CWE-665

CVE-2019-11747

February 26, 2023 by

The “Forget about this site” feature in the History pane is intended to remove all saved user data that indicates a user has visited a site. This includes removing any HTTP Strict Transport Security (HSTS) settings received from sites that use it. Due to a bug, sites on the pre-load list also have their HSTS setting removed. On the next visit to that site if the user specifies an http: URL rather than secure https: they will not be protected by the pre-loaded HSTS setting. After that visit the site’s HSTS setting will be restored. This vulnerability affects Firefox < 69 and Firefox ESR < 68.1.

CVE-2019-1039

February 26, 2023 by

An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.To exploit this vulnerability, an authenticated attacker could run a specially crafted application, aka ‘Windows Kernel Information Disclosure Vulnerability’.

CVE-2019-10196

February 26, 2023 by

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.

CVE-2019-0767

February 26, 2023 by

CVE-2019-0782

February 26, 2023 by

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka ‘Windows Kernel Information Disclosure Vulnerability’. This CVE ID is unique from CVE-2019-0702, CVE-2019-0755, CVE-2019-0767, CVE-2019-0775.

CVE-2019-0663

February 26, 2023 by