Jan Schejbal

**Nome do software vulnerável e versões afetadas** Versões do Paramiko anteriores à 2.10.1 **Descrição** O problema está relacionado a uma condição de corrida na função `write private key file`, o que poderia permitir a divulgação não autorizada de informações devido a erros de sincronização ao usar um recurso compartilhado. Isso poderia, potencialmente, permitir que um invasor acessasse informações confidenciais. **Recomendações** Para versões do Paramiko anteriores à 2.10.1, atualize para a versão 2.10.1 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso à função `write private key file` até que um patch esteja disponível.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.19.6 MediaWiki versions 1.20.x prior to 1.20.5 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks. This can be demonstrated by a CDATA section containing valid UTF-7 encoded sequences in an SVG file, which is then incorrectly interpreted as UTF-8 by browsers like Chrome and Firefox. **Recommendations** For MediaWiki versions prior to 1.19.6, update to version 1.19.6 or later. For MediaWiki versions 1.20.x prior to 1.20.5, update to version 1.20.5 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.17.x through 1.17.2 MediaWiki versions 1.18.x through 1.18.1 **Description** A cross-site request forgery (CSRF) issue exists in the Special:Upload feature, allowing remote attackers to hijack the authentication of victims for file upload requests. **Recommendations** For MediaWiki versions 1.17.x through 1.17.2, update to version 1.17.3 or later. For MediaWiki versions 1.18.x through 1.18.1, update to version 1.18.2 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 9 **Description** An information disclosure issue exists, allowing attackers to gain access to information in another domain or Internet Explorer zone. This can be exploited through a specially crafted web page, potentially enabling an attacker to view content from another domain or zone if a user views the web page. **Recommendations** For Microsoft Internet Explorer versions 6 through 9, consider restricting access to potentially malicious web pages to minimize the risk of information disclosure until a fix is available. As a temporary workaround, users should be cautious when performing copy-and-paste operations from untrusted sources.