-
Notifications
You must be signed in to change notification settings - Fork 124
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
33 changed files
with
393 additions
and
0 deletions.
There are no files selected for viewing
34 changes: 34 additions & 0 deletions
34
repository/definitions/vulnerability/oval_com.gfi_def_1521.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,34 @@ | ||
| <definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1521" version="0" class="vulnerability"> | ||
| <metadata> | ||
| <title>Multiple vulnerabilities on Adobe Media Encoder</title> | ||
| <affected family="windows"> | ||
| <platform>Microsoft Windows 10</platform> | ||
| <platform>Microsoft Windows Server 2008</platform> | ||
| <platform>Microsoft Windows Server 2008 R2</platform> | ||
| <platform>Microsoft Windows Server 2012</platform> | ||
| <platform>Microsoft Windows Server 2012 R2</platform> | ||
| <platform>Microsoft Windows Server 2016</platform> | ||
| <platform>Microsoft Windows Server 2019</platform> | ||
| <product>Adobe Media Encoder</product> | ||
| </affected> | ||
| <reference ref_id="APSB19-29" ref_url="https://helpx.adobe.com/security/products/media-encoder/apsb19-29.html" source="Vendor Advisory"/> | ||
| <reference ref_id="CVE-2019-7842" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7842" source="CVE"/> | ||
| <reference ref_id="CVE-2019-7844" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7844" source="CVE"/> | ||
| <description> | ||
| Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability (CVE-2019-7842) and an out-of-bounds read vulnerability (CVE-2019-7844). Successful exploitation could lead to remote code execution. | ||
| </description> | ||
| <oval_repository> | ||
| <dates> | ||
| <submitted date="2023-03-01T08:37:00+00:00"> | ||
| <contributor organization="GFI">Glenn Lugod</contributor> | ||
| </submitted> | ||
| </dates> | ||
| <status>INITIAL SUBMISSION</status> | ||
| <min_schema_version>5.10</min_schema_version> | ||
| </oval_repository> | ||
| </metadata> | ||
| <criteria comment="Adobe Media Encoder is installed + version" operator="AND"> | ||
| <extend_definition comment="Adobe Media Encoder is installed" definition_ref="oval:org.cisecurity:def:8776"/> | ||
| <criterion comment="Check if Adobe Media Encoder version is less than 13.1" test_ref="oval:com.gfi:tst:1522"/> | ||
| </criteria> | ||
| </definition> |
41 changes: 41 additions & 0 deletions
41
repository/definitions/vulnerability/oval_com.gfi_def_1524.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,41 @@ | ||
| <definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1524" version="0" class="vulnerability"> | ||
| <metadata> | ||
| <title>Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. (CVE-2019-7107)</title> | ||
| <affected family="windows"> | ||
| <platform>Microsoft Windows 7</platform> | ||
| <platform>Microsoft Windows 8</platform> | ||
| <platform>Microsoft Windows 8.1</platform> | ||
| <platform>Microsoft Windows 10</platform> | ||
| <platform>Microsoft Windows Server 2003</platform> | ||
| <platform>Microsoft Windows Server 2008</platform> | ||
| <platform>Microsoft Windows Server 2008 R2</platform> | ||
| <platform>Microsoft Windows Server 2012</platform> | ||
| <platform>Microsoft Windows Server 2012 R2</platform> | ||
| <product>Adobe InDesign</product> | ||
| </affected> | ||
| <reference ref_id="APSB19-23" ref_url="https://helpx.adobe.com/security/products/indesign/apsb19-23.html" source="Vendor Advisory"/> | ||
| <reference ref_id="CVE-2019-7107" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7107" source="CVE"/> | ||
| <description> | ||
| Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2. (CVE-2019-7107) | ||
| </description> | ||
| <oval_repository> | ||
| <dates> | ||
| <submitted date="2023-03-01T09:26:00+00:00"> | ||
| <contributor organization="GFI">Glenn Lugod</contributor> | ||
| </submitted> | ||
| </dates> | ||
| <status>INITIAL SUBMISSION</status> | ||
| <min_schema_version>5.10</min_schema_version> | ||
| </oval_repository> | ||
| </metadata> | ||
| <criteria comment="Check for installation of vulnerable Adobe InDesign + vulnerable file version" operator="OR"> | ||
| <criteria comment="Adobe InDesign is installed + version" operator="AND"> | ||
| <extend_definition comment="Adobe InDesign is installed" definition_ref="oval:org.mitre.oval:def:12375"/> | ||
| <criterion comment="Check if Adobe InDesign version less than 14.0.2" test_ref="oval:com.gfi:tst:1525"/> | ||
| </criteria> | ||
| <criteria comment="Adobe InDesign is installed + version" operator="AND"> | ||
| <extend_definition comment="Adobe InDesign is installed" definition_ref="oval:org.mitre.oval:def:12375"/> | ||
| <criterion comment="Check if Adobe InDesign version less than 13.1.1" test_ref="oval:com.gfi:tst:1527"/> | ||
| </criteria> | ||
| </criteria> | ||
| </definition> |
42 changes: 42 additions & 0 deletions
42
repository/definitions/vulnerability/oval_com.gfi_def_1529.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| <definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1529" version="0" class="vulnerability"> | ||
| <metadata> | ||
| <title> | ||
| Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. (CVE-2019-7095) | ||
| </title> | ||
| <affected family="windows"> | ||
| <platform>Microsoft Windows 2000</platform> | ||
| <platform>Microsoft Windows XP</platform> | ||
| <platform>Microsoft Windows Server 2003</platform> | ||
| <platform>Microsoft Windows Vista</platform> | ||
| <platform>Microsoft Windows Server 2008</platform> | ||
| <platform>Microsoft Windows Server 2008 R2</platform> | ||
| <platform>Microsoft Windows 7</platform> | ||
| <platform>Microsoft Windows 8</platform> | ||
| <platform>Microsoft Windows 8.1</platform> | ||
| <platform>Microsoft Windows 10</platform> | ||
| <platform>Microsoft Windows Server 2012</platform> | ||
| <platform>Microsoft Windows Server 2012 R2</platform> | ||
| <platform>Microsoft Windows Server 2016</platform> | ||
| <platform>Microsoft Windows Server 2019</platform> | ||
| <product>Adobe Digital Editions</product> | ||
| </affected> | ||
| <reference ref_id="APSB19-16" ref_url="https://helpx.adobe.com/security/products/Digital-Editions/apsb19-16.html" source="Vendor Advisory"/> | ||
| <reference ref_id="CVE-2019-7095" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7095" source="CVE"/> | ||
| <description> | ||
| Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2019-7095) | ||
| </description> | ||
| <oval_repository> | ||
| <dates> | ||
| <submitted date="2023-03-01T10:45:00+00:00"> | ||
| <contributor organization="GFI">Glenn Lugod</contributor> | ||
| </submitted> | ||
| </dates> | ||
| <status>INITIAL SUBMISSION</status> | ||
| <min_schema_version>5.10</min_schema_version> | ||
| </oval_repository> | ||
| </metadata> | ||
| <criteria comment="Adobe Digital Editions is installed + version" operator="AND"> | ||
| <extend_definition comment="Adobe Digital Editions is installed" definition_ref="oval:org.mitre.oval:def:26684"/> | ||
| <criterion comment="Check if Adobe Digital Editions version is less than 4.5.10.186048" test_ref="oval:com.gfi:tst:1530"/> | ||
| </criteria> | ||
| </definition> |
46 changes: 46 additions & 0 deletions
46
repository/definitions/vulnerability/oval_com.gfi_def_1532.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| <definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1532" version="0" class="vulnerability"> | ||
| <metadata> | ||
| <title>Multiple vulnerabilities on Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier)</title> | ||
| <affected family="windows"> | ||
| <platform>Microsoft Windows 8</platform> | ||
| <platform>Microsoft Windows 8.1</platform> | ||
| <platform>Microsoft Windows 10</platform> | ||
| <platform>Microsoft Windows 11</platform> | ||
| <platform>Microsoft Windows Server 2012</platform> | ||
| <platform>Microsoft Windows Server 2012 R2</platform> | ||
| <platform>Microsoft Windows Server 2016</platform> | ||
| <platform>Microsoft Windows Server 2019</platform> | ||
| <product>Adobe Bridge</product> | ||
| </affected> | ||
| <reference ref_id="APSB23-09" ref_url="https://helpx.adobe.com/security/products/bridge/apsb23-09.html" source="Vendor Advisory"/> | ||
| <reference ref_id="CVE-2023-21583" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21583" source="CVE"/> | ||
| <reference ref_id="CVE-2023-22226" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22226" source="CVE"/> | ||
| <reference ref_id="CVE-2023-22227" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22227" source="CVE"/> | ||
| <reference ref_id="CVE-2023-22228" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22228" source="CVE"/> | ||
| <reference ref_id="CVE-2023-22229" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22229" source="CVE"/> | ||
| <reference ref_id="CVE-2023-22230" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22230" source="CVE"/> | ||
| <reference ref_id="CVE-2023-22231" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22231" source="CVE"/> | ||
| <description> | ||
| Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21583) | ||
| Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22226) | ||
| Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22227) | ||
| Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22228) | ||
| Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22229) | ||
| Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22230) | ||
| Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22231) | ||
| </description> | ||
| <oval_repository> | ||
| <dates> | ||
| <submitted date="2023-03-01T12:53:00+00:00"> | ||
| <contributor organization="GFI">Glenn Lugod</contributor> | ||
| </submitted> | ||
| </dates> | ||
| <status>INITIAL SUBMISSION</status> | ||
| <min_schema_version>5.10</min_schema_version> | ||
| </oval_repository> | ||
| </metadata> | ||
| <criteria comment="Adobe Bridge is installed + version" operator="AND"> | ||
| <extend_definition comment="Adobe Bridge is installed" definition_ref="oval:org.cisecurity:def:7159"/> | ||
| <criterion comment="Check if the version of Adobe Bridge is less than 12.0.4" test_ref="oval:com.gfi:tst:1533"/> | ||
| </criteria> | ||
| </definition> |
51 changes: 51 additions & 0 deletions
51
repository/definitions/vulnerability/oval_com.gfi_def_1535.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| <definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1535" version="0" class="vulnerability"> | ||
| <metadata> | ||
| <title>Multiple vulnerabilites on Photoshop version 23.5.3 (and earlier), 24.1 (and earlier)</title> | ||
| <affected family="windows"> | ||
| <platform>Microsoft Windows 8</platform> | ||
| <platform>Microsoft Windows 8.1</platform> | ||
| <platform>Microsoft Windows 10</platform> | ||
| <platform>Microsoft Windows 11</platform> | ||
| <platform>Microsoft Windows Server 2012</platform> | ||
| <platform>Microsoft Windows Server 2012 R2</platform> | ||
| <platform>Microsoft Windows Server 2016</platform> | ||
| <platform>Microsoft Windows Server 2019</platform> | ||
| <product>Adobe Photoshop</product> | ||
| </affected> | ||
| <reference ref_id="APSB23-11" ref_url="https://helpx.adobe.com/security/products/photoshop/apsb23-11.html" source="Vendor Advisory"/> | ||
| <reference ref_id="CVE-2023-21574" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21574" source="CVE"/> | ||
| <reference ref_id="CVE-2023-21575" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21575" source="CVE"/> | ||
| <reference ref_id="CVE-2023-21576" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21576" source="CVE"/> | ||
| <reference ref_id="CVE-2023-21577" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21577" source="CVE"/> | ||
| <reference ref_id="CVE-2023-21578" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21578" source="CVE"/> | ||
| <description> | ||
| Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21574) | ||
| Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21575) | ||
| Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21576) | ||
| Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21577) | ||
| Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21578) | ||
| </description> | ||
| <oval_repository> | ||
| <dates> | ||
| <submitted date="2023-03-01T14:43:00+00:00"> | ||
| <contributor organization="GFI">Glenn Lugod</contributor> | ||
| </submitted> | ||
| </dates> | ||
| <status>INITIAL SUBMISSION</status> | ||
| <min_schema_version>5.10</min_schema_version> | ||
| </oval_repository> | ||
| </metadata> | ||
| <criteria operator="AND"> | ||
| <extend_definition comment="Adobe Photoshop is installed" definition_ref="oval:org.mitre.oval:def:6647"/> | ||
| <criteria comment="vulnerable versions" operator="OR"> | ||
| <criteria comment="Adobe Photoshop before 23.5.4" operator="AND"> | ||
| <criterion comment="Check if the version of Adobe Photoshop is greater than or equal to 23.5" test_ref="oval:com.gfi:tst:1536"/> | ||
| <criterion comment="Check if the version of Adobe Photoshop is less than 23.5.4" test_ref="oval:com.gfi:tst:1538"/> | ||
| </criteria> | ||
| <criteria comment="Adobe Photoshop before 24.1.1" operator="AND"> | ||
| <criterion comment="Check if the version of Adobe Photoshop is greater than or equal to 24.1" test_ref="oval:com.gfi:tst:1540"/> | ||
| <criterion comment="Check if the version of Adobe Photoshop is less than 24.1.1" test_ref="oval:com.gfi:tst:1542"/> | ||
| </criteria> | ||
| </criteria> | ||
| </criteria> | ||
| </definition> |
44 changes: 44 additions & 0 deletions
44
repository/definitions/vulnerability/oval_com.gfi_def_1544.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| <definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1544" version="0" class="vulnerability"> | ||
| <metadata> | ||
| <title>Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. (CVE-2023-21593)</title> | ||
| <affected family="windows"> | ||
| <platform>Microsoft Windows 7</platform> | ||
| <platform>Microsoft Windows 8</platform> | ||
| <platform>Microsoft Windows 8.1</platform> | ||
| <platform>Microsoft Windows 10</platform> | ||
| <platform>Microsoft Windows 11</platform> | ||
| <platform>Microsoft Windows Server 2003</platform> | ||
| <platform>Microsoft Windows Server 2008</platform> | ||
| <platform>Microsoft Windows Server 2008 R2</platform> | ||
| <platform>Microsoft Windows Server 2012</platform> | ||
| <platform>Microsoft Windows Server 2012 R2</platform> | ||
| <product>Adobe InDesign</product> | ||
| </affected> | ||
| <reference ref_id="APSB23-12" ref_url="https://helpx.adobe.com/security/products/indesign/apsb23-12.html" source="Vendor Advisory"/> | ||
| <reference ref_id="CVE-2023-21593" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21593" source="CVE"/> | ||
| <description> | ||
| Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. | ||
| An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. | ||
| Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21593) | ||
| </description> | ||
| <oval_repository> | ||
| <dates> | ||
| <submitted date="2023-03-02T01:20:00+00:00"> | ||
| <contributor organization="GFI">Glenn Lugod</contributor> | ||
| </submitted> | ||
| </dates> | ||
| <status>INITIAL SUBMISSION</status> | ||
| <min_schema_version>5.10</min_schema_version> | ||
| </oval_repository> | ||
| </metadata> | ||
| <criteria comment="Check for installation of vulnerable Adobe InDesign + vulnerable file version" operator="OR"> | ||
| <criteria comment="Adobe InDesign is installed + version" operator="AND"> | ||
| <extend_definition comment="Adobe InDesign is installed" definition_ref="oval:org.mitre.oval:def:12375"/> | ||
| <criterion comment="Check if Adobe InDesign version less than ID18.2" test_ref="oval:com.gfi:tst:1545"/> | ||
| </criteria> | ||
| <criteria comment="Adobe InDesign is installed + version" operator="AND"> | ||
| <extend_definition comment="Adobe InDesign is installed" definition_ref="oval:org.mitre.oval:def:12375"/> | ||
| <criterion comment="Check if Adobe InDesign version less than ID17.4.1" test_ref="oval:com.gfi:tst:1547"/> | ||
| </criteria> | ||
| </criteria> | ||
| </definition> |
Oops, something went wrong.