CVE-2023-43809

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless...

CVE-2023-23866

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Carlos Moreira Interactive Geo Maps plugin = 1.5.8 versions...

CVE-2023-3577

Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF...

CVE-2022-24315

A CWE-125: Out-of-bounds Read vulnerability exists that could cause denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

CVE-2022-24312

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause modification of an existing file by adding at end of file or create a new file in the context of the Data Server potentially leading to remote code execution when an attacker sends a...

CVE-2022-4393

The ImageLinks Interactive Image Builder for WordPress plugin through 1.5.3 does not sanitise and escape some of its settings, which could allow users such as contributor+ to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-43711

Interactive Forms IAF in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks XSS because the CSP header uses eval in the script-src...

CVE-2022-43710

Interactive Forms IAF in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery CSRF because the unique token could be deduced using the names of all input fields...

CVE-2022-24314

A CWE-125: Out-of-bounds Read vulnerability exists that could cause memory leaks potentially resulting in denial of service when an attacker repeatedly sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020 and prior...

CVE-2022-3365

Due to reliance on a trivial substitution cipher, sent in cleartext, and the reliance on a default password when the user does not set a password, the Remote Mouse Server by Emote Interactive can be abused by attackers to inject OS commands over theproduct's custom control protocol. A Metasploit...

CVE-2022-24313

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could cause a stack-based buffer overflow potentially leading to remote code execution when an attacker sends a specially crafted message. Affected Product: Interactive Graphical SCADA System Data Server V15.0.0.22020...

CVE-2021-35448

Emote Interactive Remote Mouse 3.008 on Windows allows attackers to execute arbitrary programs as Administrator by using the Image Transfer Folder feature to navigate to cmd.exe. It binds to local ports to listen for incoming connections...

CVE-2021-22824

A CWE-120: Buffer Copy without Checking Size of Input vulnerability exists that could result in denial of service, due to missing length check on user-supplied data from a constructed message received on the network. Affected Product: Interactive Graphical SCADA System Data Collector dc.exe...

CVE-2019-6827

A CWE-787: Out-of-bounds Write vulnerability exists in Interactive Graphical SCADA System IGSS, Version 14 and prior, which could cause a software crash when data in the mdb database is manipulated...

CVE-1999-0408

Files created from interactive shell sessions in Cobalt RaQ microservers e.g. .bashhistory are world readable, and thus are accessible from the web server...

CVE-1999-0159

Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt such as a login. This applies to some IOS 9.x, 10.x, and 11.x releases...

Pura: an Efficient Privacy-Preserving Solution for Face Recognition

Face recognition is an effective technology for identifying a target person by facial images. However, sensitive facial images raises privacy concerns. Although privacy-preserving face recognition is one of potential solutions, this solution neither fully addresses the privacy concerns nor is...

Private LoRA Fine-Tuning of Open-Source LLMs with Homomorphic Encryption

Preserving data confidentiality during the fine-tuning of open-source Large Language Models LLMs is crucial for sensitive applications. This work introduces an interactive protocol adapting the Low-Rank Adaptation LoRA technique for private fine-tuning. Homomorphic Encryption HE protects the...

Comparing Classical and Quantum Conditional Disclosure of Secrets

The conditional disclosure of secrets CDS setting is among the most basic primitives studied in information-theoretic cryptography. Motivated by a connection to non-local quantum computation and position-based cryptography, CDS with quantum resources has recently been considered. Here, we study t...

Configure a Proper SSH Service Authentication Mode

A proper authentication mode helps ensure user and system data security. Typically, the user/password authentication mode is suitable for human-machine users. In non-interactive login scenarios, the public and private keys are suitable for authentication. In high-risk scenarios, only the public a...