1700 matches found
CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
CVE-2026-34209 mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
CVE-2026-34209
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
GHSA-C279-989M-238F Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted
Summary A nil pointer dereference in tunnelCloseHandler causes the handler goroutine to panic whenever a reverse tunnel rportfwd close is attempted. Both the legitimate close path AND the unauthorized close path dereference tunnel.SessionID where tunnel is guaranteed nil. This means rportfwd...
Sliver: Nil Pointer Dereference in tunnelCloseHandler causes panic when a reverse tunnel (rportfwd) close is attempted
Summary A nil pointer dereference in tunnelCloseHandler causes the handler goroutine to panic whenever a reverse tunnel rportfwd close is attempted. Both the legitimate close path AND the unauthorized close path dereference tunnel.SessionID where tunnel is guaranteed nil. This means rportfwd...
NULL Pointer Dereference
Overview Affected versions of this package are vulnerable to NULL Pointer Dereference through the tunnelCloseHandler process. An attacker can cause repeated handler goroutine panics and resource leaks by attempting to close a reverse tunnel when the tunnel reference is nil. Remediation A fix was...
mppx has multiple payment bypass and griefing vulnerabilities
Impact Multiple vulnerabilities were discovered in tempo/charge and tempo/session which allowed for undesirable behaviors, including: - Replaying tempo/charge transaction hashes across push/pull modes, across charge/session endpoints, and via concurrent requests - Performing free tempo/charge...
mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
Impact The tempo/session cooperative close handler validated the close voucher amount using instead of = against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing...
Replay Attack
Overview mppx is a /picture Affected versions of this package are vulnerable to Replay Attack in the tempo/session cooperative close handler due to improper validation of the close voucher amount. An attacker can bypass intended restrictions by submitting a close voucher with an amount exactly...
GHSA-MV9J-8JVG-J8MR mppx: Tempo has a session close voucher bypass vulnerability due to settled amount equality
Impact The tempo/session cooperative close handler validated the close voucher amount using instead of = against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled amount, which would be accepted without committing any new funds, effectively closing...
PT-2026-28607
mppx is a TypeScript interface for machine payments protocol. Prior to version 0.4.11, the tempo/session cooperative close handler validated the close voucher amount using "" instead of "=" against the on-chain settled amount. An attacker could submit a close voucher exactly equal to the settled...
SUSE CVE-2026-23282
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2unlink If SMB2openinit or SMB2closeinit fails e.g. reconnect, the iovs set @rqst will be left uninitialised, hence calling SMB2openfree, SMB2closefree or smb2setrelated on the...
SUSE CVE-2026-23330
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...
SUSE CVE-2026-23380
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose When a process forks, the child process copies the parent's VMAs but the usermapped reference count is not incremented. As a result, when both the parent and child processes exit,...
EUVD-2026-15287
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...
EUVD-2026-15204
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2unlink If SMB2openinit or SMB2closeinit fails e.g. reconnect, the iovs set @rqst will be left uninitialised, hence calling SMB2openfree, SMB2closefree or smb2setrelated on the...
CVE-2026-23330
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...
CVE-2026-23282
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2unlink If SMB2openinit or SMB2closeinit fails e.g. reconnect, the iovs set @rqst will be left uninitialised, hence calling SMB2openfree, SMB2closefree or smb2setrelated on the...
CVE-2026-23380
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose When a process forks, the child process copies the parent's VMAs but the usermapped reference count is not incremented. As a result, when both the parent and child processes exit,...
CVE-2026-23330
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nciclosedevice, complete any pending data exchange before closing. The data exchange callback e.g. rawsockdataexchangecomplete holds a socket reference. NIPA occasionall...