Sze Yiu Chau

Researcher fromThe Chinese University of Hong Kong
#10185of 53,635
27.1Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2021-5619
4.3
2021-09-24
Google · Google Chrome · CVE-2021-37964
**Name of the Vulnerable Software and Affected Versions** Google Chrome on ChromeOS versions prior to 94.0.4606.54 **Description** The issue is related to inappropriate implementation in ChromeOS Networking, allowing a remote attacker with a rogue wireless access point to potentially carry out a wifi impersonation attack via a crafted ONC file. This could enable the attacker to gain privileged access to the infrastructure. **Recommendations** For Google Chrome on ChromeOS versions prior to 94.0.4606.54, update to version 94.0.4606.54 or later to resolve the issue. As a temporary workaround, consider restricting access to wireless networks until the update is applied. Avoid using crafted ONC files in the affected API endpoint until the issue is resolved.
PT-2018-13228
7.5
2018-09-26
Openswan · Openswan · CVE-2018-15836
**Name of the Vulnerable Software and Affected Versions** Openswan versions prior to 2.6.50.1 **Description** The issue concerns the RSA implementation in the verify signed hash() function, which fails to verify the padding string value during PKCS#1 v1.5 signature verification. This allows a remote attacker to forge signatures, particularly when small public exponents are used. The IKEv2 signature verification is affected when RAW RSA keys are used. **Recommendations** For versions prior to 2.6.50.1, update to version 2.6.50.1 or later to resolve the issue.
PT-2018-13429
7.5
2018-09-24
Alt Linux · Alt Linux · CVE-2018-16152
**Name of the Vulnerable Software and Affected Versions** No information is available about the vulnerable software and its affected versions. **Description** The issue is related to a security problem, but specific details are not provided. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-3465
7.8
2018-09-24
Strongswan · Strongswan · CVE-2018-16151
Name of the Vulnerable Software and Affected Versions: strongSwan versions 4.x through 5.x before 5.7.0 Description: The issue is related to the verify emsa pkcs1 signature() function in the gmp plugin, which does not correctly verify cryptographic signatures. This can allow a remote attacker to forge signatures when small public exponents are used, potentially leading to impersonation when only an RSA signature is used for IKEv2 authentication. Recommendations: For strongSwan versions 4.x through 5.x before 5.7.0, update to version 5.7.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of small public exponents in RSA signatures until a patch is available.