Jan Schejbal

**Name of the Vulnerable Software and Affected Versions** Paramiko versions prior to 2.10.1 **Description** The issue is related to a race condition in the `write private key file` function, which could allow unauthorized information disclosure due to synchronization errors when using a shared resource. This could potentially enable an attacker to access confidential information. **Recommendations** For Paramiko versions prior to 2.10.1, update to version 2.10.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `write private key file` function until a patch is available.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.19.6 MediaWiki versions 1.20.x prior to 1.20.5 **Description** The issue allows remote attackers to conduct cross-site scripting (XSS) attacks. This can be demonstrated by a CDATA section containing valid UTF-7 encoded sequences in an SVG file, which is then incorrectly interpreted as UTF-8 by browsers like Chrome and Firefox. **Recommendations** For MediaWiki versions prior to 1.19.6, update to version 1.19.6 or later. For MediaWiki versions 1.20.x prior to 1.20.5, update to version 1.20.5 or later.

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions 1.17.x through 1.17.2 MediaWiki versions 1.18.x through 1.18.1 **Description** A cross-site request forgery (CSRF) issue exists in the Special:Upload feature, allowing remote attackers to hijack the authentication of victims for file upload requests. **Recommendations** For MediaWiki versions 1.17.x through 1.17.2, update to version 1.17.3 or later. For MediaWiki versions 1.18.x through 1.18.1, update to version 1.18.2 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 9 **Description** An information disclosure issue exists, allowing attackers to gain access to information in another domain or Internet Explorer zone. This can be exploited through a specially crafted web page, potentially enabling an attacker to view content from another domain or zone if a user views the web page. **Recommendations** For Microsoft Internet Explorer versions 6 through 9, consider restricting access to potentially malicious web pages to minimize the risk of information disclosure until a fix is available. As a temporary workaround, users should be cautious when performing copy-and-paste operations from untrusted sources.