CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-47934
https://notcve.org/view.php?id=CVE-2022-47934
Brave Browser before 1.43.88 allowed a remote attacker to cause a denial of service in private and guest windows via a crafted HTML file that mentions an ipfs:// or ipns:// URL. This is caused by an incomplete fix for CVE-2022-47932 and CVE-2022-47934. Brave Browser anterior a 1.43.88 permitía a un atacante remoto provocar una Denegación de Servicio (DoS) en ventanas privadas e invitadas a través de un archivo HTML manipulado que menciona una URL ipfs:// o ipns://. Esto se debe a una solución incompleta para CVE-2022-47932 y CVE-2022-47934. • https://github.com/brave/brave-browser/issues/24211 https://github.com/brave/brave-browser/issues/25106 https://github.com/brave/brave-core/commit/82d8e39043e691e0492519126437275511ee87e8 https://github.com/brave/brave-core/pull/14313 https://hackerone.com/reports/1646204 •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-30334
https://notcve.org/view.php?id=CVE-2022-30334
Brave before 1.34, when a Private Window with Tor Connectivity is used, leaks .onion URLs in Referer and Origin headers. NOTE: although this was fixed by Brave, the Brave documentation still advises "Note that Private Windows with Tor Connectivity in Brave are just regular private windows that use Tor as a proxy. Brave does NOT implement most of the privacy protections from Tor Browser." Brave versiones anteriores a 1.34, cuando se usa una Ventana Privada con Conectividad Tor, filtra URLs .onion en los encabezados Referer y Origin. NOTA: aunque esto fue arreglado por Brave, la documentación de Brave todavía aconseja "Tenga en cuenta que las Ventanas Privadas con Conectividad Tor en Brave son sólo ventanas privadas regulares que usan Tor como proxy. • https://github.com/brave/brave-browser/issues/18071 https://github.com/brave/brave-core/pull/10760 https://hackerone.com/reports/1337624 https://support.brave.com/hc/en-us/articles/360018121491-What-is-a-Private-Window-with-Tor-Connectivity- • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2021-45884
https://notcve.org/view.php?id=CVE-2021-45884
In Brave Desktop 1.17 through 1.33 before 1.33.106, when CNAME-based adblocking and a proxying extension with a SOCKS fallback are enabled, additional DNS requests are issued outside of the proxying extension using the system's DNS settings, resulting in information disclosure. NOTE: this issue exists because of an incomplete fix for CVE-2021-21323 and CVE-2021-22916. En Brave Desktop versiones 1.17 hasta 1.33 anteriores a 1.33.106, cuando es habilitado el bloqueo de anuncios basado en CNAME y una extensión de proxy con una reserva SOCKS, se emiten peticiones DNS adicionales fuera de la extensión de proxy usando la configuración DNS del sistema, resultando en una divulgación de información. NOTA: este problema se presenta debido a una corrección incompleta de CVE-2021-21323 y CVE-2021-22916 • https://github.com/brave/brave-browser/issues/19070 https://github.com/brave/brave-browser/issues/20079 https://github.com/brave/brave-core/pull/10742 https://hackerone.com/reports/1377864 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-22929
https://notcve.org/view.php?id=CVE-2021-22929
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log. Se presenta una divulgación de información en Brave Browser Desktop versiones anteriores a 1.28.62, donde se registraban mensajes de advertencia que incluían marcas de tiempo de conexiones a dominios V2 onion en tor.log • https://hackerone.com/reports/1249056 • CWE-312: Cleartext Storage of Sensitive Information CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2021-22916
https://notcve.org/view.php?id=CVE-2021-22916
In Brave Desktop between versions 1.17 and 1.26.60, when adblocking is enabled and a proxy browser extension is installed, the CNAME adblocking feature issues DNS requests that used the system DNS settings instead of the extension's proxy settings, resulting in possible information disclosure. En Brave Desktop entre las versiones 1.17 y 1.26.60, cuando el adblocking está habilitado y una extensión de navegador proxy está instalada, la funcionalidad CNAME adblocking emite peticiones DNS que usaban la configuración DNS del sistema en lugar de la configuración proxy de la extensión, resultando en una posible divulgación de información • https://hackerone.com/reports/1203842 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •