Gareth C

**Name of the Vulnerable Software and Affected Versions** Libxmp versions 4.6.2 and earlier **Description** The issue is a stack-based buffer overflow in the `depack pha` function in `loaders/prowizard/pha.c`, which occurs when processing a malformed Pha format tracker module in a `.mod` file. **Recommendations** For Libxmp versions 4.6.2 and earlier, consider restricting the use of the `depack pha` function in `loaders/prowizard/pha.c` until a patch is available. Avoid using the `pha.c` loader with untrusted `.mod` files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Audiocodes MP-202b version 4.4.3 **Description** The issue allows a remote attacker to escalate privileges via the login page of the web interface. This is due to a cross site scripting vulnerability. **Recommendations** For version 4.4.3, consider disabling access to the login page of the web interface until a patch is available. Restrict access to the web interface to minimize the risk of exploitation. Avoid using the web interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.