9 matches found
Finite-Size Security of QKD: Comparison of Three Proof Techniques
We compare three proof techniques for composable finite-size security of quantum key distribution under collective attacks, with emphasis on how the resulting secret-key rates behave at practically relevant block lengths. As a benchmark, we consider the BB84 protocol and evaluate finite-size...
CVE-2019-15714
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations...
Mirror Mirror on the Wall, Have I Forgotten It All? A New Framework for Evaluating Machine Unlearning
Machine unlearning methods take a model trained on a dataset and a forget set, then attempt to produce a model as if it had only been trained on the examples not in the forget set. We empirically show that an adversary is able to distinguish between a mirror model a control model produced by...
Entropic Path Traversal Vulnerability
Entropic is a package registry with a command line interface. Entropic suffers from a path traversal vulnerability. The vulnerability stems from a failure of a networked system or product to properly filter for specific elements in a resource or file path. An attacker could use this vulnerability...
CVE-2019-15714
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations...
CVE-2019-15714
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations...
Directory traversal
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations...
CVE-2019-15714
CVE-2019-15714 affects Entropic prior to 2019-06-13. The vulnerability arises in cli/lib/main.js, which does not reject the / and \ characters in command names, enabling a directory traversal in unusual situations. Impact details are limited in the provided documents; they describe potential path...
CVE-2019-15714
cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations...