9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.954 High
EPSS
Percentile
99.4%
Severity: Critical
Date : 2017-01-12
CVE-ID : CVE-2017-2925 CVE-2017-2926 CVE-2017-2927 CVE-2017-2928
CVE-2017-2930 CVE-2017-2931 CVE-2017-2932 CVE-2017-2933
CVE-2017-2934 CVE-2017-2935 CVE-2017-2936 CVE-2017-2937
CVE-2017-2938
Package : lib32-flashplugin
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-136
The package lib32-flashplugin before version 24.0.0.194-1 is vulnerable
to multiple issues including arbitrary code execution and information
disclosure.
Upgrade to 24.0.0.194-1.
The problems have been fixed upstream in version 24.0.0.194.
None.
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability in the JPEG XR codec.
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability related to processing of atoms in MP4
files.
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
heap overflow vulnerability when processing Adobe Texture Format files.
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability related to setting visual mode effects.
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability due to a concurrency error when
manipulating a display list. Successful exploitation could lead to
arbitrary code execution.
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
memory corruption vulnerability related to the parsing of SWF metadata.
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
use after free vulnerability in the ActionScript MovieClip class.
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
heap overflow vulnerability related to texture compression.
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
heap overflow vulnerability when parsing Adobe Texture Format files.
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
heap overflow vulnerability when processing the Flash Video container
file format.
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
use after free vulnerability in the ActionScript FileReference class.
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable
use after free vulnerability in the ActionScript FileReference class,
when using class inheritance.
Adobe Flash Player versions 24.0.0.186 and earlier have a security
bypass vulnerability related to handling TCP connections.
A remote attacker can access sensitive information or execute arbitrary
code on the affected host.
https://helpx.adobe.com/security/products/flash-player/apsb17-02.html
https://security.archlinux.org/CVE-2017-2925
https://security.archlinux.org/CVE-2017-2926
https://security.archlinux.org/CVE-2017-2927
https://security.archlinux.org/CVE-2017-2928
https://security.archlinux.org/CVE-2017-2930
https://security.archlinux.org/CVE-2017-2931
https://security.archlinux.org/CVE-2017-2932
https://security.archlinux.org/CVE-2017-2933
https://security.archlinux.org/CVE-2017-2934
https://security.archlinux.org/CVE-2017-2935
https://security.archlinux.org/CVE-2017-2936
https://security.archlinux.org/CVE-2017-2937
https://security.archlinux.org/CVE-2017-2938
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | lib32-flashplugin | <ย 24.0.0.194-1 | UNKNOWN |
helpx.adobe.com/security/products/flash-player/apsb17-02.html
security.archlinux.org/AVG-136
security.archlinux.org/CVE-2017-2925
security.archlinux.org/CVE-2017-2926
security.archlinux.org/CVE-2017-2927
security.archlinux.org/CVE-2017-2928
security.archlinux.org/CVE-2017-2930
security.archlinux.org/CVE-2017-2931
security.archlinux.org/CVE-2017-2932
security.archlinux.org/CVE-2017-2933
security.archlinux.org/CVE-2017-2934
security.archlinux.org/CVE-2017-2935
security.archlinux.org/CVE-2017-2936
security.archlinux.org/CVE-2017-2937
security.archlinux.org/CVE-2017-2938
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
0.954 High
EPSS
Percentile
99.4%