0perator (>=0.1.0 <=0.3.0), 0pflow (>=0.1.0 <=0.1.0-dev.f5622ac) +1825 more potentially affected by CVE-2026-44902 via @opentelemetry/exporter-prometheus (>=0.10.2 <=0.216.0)

@opentelemetry/exporter-prometheus NPM version =0.10.2, =0.1.0, =0.1.0, =0.1.1, =0.0.1, =0.8.0, =0.1.1, =0.1.1, =0.1.1, =0.1.8, =0.1.5, =0.0.0-dev-nicolas-fix-publishing-aurora-mcp-1750279939, =0.0.65, =0.3.4, =0.1.0, =0.4.0, =5.0.1-staging.f17326334 and more Source cves: CVE-2026-44902 Source...

CVE-2026-34060

Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the rubyLsp.branch VS Code workspace setting was interpolated without sanitization into a generated Gemfile, allowing arbitrary Ruby code execution when a...

Ruby LSP 代码注入漏洞

Ruby LSP is an open-source Ruby language server developed by Shopify. It provides code completion and debugging features. Versions of Ruby LSP prior to 0.10.2 and 0.26.9 contained a code injection vulnerability. This vulnerability stemmed from the fact that the Gemfile generated by rubyLsp.branch...

libtpms-devel-0.10.2-1.1 on GA media (moderate)

libtpms-devel-0.10.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10422-1 Rating: moderate Cross-References: CVE-2026-21444 CVSS scores: CVE-2026-21444 SUSE : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2026-21444 SUSE : 6...

SUSE CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

gistit-daemon (>=0.2.0 <=0.2.1), libp2p (>=0.42.0 <=0.42.2) +3 more potentially affected by CVE-2026-32314 via yamux (=0.10.2)

yamux CARGO version =0.10.2 is affected by a known vulnerability. The following packages have a transitive dependency on yamux and may be impacted: - gistit-daemon =0.2.0, =0.42.0, =0.42.2 - libp2p-bitswap =0.21.0 - libp2p-swarm-test =0.1.0 - libp2p-yamux =0.35.0 Source cves: CVE-2026-32314 Sourc...

Fedora 42 : python-uv-build / rust-ambient-id / uv (2026-086a367966)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2026-086a367966 advisory. Update uv and python-uv-build to 0.10.2. There are some minor breaking changes in uv; most users should not have to change anything. See...

[SECURITY] Fedora 43 Update: libtpms-0.10.2-1.fc43

A library providing TPM functionality for VMs. Targeted for integration into Qemu...

Fedora 43 : libtpms (2026-21a2a74849)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-21a2a74849 advisory. Upgrade to libtpms 0.10.2 fixing CVE-2026-21444 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

MiracleLinux 4 : libvirt-0.10.2-64.1.0.1.AXS4 (AXSA:2019-3887:01)

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2019-3887:01 advisory. Security Fix - Microarchitectural Store Buffer Data Sampling MSBDS: Store Buffer CVE-2018-12126 - Microarchitectural Load Port Data Sampling MLDPDS:...

UBUNTU-CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444

CVE-2026-21444 affects libtpms when integrated with OpenSSL 3.x, with vulnerable versions 0.10.0 and 0.10.1. The issue is that the library returns the initial IV instead of the last IV for certain symmetric ciphers, weakening confidentiality. Affected deployments using OpenSSL 3.x are at risk of ...

CVE-2026-21444 libtpms returns wrong initialization vector when certain symmetric ciphers are used

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444 libtpms returns wrong initialization vector when certain symmetric ciphers are used

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

CVE-2026-21444

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

EUVD-2026-0753

libtpms, a library that provides software emulation of a Trusted Platform Module, has a flaw in versions 0.10.0 and 0.10.1. The commonly used integration of libtpms with OpenSSL 3.x contained a vulnerability related to the returned IV initialization vector when certain symmetric ciphers were used...

PT-2026-1122

Name of the Vulnerable Software and Affected Versions libtpms versions 0.10.0 through 0.10.1 Description libtpms, a library providing software emulation of a Trusted Platform Module, contains a flaw impacting data confidentiality. When integrated with OpenSSL 3.x, the library incorrectly returns...

vLLM 缓冲区错误漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A buffer error vulnerability exists in vLLM versions 0.10.2 through prior to 0.11.1, which stems from the presence of a memory corruption in the Completions API endpoint that could lead to a cras...