Skip to content
This repository was archived by the owner on Jan 10, 2025. It is now read-only.

Commit 6f1a1ad

Browse files
author
JanCooper
committed
PR1937 by Jan Cooper
2 parents 9c30df8 + 0fcdd10 commit 6f1a1ad

33 files changed

+393
-0
lines changed

repository/definitions/vulnerability/oval_com.gfi_def_1521.xml

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1521" version="0" class="vulnerability">
2+
<metadata>
3+
<title>Multiple vulnerabilities on Adobe Media Encoder</title>
4+
<affected family="windows">
5+
<platform>Microsoft Windows 10</platform>
6+
<platform>Microsoft Windows Server 2008</platform>
7+
<platform>Microsoft Windows Server 2008 R2</platform>
8+
<platform>Microsoft Windows Server 2012</platform>
9+
<platform>Microsoft Windows Server 2012 R2</platform>
10+
<platform>Microsoft Windows Server 2016</platform>
11+
<platform>Microsoft Windows Server 2019</platform>
12+
<product>Adobe Media Encoder</product>
13+
</affected>
14+
<reference ref_id="APSB19-29" ref_url="https://helpx.adobe.com/security/products/media-encoder/apsb19-29.html" source="Vendor Advisory"/>
15+
<reference ref_id="CVE-2019-7842" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7842" source="CVE"/>
16+
<reference ref_id="CVE-2019-7844" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7844" source="CVE"/>
17+
<description>
18+
Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability (CVE-2019-7842) and an out-of-bounds read vulnerability (CVE-2019-7844). Successful exploitation could lead to remote code execution.
19+
</description>
20+
<oval_repository>
21+
<dates>
22+
<submitted date="2023-03-01T08:37:00+00:00">
23+
<contributor organization="GFI">Glenn Lugod</contributor>
24+
</submitted>
25+
</dates>
26+
<status>INITIAL SUBMISSION</status>
27+
<min_schema_version>5.10</min_schema_version>
28+
</oval_repository>
29+
</metadata>
30+
<criteria comment="Adobe Media Encoder is installed + version" operator="AND">
31+
<extend_definition comment="Adobe Media Encoder is installed" definition_ref="oval:org.cisecurity:def:8776"/>
32+
<criterion comment="Check if Adobe Media Encoder version is less than 13.1" test_ref="oval:com.gfi:tst:1522"/>
33+
</criteria>
34+
</definition>

repository/definitions/vulnerability/oval_com.gfi_def_1524.xml

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1524" version="0" class="vulnerability">
2+
<metadata>
3+
<title>Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. (CVE-2019-7107)</title>
4+
<affected family="windows">
5+
<platform>Microsoft Windows 7</platform>
6+
<platform>Microsoft Windows 8</platform>
7+
<platform>Microsoft Windows 8.1</platform>
8+
<platform>Microsoft Windows 10</platform>
9+
<platform>Microsoft Windows Server 2003</platform>
10+
<platform>Microsoft Windows Server 2008</platform>
11+
<platform>Microsoft Windows Server 2008 R2</platform>
12+
<platform>Microsoft Windows Server 2012</platform>
13+
<platform>Microsoft Windows Server 2012 R2</platform>
14+
<product>Adobe InDesign</product>
15+
</affected>
16+
<reference ref_id="APSB19-23" ref_url="https://helpx.adobe.com/security/products/indesign/apsb19-23.html" source="Vendor Advisory"/>
17+
<reference ref_id="CVE-2019-7107" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7107" source="CVE"/>
18+
<description>
19+
Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in versions 13.1.1 and 14.0.2. (CVE-2019-7107)
20+
</description>
21+
<oval_repository>
22+
<dates>
23+
<submitted date="2023-03-01T09:26:00+00:00">
24+
<contributor organization="GFI">Glenn Lugod</contributor>
25+
</submitted>
26+
</dates>
27+
<status>INITIAL SUBMISSION</status>
28+
<min_schema_version>5.10</min_schema_version>
29+
</oval_repository>
30+
</metadata>
31+
<criteria comment="Check for installation of vulnerable Adobe InDesign + vulnerable file version" operator="OR">
32+
<criteria comment="Adobe InDesign is installed + version" operator="AND">
33+
<extend_definition comment="Adobe InDesign is installed" definition_ref="oval:org.mitre.oval:def:12375"/>
34+
<criterion comment="Check if Adobe InDesign version less than 14.0.2" test_ref="oval:com.gfi:tst:1525"/>
35+
</criteria>
36+
<criteria comment="Adobe InDesign is installed + version" operator="AND">
37+
<extend_definition comment="Adobe InDesign is installed" definition_ref="oval:org.mitre.oval:def:12375"/>
38+
<criterion comment="Check if Adobe InDesign version less than 13.1.1" test_ref="oval:com.gfi:tst:1527"/>
39+
</criteria>
40+
</criteria>
41+
</definition>

repository/definitions/vulnerability/oval_com.gfi_def_1529.xml

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1529" version="0" class="vulnerability">
2+
<metadata>
3+
<title>
4+
Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. (CVE-2019-7095)
5+
</title>
6+
<affected family="windows">
7+
<platform>Microsoft Windows 2000</platform>
8+
<platform>Microsoft Windows XP</platform>
9+
<platform>Microsoft Windows Server 2003</platform>
10+
<platform>Microsoft Windows Vista</platform>
11+
<platform>Microsoft Windows Server 2008</platform>
12+
<platform>Microsoft Windows Server 2008 R2</platform>
13+
<platform>Microsoft Windows 7</platform>
14+
<platform>Microsoft Windows 8</platform>
15+
<platform>Microsoft Windows 8.1</platform>
16+
<platform>Microsoft Windows 10</platform>
17+
<platform>Microsoft Windows Server 2012</platform>
18+
<platform>Microsoft Windows Server 2012 R2</platform>
19+
<platform>Microsoft Windows Server 2016</platform>
20+
<platform>Microsoft Windows Server 2019</platform>
21+
<product>Adobe Digital Editions</product>
22+
</affected>
23+
<reference ref_id="APSB19-16" ref_url="https://helpx.adobe.com/security/products/Digital-Editions/apsb19-16.html" source="Vendor Advisory"/>
24+
<reference ref_id="CVE-2019-7095" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7095" source="CVE"/>
25+
<description>
26+
Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. (CVE-2019-7095)
27+
</description>
28+
<oval_repository>
29+
<dates>
30+
<submitted date="2023-03-01T10:45:00+00:00">
31+
<contributor organization="GFI">Glenn Lugod</contributor>
32+
</submitted>
33+
</dates>
34+
<status>INITIAL SUBMISSION</status>
35+
<min_schema_version>5.10</min_schema_version>
36+
</oval_repository>
37+
</metadata>
38+
<criteria comment="Adobe Digital Editions is installed + version" operator="AND">
39+
<extend_definition comment="Adobe Digital Editions is installed" definition_ref="oval:org.mitre.oval:def:26684"/>
40+
<criterion comment="Check if Adobe Digital Editions version is less than 4.5.10.186048" test_ref="oval:com.gfi:tst:1530"/>
41+
</criteria>
42+
</definition>

repository/definitions/vulnerability/oval_com.gfi_def_1532.xml

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1532" version="0" class="vulnerability">
2+
<metadata>
3+
<title>Multiple vulnerabilities on Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier)</title>
4+
<affected family="windows">
5+
<platform>Microsoft Windows 8</platform>
6+
<platform>Microsoft Windows 8.1</platform>
7+
<platform>Microsoft Windows 10</platform>
8+
<platform>Microsoft Windows 11</platform>
9+
<platform>Microsoft Windows Server 2012</platform>
10+
<platform>Microsoft Windows Server 2012 R2</platform>
11+
<platform>Microsoft Windows Server 2016</platform>
12+
<platform>Microsoft Windows Server 2019</platform>
13+
<product>Adobe Bridge</product>
14+
</affected>
15+
<reference ref_id="APSB23-09" ref_url="https://helpx.adobe.com/security/products/bridge/apsb23-09.html" source="Vendor Advisory"/>
16+
<reference ref_id="CVE-2023-21583" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21583" source="CVE"/>
17+
<reference ref_id="CVE-2023-22226" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22226" source="CVE"/>
18+
<reference ref_id="CVE-2023-22227" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22227" source="CVE"/>
19+
<reference ref_id="CVE-2023-22228" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22228" source="CVE"/>
20+
<reference ref_id="CVE-2023-22229" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22229" source="CVE"/>
21+
<reference ref_id="CVE-2023-22230" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22230" source="CVE"/>
22+
<reference ref_id="CVE-2023-22231" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22231" source="CVE"/>
23+
<description>
24+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21583)
25+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22226)
26+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22227)
27+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22228)
28+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22229)
29+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22230)
30+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-22231)
31+
</description>
32+
<oval_repository>
33+
<dates>
34+
<submitted date="2023-03-01T12:53:00+00:00">
35+
<contributor organization="GFI">Glenn Lugod</contributor>
36+
</submitted>
37+
</dates>
38+
<status>INITIAL SUBMISSION</status>
39+
<min_schema_version>5.10</min_schema_version>
40+
</oval_repository>
41+
</metadata>
42+
<criteria comment="Adobe Bridge is installed + version" operator="AND">
43+
<extend_definition comment="Adobe Bridge is installed" definition_ref="oval:org.cisecurity:def:7159"/>
44+
<criterion comment="Check if the version of Adobe Bridge is less than 12.0.4" test_ref="oval:com.gfi:tst:1533"/>
45+
</criteria>
46+
</definition>

repository/definitions/vulnerability/oval_com.gfi_def_1535.xml

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1535" version="0" class="vulnerability">
2+
<metadata>
3+
<title>Multiple vulnerabilites on Photoshop version 23.5.3 (and earlier), 24.1 (and earlier)</title>
4+
<affected family="windows">
5+
<platform>Microsoft Windows 8</platform>
6+
<platform>Microsoft Windows 8.1</platform>
7+
<platform>Microsoft Windows 10</platform>
8+
<platform>Microsoft Windows 11</platform>
9+
<platform>Microsoft Windows Server 2012</platform>
10+
<platform>Microsoft Windows Server 2012 R2</platform>
11+
<platform>Microsoft Windows Server 2016</platform>
12+
<platform>Microsoft Windows Server 2019</platform>
13+
<product>Adobe Photoshop</product>
14+
</affected>
15+
<reference ref_id="APSB23-11" ref_url="https://helpx.adobe.com/security/products/photoshop/apsb23-11.html" source="Vendor Advisory"/>
16+
<reference ref_id="CVE-2023-21574" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21574" source="CVE"/>
17+
<reference ref_id="CVE-2023-21575" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21575" source="CVE"/>
18+
<reference ref_id="CVE-2023-21576" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21576" source="CVE"/>
19+
<reference ref_id="CVE-2023-21577" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21577" source="CVE"/>
20+
<reference ref_id="CVE-2023-21578" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21578" source="CVE"/>
21+
<description>
22+
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21574)
23+
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21575)
24+
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21576)
25+
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21577)
26+
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21578)
27+
</description>
28+
<oval_repository>
29+
<dates>
30+
<submitted date="2023-03-01T14:43:00+00:00">
31+
<contributor organization="GFI">Glenn Lugod</contributor>
32+
</submitted>
33+
</dates>
34+
<status>INITIAL SUBMISSION</status>
35+
<min_schema_version>5.10</min_schema_version>
36+
</oval_repository>
37+
</metadata>
38+
<criteria operator="AND">
39+
<extend_definition comment="Adobe Photoshop is installed" definition_ref="oval:org.mitre.oval:def:6647"/>
40+
<criteria comment="vulnerable versions" operator="OR">
41+
<criteria comment="Adobe Photoshop before 23.5.4" operator="AND">
42+
<criterion comment="Check if the version of Adobe Photoshop is greater than or equal to 23.5" test_ref="oval:com.gfi:tst:1536"/>
43+
<criterion comment="Check if the version of Adobe Photoshop is less than 23.5.4" test_ref="oval:com.gfi:tst:1538"/>
44+
</criteria>
45+
<criteria comment="Adobe Photoshop before 24.1.1" operator="AND">
46+
<criterion comment="Check if the version of Adobe Photoshop is greater than or equal to 24.1" test_ref="oval:com.gfi:tst:1540"/>
47+
<criterion comment="Check if the version of Adobe Photoshop is less than 24.1.1" test_ref="oval:com.gfi:tst:1542"/>
48+
</criteria>
49+
</criteria>
50+
</criteria>
51+
</definition>

repository/definitions/vulnerability/oval_com.gfi_def_1544.xml

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,44 @@
1+
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1544" version="0" class="vulnerability">
2+
<metadata>
3+
<title>Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability. (CVE-2023-21593)</title>
4+
<affected family="windows">
5+
<platform>Microsoft Windows 7</platform>
6+
<platform>Microsoft Windows 8</platform>
7+
<platform>Microsoft Windows 8.1</platform>
8+
<platform>Microsoft Windows 10</platform>
9+
<platform>Microsoft Windows 11</platform>
10+
<platform>Microsoft Windows Server 2003</platform>
11+
<platform>Microsoft Windows Server 2008</platform>
12+
<platform>Microsoft Windows Server 2008 R2</platform>
13+
<platform>Microsoft Windows Server 2012</platform>
14+
<platform>Microsoft Windows Server 2012 R2</platform>
15+
<product>Adobe InDesign</product>
16+
</affected>
17+
<reference ref_id="APSB23-12" ref_url="https://helpx.adobe.com/security/products/indesign/apsb23-12.html" source="Vendor Advisory"/>
18+
<reference ref_id="CVE-2023-21593" ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21593" source="CVE"/>
19+
<description>
20+
Adobe InDesign versions ID18.1 (and earlier) and ID17.4 (and earlier) are affected by a NULL Pointer Dereference vulnerability.
21+
An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user.
22+
Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-21593)
23+
</description>
24+
<oval_repository>
25+
<dates>
26+
<submitted date="2023-03-02T01:20:00+00:00">
27+
<contributor organization="GFI">Glenn Lugod</contributor>
28+
</submitted>
29+
</dates>
30+
<status>INITIAL SUBMISSION</status>
31+
<min_schema_version>5.10</min_schema_version>
32+
</oval_repository>
33+
</metadata>
34+
<criteria comment="Check for installation of vulnerable Adobe InDesign + vulnerable file version" operator="OR">
35+
<criteria comment="Adobe InDesign is installed + version" operator="AND">
36+
<extend_definition comment="Adobe InDesign is installed" definition_ref="oval:org.mitre.oval:def:12375"/>
37+
<criterion comment="Check if Adobe InDesign version less than ID18.2" test_ref="oval:com.gfi:tst:1545"/>
38+
</criteria>
39+
<criteria comment="Adobe InDesign is installed + version" operator="AND">
40+
<extend_definition comment="Adobe InDesign is installed" definition_ref="oval:org.mitre.oval:def:12375"/>
41+
<criterion comment="Check if Adobe InDesign version less than ID17.4.1" test_ref="oval:com.gfi:tst:1547"/>
42+
</criteria>
43+
</criteria>
44+
</definition>

0 commit comments

Comments
 (0)