_delegate_helper.cc. Brave Browser anterior a 1.42.51 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) a través de un archivo HTML manipulado que hace referencia al esquema IPFS. Esta vulnerabilidad es causada por una excepción no detectada en la función ipfs::OnBeforeURLRequest_IPFSRedirectWork() en ipfs_redirect_network_delegate_helper.cc. • https://github.com/brave/brave-browser/issues/23646 https://github.com/brave/brave-browser/issues/24378 https://github.com/brave/brave-core/commit/7ef8cb2f232abdf59ec9c3c99a086a14b972bc56 https://github.com/brave/brave-core/pull/13989 https://hackerone.com/reports/1610343 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47934
https://notcve.org/view.php?id=CVE-2022-47934
Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934. Brave Browser anterior a 1.43.88 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) en ventanas privadas e invitadas a través de un archivo HTML manipulado que menciona una URL ipfs:// o ipns://. Esto se debe a una solución incompleta para CVE-2022-47932 y CVE-2022-47934. • https://github.com/brave/brave-browser/issues/24211 https://github.com/brave/brave-browser/issues/25106 https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8 https://github.com/brave/brave-core/pull/14313 https://hackerone.com/reports/1646204 •