Security Vulnerabilities, CVEs, Published In May 2012
The Inter-process Communication (IPC) implementation in Google Chrome before 18.0.1025.168, as used in Mozilla Firefox before 38.0 and other products, does not properly validate messages, which has unspecified impact and attack vectors.
Max CVSS
10.0
EPSS Score
1.13%
Published
2012-05-01
Updated
2018-10-30
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a STYLE element.
Max CVSS
10.0
EPSS Score
2.07%
Published
2012-05-16
Updated
2017-12-29
Google Chrome before 19.0.1084.46 does not properly perform window navigation, which has unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.45%
Published
2012-05-16
Updated
2017-12-29
Use-after-free vulnerability in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving tables.
Max CVSS
10.0
EPSS Score
2.07%
Published
2012-05-16
Updated
2017-12-29
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
2.78%
Published
2012-05-16
Updated
2017-12-29
The regex implementation in Google V8, as used in Google Chrome before 19.0.1084.46, allows remote attackers to cause a denial of service (invalid write operation) or possibly have unspecified other impact via unknown vectors.
Max CVSS
10.0
EPSS Score
1.32%
Published
2012-05-16
Updated
2017-12-29
The OGG container in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
Max CVSS
10.0
EPSS Score
1.32%
Published
2012-05-16
Updated
2017-12-29
The PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging an out-of-bounds write error in the implementation of sampled functions.
Max CVSS
10.0
EPSS Score
1.70%
Published
2012-05-16
Updated
2017-12-05
Use-after-free vulnerability in the PDF functionality in Google Chrome before 19.0.1084.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a malformed name for the font encoding.
Max CVSS
10.0
EPSS Score
1.86%
Published
2012-05-16
Updated
2017-12-05
Google Chrome before 19.0.1084.46 on Linux does not properly mitigate an unspecified flaw in an NVIDIA driver, which has unknown impact and attack vectors. NOTE: see CVE-2012-3105 for the related MFSA 2012-34 issue in Mozilla products.
Max CVSS
10.0
EPSS Score
0.68%
Published
2012-05-16
Updated
2017-12-29
The WebSockets implementation in Google Chrome before 19.0.1084.52 does not properly handle use of SSL, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
10.0
EPSS Score
6.45%
Published
2012-05-24
Updated
2017-09-19
Use-after-free vulnerability in Google Chrome before 19.0.1084.52 allows remote attackers to execute arbitrary code via vectors related to the browser cache.
Max CVSS
10.0
EPSS Score
6.55%
Published
2012-05-24
Updated
2017-09-19
CVE-2012-0202
Public exploit
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.
Max CVSS
10.0
EPSS Score
97.15%
Published
2012-05-04
Updated
2017-08-29
CVE-2012-0297
Public exploit
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
Max CVSS
10.0
EPSS Score
97.42%
Published
2012-05-21
Updated
2017-12-05
CVE-2012-0299
Public exploit
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
Max CVSS
10.0
EPSS Score
96.99%
Published
2012-05-21
Updated
2017-12-05
Buffer overflow in Adobe Flash Professional before CS6 allows attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
2.58%
Published
2012-05-09
Updated
2017-12-05
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2023, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
Max CVSS
10.0
EPSS Score
2.43%
Published
2012-05-09
Updated
2017-12-05
Heap-based buffer overflow in the proxy_connect function in src/client.c in CVS 1.11 and 1.12 allows remote HTTP proxy servers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted HTTP response.
Max CVSS
10.0
EPSS Score
0.75%
Published
2012-05-29
Updated
2023-02-13
Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
Max CVSS
10.0
EPSS Score
0.66%
Published
2012-05-03
Updated
2017-12-14
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2024, CVE-2012-2025, and CVE-2012-2026.
Max CVSS
10.0
EPSS Score
2.71%
Published
2012-05-09
Updated
2017-08-29
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2025, and CVE-2012-2026.
Max CVSS
10.0
EPSS Score
28.68%
Published
2012-05-09
Updated
2017-08-29
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2026.
Max CVSS
10.0
EPSS Score
28.68%
Published
2012-05-09
Updated
2017-08-29
Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2025.
Max CVSS
10.0
EPSS Score
2.71%
Published
2012-05-09
Updated
2017-08-29
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2030, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033.
Max CVSS
10.0
EPSS Score
28.68%
Published
2012-05-09
Updated
2017-11-22
Adobe Shockwave Player before 11.6.5.635 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2029, CVE-2012-2031, CVE-2012-2032, and CVE-2012-2033.
Max CVSS
10.0
EPSS Score
28.68%
Published
2012-05-09
Updated
2017-11-22