Valtimo has sensitive data exposure through HTTP request/response logging in LoggingRestClientCustomizer

Summary The LoggingRestClientCustomizer in the web module automatically intercepts all outgoing HTTP calls made via Spring's RestClient and logs the full request body, response body, and response headers. When an error response is received, this information is included in the thrown...

openSUSE 16 Security Update : iproute2 (openSUSE-SU-2026:20696-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20696-1 advisory. Security issues fixed: - CVE-2024-58251: terminal lock up via ANSI terminal escape sequence set in argv0 bsc1254324. Other updates and bugfixes: - Fix...

CVE-2026-30495

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes Android Debug Bridge ADB on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binar...

CVE-2026-43377

A flaw was found in ksmbd in the Linux kernel. When KSMBDDEBUGAUTH logging is enabled, sensitive session, signing, encryption, and decryption key bytes are logged. This can lead to information disclosure, potentially exposing user credentials...

CVE-2026-41931

Vvveb before version 1.0.8.2 contains an information disclosure vulnerability that allows unauthenticated attackers to obtain sensitive server information by triggering unhandled exceptions in the password-reset module. Attackers can access the admin password-reset endpoint to trigger a fatal err...

CVE-2026-43302

A flaw was found in the Linux kernel's V3D graphics driver. When the Direct Memory Access DMA Application Programming Interface API debug option is enabled, the kernel may report a segment size mismatch. This occurs because the 'maxsegsize' parameter is not correctly configured, leading to warnin...

EUVD-2026-28572

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...

CVE-2026-43377

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Don't log keys in SMB3 signing and encryption key generation When KSMBDDEBUGAUTH logging is enabled, generatesmb3signingkey and generatesmb3encryptionkey log the session, signing, encryption, and decryption key bytes. Remo...

CVE-2026-43377

CVE-2026-43377 affects ksmbd in the Linux kernel where, under KSMBD_DEBUG_AUTH logging, generate_smb3signingkey() and generate_smb3encryptionkey() log session, signing, encryption, and decryption key bytes. The issue allows potential information disclosure by exposing credentials through verbose ...

CVE-2026-43302

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...

UBUNTU-CVE-2026-43302

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...

CVE-2026-43302

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...

CVE-2026-43302

CVE-2026-43302 affects the Linux kernel with the drm/v3d DMA API debug path. A vulnerability was resolved by ensuring max_seg_size is set to the maximum, preventing debug_dma_map_sg() warnings about SG segment lengths (len=8290304, max=65536) when V3D rendering is used with CONFIG_DMA_API_DEBUG e...

CVE-2026-43302

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...

CVE-2026-43302 drm/v3d: Set DMA segment size to avoid debug warnings

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...

CVE-2026-43302

In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Set DMA segment size to avoid debug warnings When using V3D rendering with CONFIGDMAAPIDEBUG enabled, the kernel occasionally reports a segment size mismatch. This is because 'maxsegsize' is not set. The kernel defaults ...

CVE-2026-43296

In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs share an SMQ and transmit concurrently. Additionally, PSE may deadlock on transitions between stick...

PT-2026-38944

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the drm/v3d component where the max seg size is not set when using V3D rendering with CONFIG DMA API DEBUG enabled. This causes the kernel to default to a 64K segment...

PT-2026-39038

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description When KSMBD DEBUG AUTH logging is enabled, the functions generate smb3signingkey and generate smb3encryptionkey log session, signing, encryption, and decryption key bytes, which can lead ...

Active Debug Code

Overview Affected versions of this package are vulnerable to Active Debug Code via the Installer process. An attacker can access sensitive server configuration, environment variables, filesystem paths, and loaded PHP extensions by sending an unauthenticated GET request with the phpinfo parameter...