Max Moser

**Name of the Vulnerable Software and Affected Versions** CrowdStrike Falcon versions 6.31.14505.0 through 6.44.15806 **Description** A vulnerability was found in the Uninstallation Handler component of CrowdStrike Falcon, related to incorrect implementation of the uninstall protection function. This leads to missing authorization, allowing an attacker to remove the software without a valid token. The manipulation can be launched remotely. **Recommendations** For versions 6.31.14505.0, 6.42.15610, and 6.44.15806, upgrade to version 6.40.15409, 6.42.15611, or 6.44.15807 to address this issue. As a temporary workaround, consider disabling the Uninstallation Handler component until a patch is available. Restrict access to the Uninstallation Protection function to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Telecommunication Software SAMwin Contact Center Suite version 5.1 **Description** A critical issue affects the function `getCurrentDBVersion` in the library `SAMwinLIBVB.dll` of the credential handler, allowing authentication with hard-coded credentials. **Recommendations** For Telecommunication Software SAMwin Contact Center Suite version 5.1, upgrade to version 6.2 to address this issue.

**Name of the Vulnerable Software and Affected Versions** Telecommunication Software SAMwin Contact Center Suite version 5.1 **Description** A critical issue was found in the Password Handler component, specifically affecting the `passwordScramble` function in the `SAMwinLIBVB.dll` library. This is due to an incorrect implementation of a hashing function, leading to predictable authentication possibilities. **Recommendations** For Telecommunication Software SAMwin Contact Center Suite version 5.1, upgrade to version 6.2 to address the issue. It is recommended to upgrade the affected Password Handler component.

**Name of the Vulnerable Software and Affected Versions** Cardo Systems Scala Rider Q3 (affected versions not specified) **Description** A critical issue has been discovered, allowing unauthenticated remote code execution with root permissions. This is related to the file `/cardo/api` of the Cardo-Updater. **Recommendations** For Cardo Systems Scala Rider Q3, consider firewalling or disabling the service as a mitigation measure until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Telecommunication Software SAMwin Contact Center Suite version 5.1 **Description** A critical issue has been found in the software, affecting the `getCurrentDBVersion` function in the `SAMwinLIBVB.dll` library of the database handler. This leads to sql injection. The issue has been publicly disclosed and may be exploited. **Recommendations** For Telecommunication Software SAMwin Contact Center Suite version 5.1, upgrade to version 6.2 to address the issue. As a temporary workaround, consider restricting access to the `getCurrentDBVersion` function in the `SAMwinLIBVB.dll` library until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** HTC One/Sense version 4.x **Description** A problem was found in the certification validation of the mail client. An exploit has been disclosed to the public and may be used. **Recommendations** For HTC One/Sense version 4.x, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** BlackBerry OS versions prior to 10.2.1.1925 **Description** The issue concerns the Storage and Access service, which fails to enforce password requirements for SMB filesystem access. This allows attackers to read arbitrary files under certain conditions, specifically via sessions over Wi-Fi networks or USB connections when the device is in Development Mode. **Recommendations** For versions prior to 10.2.1.1925, update to version 10.2.1.1925 or later to resolve the issue. As a temporary workaround, consider disabling SMB filesystem access or restricting Wi-Fi and USB connections to minimize the risk of exploitation.