CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47934
https://notcve.org/view.php?id=CVE-2022-47934
24 Dec 2022 — Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934. Brave Browser anterior a 1.43.88 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) en ventanas privadas e invitadas a través de un archivo HTML manipulado que menciona una URL ipfs:// o ipns://. Esto se debe a una solución incompleta par... • https://github.com/brave/brave-browser/issues/24211 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-30334
https://notcve.org/view.php?id=CVE-2022-30334
07 May 2022 — Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser." Brave versiones anteriores a 1.34, cuando se usa una Ventana Privada con Conectividad Tor, filtra URLs .onion en los enca... • https://github.com/brave/brave-browser/issues/18071 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45884
https://notcve.org/view.php?id=CVE-2021-45884
27 Dec 2021 — In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916. En Brave Desktop versiones 1.17 hasta 1.33 anteriores a 1.33.106, cuando es habilitado el bloqueo de anuncios basado en CNAME y una extensión... • https://github.com/brave/brave-browser/issues/19070 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-22929
https://notcve.org/view.php?id=CVE-2021-22929
31 Aug 2021 — An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log. Se presenta una divulgación de información en Brave Browser Desktop versiones anteriores a 1.28.62, donde se registraban mensajes de advertencia que incluían marcas de tiempo de conexiones a dominios V2 onion en tor.log • https://hackerone.com/reports/1249056 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22917
https://notcve.org/view.php?id=CVE-2021-22917
12 Jul 2021 — Brave Browser Desktop between versions 1.17 and 1.20 is vulnerable to information disclosure by way of DNS requests in Tor windows not flowing through Tor if adblocking was enabled. Brave Browser Desktop entre las versiones 1.17 y 1.20, es vulnerable a una divulgación de información por medio de peticiones DNS en ventanas Tor que no fluyen mediante Tor si el bloqueo de anuncios estaba activado • https://hackerone.com/reports/1077022 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22916
https://notcve.org/view.php?id=CVE-2021-22916
12 Jul 2021 — In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure. En Brave Desktop entre las versiones 1.17 y 1.26.60, cuando el adblocking está habilitado y una extensión de navegador proxy está instalada, la funcionalidad CNAME adblocking emite peticiones DNS que usaban la configu... • https://hackerone.com/reports/1203842 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21323 – Regression in DNS leakage from Tor windows
https://notcve.org/view.php?id=CVE-2021-21323
23 Feb 2021 — Brave is an open source web browser with a focus on privacy and security. In Brave versions 1.17.73-1.20.103, the CNAME adblocking feature added in Brave 1.17.73 accidentally initiated DNS requests that bypassed the Brave Tor proxy. Users with adblocking enabled would leak DNS requests from Tor windows to their DNS provider. (DNS requests that were not initiated by CNAME adblocking would go through Tor as expected.) This is fixed in Brave version 1.20.108 Brave es un navegador web de código abierto que se c... • https://github.com/brave/brave-browser/issues/13527 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-8276
https://notcve.org/view.php?id=CVE-2020-8276
09 Nov 2020 — The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever... • https://hackerone.com/reports/1024668 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000815
https://notcve.org/view.php?id=CVE-2018-1000815
20 Dec 2018 — Brave Software Inc. Brave version version 0.22.810 to 0.24.0 contains a Other/Unknown vulnerability in function ContentSettingsObserver::AllowScript() in content_settings_observer.cc that can result in Websites can run inline JavaScript even if script is blocked, making attackers easier to track users. This attack appear to be exploitable via the victim must visit a specially crafted website. This vulnerability appears to have been fixed in 0.25.2. Brave, de Brave Software Inc., de la versión 0.22.810 a la ... • https://github.com/brave/browser-laptop/issues/15232 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10798
https://notcve.org/view.php?id=CVE-2018-10798
07 May 2018 — A hang issue was discovered in Brave before 0.14.0 (on, for example, Linux). The vulnerability is caused by mishandling of JavaScript code that triggers the reload of a page continuously with an interval of 1 second. Se ha descubierto un problema de bloqueo en Brave en versiones anteriores a la 0.14.0 (por ejemplo, en Linux). La vulnerabilidad está provocada por la gestión incorrecta de código JavaScript que desencadena la recarga de una página continuamente con un intervalo de 1 segundo. • https://hackerone.com/reports/181686 • CWE-20: Improper Input Validation •