CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6473 – DLL Hijacking in Yandex Browser
https://notcve.org/view.php?id=CVE-2024-6473
Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used. • https://yandex.com/bugbounty/i/hall-of-fame-browser • CWE-426: Untrusted Search Path •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-52263
https://notcve.org/view.php?id=CVE-2023-52263
Brave Browser before 1.59.40 does not properly restrict the schema for WebUI factory and redirect. This is related to browser/brave_content_browser_client.cc and browser/ui/webui/brave_web_ui_controller_factory.cc. Brave Browser anterior a 1.59.40 no restringe adecuadamente el esquema para la fábrica WebUI y la redirección. Esto está relacionado con browser/brave_content_browser_client.cc y browser/ui/webui/brave_web_ui_controller_factory.cc. • https://github.com/brave/brave-browser/issues/32449 https://github.com/brave/brave-browser/issues/32473 https://github.com/brave/brave-core/pull/19820 https://github.com/brave/brave-core/pull/19820/commits/9da202f7f4bc80b6975909b684bbc0764a31c4e9 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-28364
https://notcve.org/view.php?id=CVE-2023-28364
An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Now the user must manually navigate to the URL. • https://hackerone.com/reports/1946534 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 2%CPEs: 1EXPL: 3CVE-2017-18016 – Parity Browser < 1.6.10 - Bypass Same Origin Policy
https://notcve.org/view.php?id=CVE-2017-18016
Parity Browser 1.6.10 and earlier allows remote attackers to bypass the Same Origin Policy and obtain sensitive information by requesting other websites via the Parity web proxy engine (reusing the current website's token, which is not bound to an origin). Parity Browser 1.6.10 y anteriores permite que atacantes remotos omitan la política del mismo origen y obtengan información sensible mediante peticiones a otros sitios por medio del motor web proxy de Parity (reutilizando el token de la página web actual, que no está enlazado a un origen). Parity versions 1.6.10 (stable) and below suffer from a same origin policy bypass vulnerability via a webproxy token reuse issue. • https://www.exploit-db.com/exploits/43499 http://www.openwall.com/lists/oss-security/2018/01/10/1 https://github.com/paritytech/parity/commit/53609f703e2f1af76441344ac3b72811c726a215 https://github.com/tintinweb/pub/tree/master/pocs/cve-2017-18016 • CWE-346: Origin Validation Error •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000461
https://notcve.org/view.php?id=CVE-2017-1000461
Brave Software's Brave Browser, version 0.19.73 (and earlier) is vulnerable to an incorrect access control issue in the "JS fingerprinting blocking" component, resulting in a malicious website being able to access the fingerprinting-associated browser functionality (that the browser intends to block). Las versiones 0.19.73 y anteriores de Brave Browser, de Brave Software, son vulnerables a un problema de control de acceso incorrecto en el componente "JS fingerprinting blocking". Esto resulta en que un sitio web malicioso es capaz de acceder a la funcionalidad del navegador asociada a la huella digital, que el navegador intenta bloquear. • https://github.com/brave/browser-laptop/issues/11683#issuecomment-339835601 • CWE-732: Incorrect Permission Assignment for Critical Resource •