Robert Foggia

**Name of the Vulnerable Software and Affected Versions** NSSLGlobal SatLink VSAT Modem Unit (VMU) versions prior to 18.1.0 **Description** The issue affects the web interface of the device, where input for error messages is not properly sanitized. This allows for the injection of client-side code. **Recommendations** For versions prior to 18.1.0, update to version 18.1.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** IPsec-Tools version 0.8.2 **Description** The issue concerns a computational-complexity attack that can be remotely exploited when parsing and storing ISAKMP fragments. This occurs because the implementation allows a remote attacker to exhaust computational resources by sending ISAKMP fragment packets in a specific order, resulting in the worst-case computational complexity in the algorithm used for fragment reassembly. **Recommendations** For IPsec-Tools version 0.8.2, consider restricting access to the racoon daemon to minimize the risk of exploitation until a patch is available. As a temporary workaround, limiting the reception of ISAKMP fragment packets may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 3.4.x through 3.4.8 **Description** A cross-site scripting (XSS) issue exists in the setup interface, allowing remote attackers to inject arbitrary web script or HTML. This is achieved by manipulating the `host` parameter in the libraries/config/ConfigFile.class.php file. **Recommendations** For phpMyAdmin versions 3.4.x through 3.4.8, update to version 3.4.9 or later to resolve the issue.