Digignome

**Name of the Vulnerable Software and Affected Versions** Music Center for PC versions 1.0.02 and earlier **Description** The issue is related to an unvalidated software update vulnerability. This could allow a man-in-the-middle attacker to tamper with an update file and inject executable files. **Recommendations** For Music Center for PC versions 1.0.02 and earlier, update to a version later than 1.0.02 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FLET'S VIRUS CLEAR Easy Setup & Application Tool versions 13.0 and earlier FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool versions 13.0 and earlier **Description** The issue is related to an untrusted search path vulnerability in the installer. This vulnerability allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. **Recommendations** For FLET'S VIRUS CLEAR Easy Setup & Application Tool versions 13.0 and earlier, consider removing any potentially malicious DLL files from directories that could be included in the system's search path until a fix is available. For FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool versions 13.0 and earlier, restrict access to directories that may contain Trojan horse DLLs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Music Center for PC versions 1.0.01 and earlier **Description** The issue allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. This is due to an untrusted search path vulnerability. **Recommendations** For Music Center for PC versions 1.0.01 and earlier, update to a version later than 1.0.01 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** The CRCA user's Software versions 1.8 and earlier **Description** The issue concerns an untrusted search path vulnerability in the electronic authentication system. This vulnerability allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. **Recommendations** For versions 1.8 and earlier, update to a version later than 1.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** RBB SPEED TEST App for Android versions 2.0.3 and earlier RBB SPEED TEST App for iOS versions 2.1.0 and earlier **Description** The issue concerns the failure to verify X.509 certificates from SSL servers, allowing man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. **Recommendations** For RBB SPEED TEST App for Android versions 2.0.3 and earlier, update to a version that properly verifies X.509 certificates. For RBB SPEED TEST App for iOS versions 2.1.0 and earlier, update to a version that properly verifies X.509 certificates. As a temporary workaround, consider disabling the use of SSL connections in the app until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Electronic tendering and bid opening system versions prior to June 12, 2017 **Description** The issue concerns an untrusted search path vulnerability in the Installer of the Electronic tendering and bid opening system. This vulnerability allows an attacker to execute arbitrary code via a specially crafted executable file in an unspecified directory. **Recommendations** For versions prior to June 12, 2017, update the system to a version released after June 12, 2017, to resolve the issue. As a temporary workaround, consider restricting access to the Installer to minimize the risk of exploitation.