Jasiel Spelman

**Name of the Vulnerable Software and Affected Versions** docker-credential-helpers versions prior to 0.6.3 **Description** The issue is related to a double free in the List functions, which can lead to data integrity disruption. **Recommendations** For versions prior to 0.6.3, update to version 0.6.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader versions (affected versions not specified) Adobe Acrobat versions (affected versions not specified) **Description** The issue is caused by a buffer overflow, allowing a remote attacker to execute arbitrary code or cause a denial of service (memory corruption). A memory corruption vulnerability in Adobe Acrobat and Reader enables attackers to execute code. The vulnerability is also related to an out-of-bounds read information disclosure in Adobe Acrobat Pro DC, specifically in the TIFF TAGTYPE parsing during image conversion. **Recommendations** For Adobe Reader, update to a version that contains a fix for this issue. For Adobe Acrobat, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of the TIFF image conversion feature in Adobe Acrobat Pro DC until a patch is available. Avoid using Adobe Acrobat and Reader to open untrusted PDF files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader versions prior to 11.0.15 Adobe Acrobat versions prior to 11.0.15 Adobe Acrobat Document Cloud versions prior to 15.006.30121 Adobe Reader Document Cloud versions prior to 15.006.30121 Adobe Acrobat DC Classic versions prior to 15.006.30121 Adobe Acrobat Reader DC Classic versions prior to 15.006.30121 Adobe Acrobat DC Continuous versions prior to 15.010.20060 Adobe Acrobat Reader DC Continuous versions prior to 15.010.20060 **Description** The issue is related to an untrusted search path vulnerability in Adobe Reader and Acrobat. This vulnerability can be exploited by placing a Trojan horse DLL in an unspecified directory, allowing a local attacker to gain privileges. The vulnerability enables attackers to execute code, potentially leading to privilege escalation. **Recommendations** For Adobe Reader versions prior to 11.0.15, update to version 11.0.15 or later. For Adobe Acrobat versions prior to 11.0.15, update to version 11.0.15 or later. For Adobe Acrobat Document Cloud versions prior to 15.006.30121, update to version 15.006.30121 or later. For Adobe Reader Document Cloud versions prior to 15.006.30121, update to version 15.006.30121 or later. For Adobe Acrobat DC Classic versions prior to 15.006.30121, update to version 15.006.30121 or later. For Adobe Acrobat Reader DC Classic versions prior to 15.006.30121, update to version 15.006.30121 or later. For Adobe Acrobat DC Continuous versions prior to 15.010.20060, update to version 15.010.20060 or later. For Adobe Acrobat Reader DC Continuous versions prior to 15.010.20060, update to version 15.010.20060 or later. As a temporary workaround, consider restricting access to directories where Trojan horse DLLs could be placed, until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Adobe Reader (affected versions not specified) Adobe Acrobat (affected versions not specified) **Description** The issue is related to a use-after-free vulnerability in the implementation of the Search object in Adobe Reader and Acrobat. This vulnerability can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For Adobe Reader, update to a version that includes a fix for this issue. For Adobe Acrobat, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting the use of the Search function in Adobe Reader and Acrobat until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader versions 6.1 through 6.2.x Foxit Reader versions 7.x before 7.2.2 **Description** The issue allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory corruption when an update to the Cloud plugin is available. **Recommendations** For Foxit Reader versions 6.1 through 6.2.x, update to a version after 6.2.x. For Foxit Reader versions 7.x before 7.2.2, update to version 7.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Reader versions (affected versions not specified) **Description** The issue is related to a function called `createSquareMesh` in Adobe's PDF editing and viewing software, which has inadequate access control mechanisms. This can be exploited by a remote attacker to access protected information in the process memory by providing invalid arguments. A memory-leak issue in Adobe Acrobat and Reader allows attackers to affect the system. **Recommendations** For Adobe Acrobat, update to a version that addresses the `createSquareMesh` function issue. For Adobe Reader, consider disabling the `createSquareMesh` function as a temporary workaround until a patch is available. Restrict access to sensitive information in PDF files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader and Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to the `loadFlashMovie` function in Adobe's PDF editing and viewing software, which has inadequate access control mechanisms. This can be exploited by a remote attacker to access protected information in the process memory by providing invalid arguments. A memory-leak issue in Adobe Acrobat and Reader allows attackers to affect the system. **Recommendations** For Adobe Acrobat and Adobe Acrobat Document Cloud, update to a version that addresses the `loadFlashMovie` function issue. For Adobe Reader and Adobe Reader Document Cloud, update to a version that addresses the `loadFlashMovie` function issue. As a temporary workaround, consider disabling the `loadFlashMovie` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat and Adobe Acrobat Document Cloud (affected versions not specified) Adobe Reader and Adobe Reader Document Cloud (affected versions not specified) **Description** The issue is related to the implementation of animations in PDF editing and viewing software, specifically concerning flaws in access control mechanisms. This can allow a remote attacker to access protected information in the process memory by invoking a function. A memory-leak issue in Adobe Acrobat and Reader enables attackers to impact the system. **Recommendations** For Adobe Acrobat and Adobe Acrobat Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Adobe Reader and Adobe Reader Document Cloud, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in the ANSendForFormDistribution method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can allow a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, consider disabling the `ANSendForFormDistribution` method until a patch is available. For Adobe Acrobat Document Cloud, restrict access to the affected JavaScript API to minimize the risk of exploitation. For Adobe Reader, avoid using the JavaScript API in the affected versions until the issue is resolved. For Adobe Reader Document Cloud, as a temporary workaround, consider restricting the use of the `ANSendForFormDistribution` method until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in the DynamicAnnotStore method of Adobe PDF editing and viewing software. This can be exploited by a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the DynamicAnnotStore method issue. For Adobe Acrobat Document Cloud, restrict access to the DynamicAnnotStore method until a patch is available. For Adobe Reader, consider disabling JavaScript execution in Adobe Reader until the issue is resolved. For Adobe Reader Document Cloud, avoid using the DynamicAnnotStore method in Adobe Reader Document Cloud until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in the CBSharedReviewIfOfflineDialog method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can allow a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the CBSharedReviewIfOfflineDialog method issue. For Adobe Acrobat Document Cloud, restrict access to the CBSharedReviewIfOfflineDialog method until a patch is available. For Adobe Reader, consider disabling JavaScript execution in Adobe Reader until the issue is resolved. For Adobe Reader Document Cloud, avoid using the CBSharedReviewIfOfflineDialog method in Adobe Reader Document Cloud until a fix is provided. As a temporary workaround, consider restricting access to JavaScript API execution in Adobe Acrobat and Adobe Reader to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in Adobe Acrobat and Adobe Reader. It allows a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, consider disabling JavaScript execution until a patch is available. For Adobe Acrobat Document Cloud, restrict access to sensitive functions to minimize the risk of exploitation. For Adobe Reader, avoid using the `ANRunSharedReviewEmailStep` function in the affected API endpoint until the issue is resolved. For Adobe Reader Document Cloud, as a temporary workaround, consider disabling the execution of JavaScript code in PDF files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in the CBSharedReviewSecurityDialog method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can allow a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the CBSharedReviewSecurityDialog method issue. For Adobe Acrobat Document Cloud, consider restricting access to the CBSharedReviewSecurityDialog method until a patch is available. For Adobe Reader, avoid using the JavaScript API in the affected CBSharedReviewSecurityDialog method until the issue is resolved. For Adobe Reader Document Cloud, as a temporary workaround, consider disabling the execution of JavaScript in the CBSharedReviewSecurityDialog method until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in the CBSharedReviewStatusDialog method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can be exploited by a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the CBSharedReviewStatusDialog method issue. For Adobe Acrobat Document Cloud, restrict access to the CBSharedReviewStatusDialog method until a patch is available. For Adobe Reader, avoid using the JavaScript API in the affected CBSharedReviewStatusDialog method until the issue is resolved. For Adobe Reader Document Cloud, consider disabling the CBSharedReviewStatusDialog method as a temporary workaround until a fix is provided. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in Adobe Acrobat and Adobe Reader. It allows a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the ANTrustPropagateAll method issue. For Adobe Acrobat Document Cloud, restrict access to JavaScript API until a patch is available. For Adobe Reader, consider disabling JavaScript execution in affected versions until a fix is provided. For Adobe Reader Document Cloud, avoid using the vulnerable JavaScript API in the affected software until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in Adobe Acrobat and Adobe Reader. It allows a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, consider disabling JavaScript execution until a patch is available. For Adobe Acrobat Document Cloud, restrict access to the `ANSendForApproval` function to minimize the risk of exploitation. For Adobe Reader, avoid using the JavaScript API in affected versions until the issue is resolved. For Adobe Reader Document Cloud, as a temporary workaround, consider disabling the execution of JavaScript code until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in Adobe Acrobat and Adobe Reader. It allows a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, consider disabling the `ANSendForSharedReview` function until a patch is available. For Adobe Acrobat Document Cloud, restrict access to the vulnerable JavaScript API to minimize the risk of exploitation. For Adobe Reader, avoid using the JavaScript API in the affected versions until the issue is resolved. For Adobe Reader Document Cloud, consider applying configuration changes to limit the execution of JavaScript code. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Reader versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in the CBAutoConfigCommentRepository method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can allow a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the CBAutoConfigCommentRepository method issue. For Adobe Acrobat Reader, consider disabling JavaScript execution until a patch is available. For Adobe Acrobat Document Cloud, restrict access to the CBAutoConfigCommentRepository method until a fix is released. For Adobe Reader, avoid using the affected JavaScript API until the issue is resolved. For Adobe Reader Document Cloud, as a temporary workaround, consider disabling the `CBAutoConfigCommentRepository` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain features in the ANShareFile2 method of Adobe Acrobat and Adobe Acrobat Document Cloud for editing PDF files, and Adobe Reader and Adobe Reader Document Cloud for viewing PDF files. This can allow a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, update to a version that addresses the ANShareFile2 method issue. For Adobe Acrobat Document Cloud, update to a version that addresses the ANShareFile2 method issue. For Adobe Reader, update to a version that addresses the ANShareFile2 method issue. For Adobe Reader Document Cloud, update to a version that addresses the ANShareFile2 method issue. As a temporary workaround, consider disabling the `ANShareFile2` method until a patch is available. Restrict access to the JavaScript API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat versions (affected versions not specified) Adobe Acrobat Document Cloud versions (affected versions not specified) Adobe Reader versions (affected versions not specified) Adobe Reader Document Cloud versions (affected versions not specified) **Description** The issue is related to insufficient access restrictions to certain functions in Adobe Acrobat and Adobe Reader. It allows a remote attacker to bypass JavaScript execution restrictions. **Recommendations** For Adobe Acrobat, consider disabling JavaScript execution until a patch is available. For Adobe Acrobat Document Cloud, restrict access to sensitive functions to minimize the risk of exploitation. For Adobe Reader, avoid using the `ANSendForBrowserReview` function in affected API endpoints until the issue is resolved. For Adobe Reader Document Cloud, limit the use of JavaScript API to prevent bypassing restrictions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.