None

**Name of the Vulnerable Software and Affected Versions** GitHub Enterprise Server versions prior to 3.6 **Description** A stored XSS issue was identified, allowing the injection of arbitrary attributes, which was blocked by GitHub's Content Security Policy (CSP). This issue was reported via the GitHub Bug Bounty program. **Recommendations** For versions prior to 3.3.11, update to version 3.3.11 or later. For versions prior to 3.4.6, update to version 3.4.6 or later. For versions prior to 3.5.3, update to version 3.5.3 or later. As a temporary workaround, consider restricting access to attributes that can be injected until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MAVLink protocol (affected versions not specified) **Description** The issue affects the Micro Air Vehicle Link (MAVLink) protocol, allowing a remote attacker to gain access to sensitive information if they have access to the communication medium. The protocol, by design, does not perform encryption to improve transfer and reception speed and efficiency. This has led to its use in insecure communication channels, exposing sensitive information to remote attackers who can intercept network traffic. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MAVLink version 1.0 **Description** The Micro Air Vehicle Link (MAVLink) protocol lacks an authentication mechanism in version 1.0, leading to potential attacks such as identity spoofing, unauthorized access, and PITM attacks. Version 2.0 optionally allows for package signing, which mitigates this issue. However, the authentication system in version 2.0 is based on HMAC and requires the use of the same symmetric key in all devices on the network. If a device and its symmetric key are compromised, the entire authentication system may be unreliable. **Recommendations** For MAVLink version 1.0, consider upgrading to version 2.0 to utilize the optional package signing feature, which can help mitigate the lack of authentication. For MAVLink version 2.0, ensure that the same symmetric key is used in all devices on the network to maintain the reliability of the authentication system. As a temporary workaround, restrict access to the network to minimize the risk of exploitation.