Skip to content
This repository was archived by the owner on Jan 10, 2025. It is now read-only.

Commit 8a88f89

Browse files
author
JanCooper
committed
PR1940 by Jan Cooper
2 parents b6ad532 + 340a619 commit 8a88f89

33 files changed

+575
-0
lines changed

repository/definitions/vulnerability/oval_com.gfi_def_1521.xml

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1521"
2+
version="0" class="vulnerability">
3+
<metadata>
4+
<title>Multiple vulnerabilities on Adobe Media Encoder</title>
5+
<affected family="windows">
6+
<platform>Microsoft Windows 10</platform>
7+
<platform>Microsoft Windows Server 2008</platform>
8+
<platform>Microsoft Windows Server 2008 R2</platform>
9+
<platform>Microsoft Windows Server 2012</platform>
10+
<platform>Microsoft Windows Server 2012 R2</platform>
11+
<platform>Microsoft Windows Server 2016</platform>
12+
<platform>Microsoft Windows Server 2019</platform>
13+
<product>Adobe Media Encoder</product>
14+
</affected>
15+
<reference ref_id="APSB19-29"
16+
ref_url="https://helpx.adobe.com/security/products/media-encoder/apsb19-29.html"
17+
source="Vendor Advisory" />
18+
<reference ref_id="CVE-2019-7842"
19+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7842" source="CVE" />
20+
<reference ref_id="CVE-2019-7844"
21+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7844" source="CVE" />
22+
<description>
23+
Adobe Media Encoder version 13.0.2 has a use-after-free vulnerability (CVE-2019-7842)
24+
and an out-of-bounds read vulnerability (CVE-2019-7844). Successful exploitation could
25+
lead to remote code execution.
26+
</description>
27+
<oval_repository>
28+
<dates>
29+
<submitted date="2023-03-01T08:37:00+00:00">
30+
<contributor organization="GFI">Glenn Lugod</contributor>
31+
</submitted>
32+
</dates>
33+
<status>INITIAL SUBMISSION</status>
34+
<min_schema_version>5.10</min_schema_version>
35+
</oval_repository>
36+
</metadata>
37+
<criteria comment="Adobe Media Encoder is installed + version" operator="AND">
38+
<extend_definition comment="Adobe Media Encoder is installed"
39+
definition_ref="oval:org.cisecurity:def:8776" />
40+
<criterion comment="Check if Adobe Media Encoder version is less than 13.1"
41+
test_ref="oval:com.gfi:tst:1522" />
42+
</criteria>
43+
</definition>

repository/definitions/vulnerability/oval_com.gfi_def_1524.xml

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1524"
2+
version="0" class="vulnerability">
3+
<metadata>
4+
<title>Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing
5+
vulnerability. (CVE-2019-7107)</title>
6+
<affected family="windows">
7+
<platform>Microsoft Windows 7</platform>
8+
<platform>Microsoft Windows 8</platform>
9+
<platform>Microsoft Windows 8.1</platform>
10+
<platform>Microsoft Windows 10</platform>
11+
<platform>Microsoft Windows Server 2003</platform>
12+
<platform>Microsoft Windows Server 2008</platform>
13+
<platform>Microsoft Windows Server 2008 R2</platform>
14+
<platform>Microsoft Windows Server 2012</platform>
15+
<platform>Microsoft Windows Server 2012 R2</platform>
16+
<product>Adobe InDesign</product>
17+
</affected>
18+
<reference ref_id="APSB19-23"
19+
ref_url="https://helpx.adobe.com/security/products/indesign/apsb19-23.html"
20+
source="Vendor Advisory" />
21+
<reference ref_id="CVE-2019-7107"
22+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7107" source="CVE" />
23+
<description>
24+
Adobe InDesign versions 14.0.1 and below have an unsafe hyperlink processing
25+
vulnerability. Successful exploitation could lead to arbitrary code execution. Fixed in
26+
versions 13.1.1 and 14.0.2. (CVE-2019-7107)
27+
</description>
28+
<oval_repository>
29+
<dates>
30+
<submitted date="2023-03-01T09:26:00+00:00">
31+
<contributor organization="GFI">Glenn Lugod</contributor>
32+
</submitted>
33+
</dates>
34+
<status>INITIAL SUBMISSION</status>
35+
<min_schema_version>5.10</min_schema_version>
36+
</oval_repository>
37+
</metadata>
38+
<criteria
39+
comment="Check for installation of vulnerable Adobe InDesign + vulnerable file version"
40+
operator="OR">
41+
<criteria comment="Adobe InDesign is installed + version" operator="AND">
42+
<extend_definition comment="Adobe InDesign is installed"
43+
definition_ref="oval:org.mitre.oval:def:12375" />
44+
<criterion comment="Check if Adobe InDesign version less than 14.0.2"
45+
test_ref="oval:com.gfi:tst:1525" />
46+
</criteria>
47+
<criteria comment="Adobe InDesign is installed + version" operator="AND">
48+
<extend_definition comment="Adobe InDesign is installed"
49+
definition_ref="oval:org.mitre.oval:def:12375" />
50+
<criterion comment="Check if Adobe InDesign version less than 13.1.1"
51+
test_ref="oval:com.gfi:tst:1527" />
52+
</criteria>
53+
</criteria>
54+
</definition>

repository/definitions/vulnerability/oval_com.gfi_def_1529.xml

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1529"
2+
version="0" class="vulnerability">
3+
<metadata>
4+
<title>
5+
Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow
6+
vulnerability. (CVE-2019-7095)
7+
</title>
8+
<affected family="windows">
9+
<platform>Microsoft Windows 2000</platform>
10+
<platform>Microsoft Windows XP</platform>
11+
<platform>Microsoft Windows Server 2003</platform>
12+
<platform>Microsoft Windows Vista</platform>
13+
<platform>Microsoft Windows Server 2008</platform>
14+
<platform>Microsoft Windows Server 2008 R2</platform>
15+
<platform>Microsoft Windows 7</platform>
16+
<platform>Microsoft Windows 8</platform>
17+
<platform>Microsoft Windows 8.1</platform>
18+
<platform>Microsoft Windows 10</platform>
19+
<platform>Microsoft Windows Server 2012</platform>
20+
<platform>Microsoft Windows Server 2012 R2</platform>
21+
<platform>Microsoft Windows Server 2016</platform>
22+
<platform>Microsoft Windows Server 2019</platform>
23+
<product>Adobe Digital Editions</product>
24+
</affected>
25+
<reference ref_id="APSB19-16"
26+
ref_url="https://helpx.adobe.com/security/products/Digital-Editions/apsb19-16.html"
27+
source="Vendor Advisory" />
28+
<reference ref_id="CVE-2019-7095"
29+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7095" source="CVE" />
30+
<description>
31+
Adobe Digital Editions versions 4.5.10.185749 and below have a heap overflow
32+
vulnerability. Successful exploitation could lead to arbitrary code execution.
33+
(CVE-2019-7095)
34+
</description>
35+
<oval_repository>
36+
<dates>
37+
<submitted date="2023-03-01T10:45:00+00:00">
38+
<contributor organization="GFI">Glenn Lugod</contributor>
39+
</submitted>
40+
</dates>
41+
<status>INITIAL SUBMISSION</status>
42+
<min_schema_version>5.10</min_schema_version>
43+
</oval_repository>
44+
</metadata>
45+
<criteria comment="Adobe Digital Editions is installed + version" operator="AND">
46+
<extend_definition comment="Adobe Digital Editions is installed"
47+
definition_ref="oval:org.mitre.oval:def:26684" />
48+
<criterion comment="Check if Adobe Digital Editions version is less than 4.5.10.186048"
49+
test_ref="oval:com.gfi:tst:1530" />
50+
</criteria>
51+
</definition>

repository/definitions/vulnerability/oval_com.gfi_def_1532.xml

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,82 @@
1+
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1532"
2+
version="0" class="vulnerability">
3+
<metadata>
4+
<title>Multiple vulnerabilities on Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1
5+
(and earlier)</title>
6+
<affected family="windows">
7+
<platform>Microsoft Windows 8</platform>
8+
<platform>Microsoft Windows 8.1</platform>
9+
<platform>Microsoft Windows 10</platform>
10+
<platform>Microsoft Windows 11</platform>
11+
<platform>Microsoft Windows Server 2012</platform>
12+
<platform>Microsoft Windows Server 2012 R2</platform>
13+
<platform>Microsoft Windows Server 2016</platform>
14+
<platform>Microsoft Windows Server 2019</platform>
15+
<product>Adobe Bridge</product>
16+
</affected>
17+
<reference ref_id="APSB23-09"
18+
ref_url="https://helpx.adobe.com/security/products/bridge/apsb23-09.html"
19+
source="Vendor Advisory" />
20+
<reference ref_id="CVE-2023-21583"
21+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21583" source="CVE" />
22+
<reference ref_id="CVE-2023-22226"
23+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22226" source="CVE" />
24+
<reference ref_id="CVE-2023-22227"
25+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22227" source="CVE" />
26+
<reference ref_id="CVE-2023-22228"
27+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22228" source="CVE" />
28+
<reference ref_id="CVE-2023-22229"
29+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22229" source="CVE" />
30+
<reference ref_id="CVE-2023-22230"
31+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22230" source="CVE" />
32+
<reference ref_id="CVE-2023-22231"
33+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22231" source="CVE" />
34+
<description>
35+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an
36+
out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An
37+
attacker could leverage this vulnerability to bypass mitigations such as ASLR.
38+
Exploitation of this issue requires user interaction in that a victim must open a
39+
malicious file. (CVE-2023-21583)
40+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by a
41+
Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution
42+
in the context of the current user. Exploitation of this issue requires user interaction
43+
in that a victim must open a malicious file. (CVE-2023-22226)
44+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an
45+
out-of-bounds write vulnerability that could result in arbitrary code execution in the
46+
context of the current user. Exploitation of this issue requires user interaction in
47+
that a victim must open a malicious file. (CVE-2023-22227)
48+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an
49+
Improper Input Validation vulnerability that could result in arbitrary code execution in
50+
the context of the current user. Exploitation of this issue requires user interaction in
51+
that a victim must open a malicious file. (CVE-2023-22228)
52+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an
53+
out-of-bounds write vulnerability that could result in arbitrary code execution in the
54+
context of the current user. Exploitation of this issue requires user interaction in
55+
that a victim must open a malicious file. (CVE-2023-22229)
56+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an
57+
out-of-bounds write vulnerability that could result in arbitrary code execution in the
58+
context of the current user. Exploitation of this issue requires user interaction in
59+
that a victim must open a malicious file. (CVE-2023-22230)
60+
Adobe Bridge versions 12.0.3 (and earlier) and 13.0.1 (and earlier) are affected by an
61+
out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An
62+
attacker could leverage this vulnerability to bypass mitigations such as ASLR.
63+
Exploitation of this issue requires user interaction in that a victim must open a
64+
malicious file. (CVE-2023-22231)
65+
</description>
66+
<oval_repository>
67+
<dates>
68+
<submitted date="2023-03-01T12:53:00+00:00">
69+
<contributor organization="GFI">Glenn Lugod</contributor>
70+
</submitted>
71+
</dates>
72+
<status>INITIAL SUBMISSION</status>
73+
<min_schema_version>5.10</min_schema_version>
74+
</oval_repository>
75+
</metadata>
76+
<criteria comment="Adobe Bridge is installed + version" operator="AND">
77+
<extend_definition comment="Adobe Bridge is installed"
78+
definition_ref="oval:org.cisecurity:def:7159" />
79+
<criterion comment="Check if the version of Adobe Bridge is less than 12.0.4"
80+
test_ref="oval:com.gfi:tst:1533" />
81+
</criteria>
82+
</definition>

repository/definitions/vulnerability/oval_com.gfi_def_1535.xml

Lines changed: 83 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,83 @@
1+
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" id="oval:com.gfi:def:1535"
2+
version="0" class="vulnerability">
3+
<metadata>
4+
<title>Multiple vulnerabilites on Photoshop version 23.5.3 (and earlier), 24.1 (and earlier)</title>
5+
<affected family="windows">
6+
<platform>Microsoft Windows 8</platform>
7+
<platform>Microsoft Windows 8.1</platform>
8+
<platform>Microsoft Windows 10</platform>
9+
<platform>Microsoft Windows 11</platform>
10+
<platform>Microsoft Windows Server 2012</platform>
11+
<platform>Microsoft Windows Server 2012 R2</platform>
12+
<platform>Microsoft Windows Server 2016</platform>
13+
<platform>Microsoft Windows Server 2019</platform>
14+
<product>Adobe Photoshop</product>
15+
</affected>
16+
<reference ref_id="APSB23-11"
17+
ref_url="https://helpx.adobe.com/security/products/photoshop/apsb23-11.html"
18+
source="Vendor Advisory" />
19+
<reference ref_id="CVE-2023-21574"
20+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21574" source="CVE" />
21+
<reference ref_id="CVE-2023-21575"
22+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21575" source="CVE" />
23+
<reference ref_id="CVE-2023-21576"
24+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21576" source="CVE" />
25+
<reference ref_id="CVE-2023-21577"
26+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21577" source="CVE" />
27+
<reference ref_id="CVE-2023-21578"
28+
ref_url="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21578" source="CVE" />
29+
<description>
30+
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an Improper
31+
Input Validation vulnerability that could result in arbitrary code execution in the
32+
context of the current user. Exploitation of this issue requires user interaction in
33+
that a victim must open a malicious file. (CVE-2023-21574)
34+
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an
35+
out-of-bounds write vulnerability that could result in arbitrary code execution in the
36+
context of the current user. Exploitation of this issue requires user interaction in
37+
that a victim must open a malicious file. (CVE-2023-21575)
38+
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an
39+
out-of-bounds write vulnerability that could result in arbitrary code execution in the
40+
context of the current user. Exploitation of this issue requires user interaction in
41+
that a victim must open a malicious file. (CVE-2023-21576)
42+
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an
43+
out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An
44+
attacker could leverage this vulnerability to bypass mitigations such as ASLR.
45+
Exploitation of this issue requires user interaction in that a victim must open a
46+
malicious file. (CVE-2023-21577)
47+
Photoshop version 23.5.3 (and earlier), 24.1 (and earlier) are affected by an
48+
out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An
49+
attacker could leverage this vulnerability to bypass mitigations such as ASLR.
50+
Exploitation of this issue requires user interaction in that a victim must open a
51+
malicious file. (CVE-2023-21578)
52+
</description>
53+
<oval_repository>
54+
<dates>
55+
<submitted date="2023-03-01T14:43:00+00:00">
56+
<contributor organization="GFI">Glenn Lugod</contributor>
57+
</submitted>
58+
</dates>
59+
<status>INITIAL SUBMISSION</status>
60+
<min_schema_version>5.10</min_schema_version>
61+
</oval_repository>
62+
</metadata>
63+
<criteria operator="AND">
64+
<extend_definition comment="Adobe Photoshop is installed"
65+
definition_ref="oval:org.mitre.oval:def:6647" />
66+
<criteria comment="vulnerable versions" operator="OR">
67+
<criteria comment="Adobe Photoshop before 23.5.4" operator="AND">
68+
<criterion
69+
comment="Check if the version of Adobe Photoshop is greater than or equal to 23.5"
70+
test_ref="oval:com.gfi:tst:1536" />
71+
<criterion comment="Check if the version of Adobe Photoshop is less than 23.5.4"
72+
test_ref="oval:com.gfi:tst:1538" />
73+
</criteria>
74+
<criteria comment="Adobe Photoshop before 24.1.1" operator="AND">
75+
<criterion
76+
comment="Check if the version of Adobe Photoshop is greater than or equal to 24.1"
77+
test_ref="oval:com.gfi:tst:1540" />
78+
<criterion comment="Check if the version of Adobe Photoshop is less than 24.1.1"
79+
test_ref="oval:com.gfi:tst:1542" />
80+
</criteria>
81+
</criteria>
82+
</criteria>
83+
</definition>

0 commit comments

Comments
 (0)