EUVD-2026-28620

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

CVE-2026-43336

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

UBUNTU-CVE-2026-43336

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

CVE-2026-43336

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

CVE-2026-43336

In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permutedstate before it leaves scope Since the ChaCha permutation is invertible, the local variable 'permutedstate' is sufficient to compute the original 'state', and thus the key, even after the...

CVE-2026-43336

CVE-2026-43336 – linux kernel ChaCha secret handling : The vulnerability arises in lib/crypto: chacha where the permuted_state is not zeroized before leaving scope, allowing the original state (and thus the key) to be inferred after the permutation. The documented fix is to explicitly zeroize per...

DNS Spider Multithreaded Bruteforcer 1.5

DNS Spider is a multi-threaded bruteforcer of subdomains that leverages a wordlist and/or character permutation...

CVE-2026-32129

soroban-poseidon provides Poseidon and Poseidon2 cryptographic hash functions for Soroban smart contracts. Poseidon V1 PoseidonSponge accepts variable-length inputs without injective padding. When a caller provides fewer inputs than the sponge rate inputs.len k, hashm1, ..., mk equals hashm1, ......

GHSA-HHJV-JQ77-CMVX zeptoclaw has Android device shell blocklist bypass via argument permutation

Summary zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such ...

zeptoclaw has Android device shell blocklist bypass via argument permutation

Summary zeptoclaw implements a blocklist to prevent dangerous commands running in android device shell, but this blocklist has several blocked commands with argements in the pattern literal, such as rm -f and rm -rf, this can be simply bypassed by using different orders for these arguments, such ...

On One-Shot Signatures, Quantum Vs Classical Binding, and Obfuscating Permutations

One-shot signatures OSS were defined by Amos, Georgiou, Kiayias, and Zhandry STOC'20. These allow for signing exactly one message, after which the signing key self-destructs, preventing a second message from ever being signed. While such an object is impossible classically, Amos et al observe tha...

Restricted Boltzmann Machine As a Probabilistic Enigma

We theoretically propose a symmetric encryption scheme based on Restricted Boltzmann Machines that functions as a probabilistic Enigma device, encoding information in the marginal distributions of visible states while utilizing bias permutations as cryptographic keys. Theoretical analysis reveals...

Distortion Search, a Web Search Privacy Heuristic

Search engines have vast technical capabilities to retain Internet search logs for each user and thus present major privacy vulnerabilities to both individuals and organizations in revealing user intent. Additionally, many of the web search privacy enhancing tools available today require that the...

Lightweight Hybrid Block-Stream Cryptographic Algorithm for the Internet of Things

In this thesis, a novel lightweight hybrid encryption algorithm named SEPAR is proposed, featuring a 16-bit block length and a 128-bit initialization vector. The algorithm is designed specifically for application in Internet of Things IoT technology devices. The design concept of this algorithm i...

A Novel Feature-Aware Chaotic Image Encryption Scheme for Data Security and Privacy in IoT and Edge Networks

The security of image data in the Internet of Things IoT and edge networks is crucial due to the increasing deployment of intelligent systems for real-time decision-making. Traditional encryption algorithms such as AES and RSA are computationally expensive for resource-constrained IoT devices and...

GHSA-8M24-3CFX-9FJW sp1 has insufficient observation of cumulative sum

During proof generation, the prover must observe all values sent to the verifier to generate valid Fiat-Shamir challenges. Prior to v3.0.0 the cumulative sum of the permutation argument was not observed when sampling zeta, which is a random challenge sampled to force the constraints to be true. I...

sp1 has insufficient observation of cumulative sum

During proof generation, the prover must observe all values sent to the verifier to generate valid Fiat-Shamir challenges. Prior to v3.0.0 the cumulative sum of the permutation argument was not observed when sampling zeta, which is a random challenge sampled to force the constraints to be true. I...

PT-2024-40198 · Sp1 · Sp1

Name of the Vulnerable Software and Affected Versions: SP1 versions prior to 3.0.0 Description: The issue arises during proof generation, where the prover must observe all values sent to the verifier to generate valid Fiat-Shamir challenges. In versions prior to 3.0.0, the cumulative sum of the...

Fedora: Security Advisory for rust-uu_shuf (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

AzSubEnum - Azure Service Subdomain Enumeration

AzSubEnum is a specialized subdomain enumeration tool tailored for Azure services. This tool is designed to meticulously search and identify subdomains associated with various Azure services. Through a combination of techniques and queries, AzSubEnum delves into the Azure domain structure,...