-
Notifications
You must be signed in to change notification settings - Fork 121
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
11 changed files
with
671 additions
and
0 deletions.
There are no files selected for viewing
61 changes: 61 additions & 0 deletions
61
repository/definitions/vulnerability/oval_org.cisecurity_def_1733.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:1733" version="1"> | ||
<metadata> | ||
<title>Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability - CVE-2017-2948</title> | ||
<affected family="windows"> | ||
<platform>Microsoft Windows Vista</platform> | ||
<platform>Microsoft Windows 7</platform> | ||
<platform>Microsoft Windows 8</platform> | ||
<platform>Microsoft Windows 8.1</platform> | ||
<platform>Microsoft Windows 10</platform> | ||
<platform>Microsoft Windows Server 2003</platform> | ||
<platform>Microsoft Windows Server 2008</platform> | ||
<platform>Microsoft Windows Server 2008 R2</platform> | ||
<platform>Microsoft Windows Server 2012</platform> | ||
<platform>Microsoft Windows Server 2012 R2</platform> | ||
<platform>Microsoft Windows Server 2016</platform> | ||
<product>Adobe Acrobat</product> | ||
<product>Adobe Acrobat DC Classic</product> | ||
<product>Adobe Acrobat DC Continuous</product> | ||
<product>Adobe Reader</product> | ||
<product>Adobe Reader DC Classic</product> | ||
<product>Adobe Reader DC Continuous</product> | ||
</affected> | ||
<reference ref_id="CVE-2017-2948" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2948" source="CVE" /> | ||
<description>Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the XFA engine. Successful exploitation could lead to arbitrary code execution.</description> | ||
<oval_repository> | ||
<dates> | ||
<submitted date="2017-01-12T19:07:37+08:00"> | ||
<contributor organization="DTCC">Alexander Chua</contributor> | ||
</submitted> | ||
</dates> | ||
<status>INITIAL SUBMISSION</status> | ||
<min_schema_version>5.10</min_schema_version> | ||
</oval_repository> | ||
</metadata> | ||
<criteria comment="Check for installation of vulnerable Adobe Acrobat and Reader + vulnerable file version" operator="OR"> | ||
<criteria comment="Adobe Acrobat 11 is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Acrobat 11.x is installed" definition_ref="oval:org.mitre.oval:def:16409" /> | ||
<criterion comment="Check if Adobe Acrobat 11 version is less than 11.0.19" test_ref="oval:org.cisecurity:tst:2456" /> | ||
</criteria> | ||
<criteria comment="Adobe Acrobat DC Classic is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Acrobat DC Classic is installed" definition_ref="oval:org.cisecurity:def:687" /> | ||
<criterion comment="Check if Adobe Acrobat DC Classic version is less than 15.006.30279" test_ref="oval:org.cisecurity:tst:2459" /> | ||
</criteria> | ||
<criteria comment="Adobe Acrobat DC Continuous is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Acrobat DC Continuous is installed" definition_ref="oval:org.cisecurity:def:677" /> | ||
<criterion comment="Check if Adobe Acrobat DC Continuous version is less than 15.023.20053" test_ref="oval:org.cisecurity:tst:2454" /> | ||
</criteria> | ||
<criteria comment="Adobe Reader 11 is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Reader 11.x is installed" definition_ref="oval:org.mitre.oval:def:16400" /> | ||
<criterion comment="Check if Adobe Reader 11 version is less than 11.0.19" test_ref="oval:org.cisecurity:tst:2457" /> | ||
</criteria> | ||
<criteria comment="Adobe Reader DC Classic is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Reader DC Classic is installed" definition_ref="oval:org.cisecurity:def:627" /> | ||
<criterion comment="Check if Adobe Reader DC Classic version is less than 15.006.30279" test_ref="oval:org.cisecurity:tst:2458" /> | ||
</criteria> | ||
<criteria comment="Adobe Reader DC Continuous is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Reader DC Continuous is installed" definition_ref="oval:org.cisecurity:def:684" /> | ||
<criterion comment="Check if Adobe Reader DC Continuous version is less than 15.023.20053" test_ref="oval:org.cisecurity:tst:2455" /> | ||
</criteria> | ||
</criteria> | ||
</definition> |
61 changes: 61 additions & 0 deletions
61
repository/definitions/vulnerability/oval_org.cisecurity_def_1734.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:1734" version="1"> | ||
<metadata> | ||
<title>Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability - CVE-2017-2953</title> | ||
<affected family="windows"> | ||
<platform>Microsoft Windows Vista</platform> | ||
<platform>Microsoft Windows 7</platform> | ||
<platform>Microsoft Windows 8</platform> | ||
<platform>Microsoft Windows 8.1</platform> | ||
<platform>Microsoft Windows 10</platform> | ||
<platform>Microsoft Windows Server 2003</platform> | ||
<platform>Microsoft Windows Server 2008</platform> | ||
<platform>Microsoft Windows Server 2008 R2</platform> | ||
<platform>Microsoft Windows Server 2012</platform> | ||
<platform>Microsoft Windows Server 2012 R2</platform> | ||
<platform>Microsoft Windows Server 2016</platform> | ||
<product>Adobe Acrobat</product> | ||
<product>Adobe Acrobat DC Classic</product> | ||
<product>Adobe Acrobat DC Continuous</product> | ||
<product>Adobe Reader</product> | ||
<product>Adobe Reader DC Classic</product> | ||
<product>Adobe Reader DC Continuous</product> | ||
</affected> | ||
<reference ref_id="CVE-2017-2953" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2953" source="CVE" /> | ||
<description>Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module when processing a TIFF image. Successful exploitation could lead to arbitrary code execution.</description> | ||
<oval_repository> | ||
<dates> | ||
<submitted date="2017-01-12T19:07:37+08:00"> | ||
<contributor organization="DTCC">Alexander Chua</contributor> | ||
</submitted> | ||
</dates> | ||
<status>INITIAL SUBMISSION</status> | ||
<min_schema_version>5.10</min_schema_version> | ||
</oval_repository> | ||
</metadata> | ||
<criteria comment="Check for installation of vulnerable Adobe Acrobat and Reader + vulnerable file version" operator="OR"> | ||
<criteria comment="Adobe Acrobat 11 is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Acrobat 11.x is installed" definition_ref="oval:org.mitre.oval:def:16409" /> | ||
<criterion comment="Check if Adobe Acrobat 11 version is less than 11.0.19" test_ref="oval:org.cisecurity:tst:2456" /> | ||
</criteria> | ||
<criteria comment="Adobe Acrobat DC Classic is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Acrobat DC Classic is installed" definition_ref="oval:org.cisecurity:def:687" /> | ||
<criterion comment="Check if Adobe Acrobat DC Classic version is less than 15.006.30279" test_ref="oval:org.cisecurity:tst:2459" /> | ||
</criteria> | ||
<criteria comment="Adobe Acrobat DC Continuous is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Acrobat DC Continuous is installed" definition_ref="oval:org.cisecurity:def:677" /> | ||
<criterion comment="Check if Adobe Acrobat DC Continuous version is less than 15.023.20053" test_ref="oval:org.cisecurity:tst:2454" /> | ||
</criteria> | ||
<criteria comment="Adobe Reader 11 is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Reader 11.x is installed" definition_ref="oval:org.mitre.oval:def:16400" /> | ||
<criterion comment="Check if Adobe Reader 11 version is less than 11.0.19" test_ref="oval:org.cisecurity:tst:2457" /> | ||
</criteria> | ||
<criteria comment="Adobe Reader DC Classic is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Reader DC Classic is installed" definition_ref="oval:org.cisecurity:def:627" /> | ||
<criterion comment="Check if Adobe Reader DC Classic version is less than 15.006.30279" test_ref="oval:org.cisecurity:tst:2458" /> | ||
</criteria> | ||
<criteria comment="Adobe Reader DC Continuous is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Reader DC Continuous is installed" definition_ref="oval:org.cisecurity:def:684" /> | ||
<criterion comment="Check if Adobe Reader DC Continuous version is less than 15.023.20053" test_ref="oval:org.cisecurity:tst:2455" /> | ||
</criteria> | ||
</criteria> | ||
</definition> |
61 changes: 61 additions & 0 deletions
61
repository/definitions/vulnerability/oval_org.cisecurity_def_1735.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:1735" version="1"> | ||
<metadata> | ||
<title>Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability - CVE-2017-2945</title> | ||
<affected family="windows"> | ||
<platform>Microsoft Windows Vista</platform> | ||
<platform>Microsoft Windows 7</platform> | ||
<platform>Microsoft Windows 8</platform> | ||
<platform>Microsoft Windows 8.1</platform> | ||
<platform>Microsoft Windows 10</platform> | ||
<platform>Microsoft Windows Server 2003</platform> | ||
<platform>Microsoft Windows Server 2008</platform> | ||
<platform>Microsoft Windows Server 2008 R2</platform> | ||
<platform>Microsoft Windows Server 2012</platform> | ||
<platform>Microsoft Windows Server 2012 R2</platform> | ||
<platform>Microsoft Windows Server 2016</platform> | ||
<product>Adobe Acrobat</product> | ||
<product>Adobe Acrobat DC Classic</product> | ||
<product>Adobe Acrobat DC Continuous</product> | ||
<product>Adobe Reader</product> | ||
<product>Adobe Reader DC Classic</product> | ||
<product>Adobe Reader DC Continuous</product> | ||
</affected> | ||
<reference ref_id="CVE-2017-2945" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2945" source="CVE" /> | ||
<description>Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability when parsing TIFF image files. Successful exploitation could lead to arbitrary code execution.</description> | ||
<oval_repository> | ||
<dates> | ||
<submitted date="2017-01-12T19:07:37+08:00"> | ||
<contributor organization="DTCC">Alexander Chua</contributor> | ||
</submitted> | ||
</dates> | ||
<status>INITIAL SUBMISSION</status> | ||
<min_schema_version>5.10</min_schema_version> | ||
</oval_repository> | ||
</metadata> | ||
<criteria comment="Check for installation of vulnerable Adobe Acrobat and Reader + vulnerable file version" operator="OR"> | ||
<criteria comment="Adobe Acrobat 11 is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Acrobat 11.x is installed" definition_ref="oval:org.mitre.oval:def:16409" /> | ||
<criterion comment="Check if Adobe Acrobat 11 version is less than 11.0.19" test_ref="oval:org.cisecurity:tst:2456" /> | ||
</criteria> | ||
<criteria comment="Adobe Acrobat DC Classic is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Acrobat DC Classic is installed" definition_ref="oval:org.cisecurity:def:687" /> | ||
<criterion comment="Check if Adobe Acrobat DC Classic version is less than 15.006.30279" test_ref="oval:org.cisecurity:tst:2459" /> | ||
</criteria> | ||
<criteria comment="Adobe Acrobat DC Continuous is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Acrobat DC Continuous is installed" definition_ref="oval:org.cisecurity:def:677" /> | ||
<criterion comment="Check if Adobe Acrobat DC Continuous version is less than 15.023.20053" test_ref="oval:org.cisecurity:tst:2454" /> | ||
</criteria> | ||
<criteria comment="Adobe Reader 11 is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Reader 11.x is installed" definition_ref="oval:org.mitre.oval:def:16400" /> | ||
<criterion comment="Check if Adobe Reader 11 version is less than 11.0.19" test_ref="oval:org.cisecurity:tst:2457" /> | ||
</criteria> | ||
<criteria comment="Adobe Reader DC Classic is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Reader DC Classic is installed" definition_ref="oval:org.cisecurity:def:627" /> | ||
<criterion comment="Check if Adobe Reader DC Classic version is less than 15.006.30279" test_ref="oval:org.cisecurity:tst:2458" /> | ||
</criteria> | ||
<criteria comment="Adobe Reader DC Continuous is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Reader DC Continuous is installed" definition_ref="oval:org.cisecurity:def:684" /> | ||
<criterion comment="Check if Adobe Reader DC Continuous version is less than 15.023.20053" test_ref="oval:org.cisecurity:tst:2455" /> | ||
</criteria> | ||
</criteria> | ||
</definition> |
61 changes: 61 additions & 0 deletions
61
repository/definitions/vulnerability/oval_org.cisecurity_def_1736.xml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
<definition xmlns="http://oval.mitre.org/XMLSchema/oval-definitions-5" class="vulnerability" id="oval:org.cisecurity:def:1736" version="1"> | ||
<metadata> | ||
<title>Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability - CVE-2017-2952</title> | ||
<affected family="windows"> | ||
<platform>Microsoft Windows Vista</platform> | ||
<platform>Microsoft Windows 7</platform> | ||
<platform>Microsoft Windows 8</platform> | ||
<platform>Microsoft Windows 8.1</platform> | ||
<platform>Microsoft Windows 10</platform> | ||
<platform>Microsoft Windows Server 2003</platform> | ||
<platform>Microsoft Windows Server 2008</platform> | ||
<platform>Microsoft Windows Server 2008 R2</platform> | ||
<platform>Microsoft Windows Server 2012</platform> | ||
<platform>Microsoft Windows Server 2012 R2</platform> | ||
<platform>Microsoft Windows Server 2016</platform> | ||
<product>Adobe Acrobat</product> | ||
<product>Adobe Acrobat DC Classic</product> | ||
<product>Adobe Acrobat DC Continuous</product> | ||
<product>Adobe Reader</product> | ||
<product>Adobe Reader DC Classic</product> | ||
<product>Adobe Reader DC Continuous</product> | ||
</affected> | ||
<reference ref_id="CVE-2017-2952" ref_url="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2952" source="CVE" /> | ||
<description>Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable buffer overflow / underflow vulnerability in the image conversion module related to parsing tags in TIFF files. Successful exploitation could lead to arbitrary code execution.</description> | ||
<oval_repository> | ||
<dates> | ||
<submitted date="2017-01-12T19:07:37+08:00"> | ||
<contributor organization="DTCC">Alexander Chua</contributor> | ||
</submitted> | ||
</dates> | ||
<status>INITIAL SUBMISSION</status> | ||
<min_schema_version>5.10</min_schema_version> | ||
</oval_repository> | ||
</metadata> | ||
<criteria comment="Check for installation of vulnerable Adobe Acrobat and Reader + vulnerable file version" operator="OR"> | ||
<criteria comment="Adobe Acrobat 11 is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Acrobat 11.x is installed" definition_ref="oval:org.mitre.oval:def:16409" /> | ||
<criterion comment="Check if Adobe Acrobat 11 version is less than 11.0.19" test_ref="oval:org.cisecurity:tst:2456" /> | ||
</criteria> | ||
<criteria comment="Adobe Acrobat DC Classic is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Acrobat DC Classic is installed" definition_ref="oval:org.cisecurity:def:687" /> | ||
<criterion comment="Check if Adobe Acrobat DC Classic version is less than 15.006.30279" test_ref="oval:org.cisecurity:tst:2459" /> | ||
</criteria> | ||
<criteria comment="Adobe Acrobat DC Continuous is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Acrobat DC Continuous is installed" definition_ref="oval:org.cisecurity:def:677" /> | ||
<criterion comment="Check if Adobe Acrobat DC Continuous version is less than 15.023.20053" test_ref="oval:org.cisecurity:tst:2454" /> | ||
</criteria> | ||
<criteria comment="Adobe Reader 11 is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Reader 11.x is installed" definition_ref="oval:org.mitre.oval:def:16400" /> | ||
<criterion comment="Check if Adobe Reader 11 version is less than 11.0.19" test_ref="oval:org.cisecurity:tst:2457" /> | ||
</criteria> | ||
<criteria comment="Adobe Reader DC Classic is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Reader DC Classic is installed" definition_ref="oval:org.cisecurity:def:627" /> | ||
<criterion comment="Check if Adobe Reader DC Classic version is less than 15.006.30279" test_ref="oval:org.cisecurity:tst:2458" /> | ||
</criteria> | ||
<criteria comment="Adobe Reader DC Continuous is installed + version" operator="AND"> | ||
<extend_definition comment="Adobe Reader DC Continuous is installed" definition_ref="oval:org.cisecurity:def:684" /> | ||
<criterion comment="Check if Adobe Reader DC Continuous version is less than 15.023.20053" test_ref="oval:org.cisecurity:tst:2455" /> | ||
</criteria> | ||
</criteria> | ||
</definition> |
Oops, something went wrong.