CVE-2020-25573

An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitialized NonNull pointer, which violates a non-null constraint...

CVE-2020-9005

meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. A GetValue call is mishandled...

CVE-2018-1000829

Anyplace version before commit 80359b4 contains a XML External Entity XXE vulnerability in Man in the middle on map API call that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This vulnerability appears to have been fixed in after commit 80359b4...

CVE-2019-10621

Use after free issue when MAP and UNMAP calls at same time as data structure used my MAP may be freed by UNMAP function in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in Nicobar, QCS405, Rennell, Saipan, SC8180X, SDX55, SM6150, SM715...

CVE-2019-10564

Possible OOB issue in EEPROM due to lack of check while accessing memory map array at the time of reading operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2019-14381

libopenmpt before 0.4.3 allows a crash due to a NULL pointer dereference when doing a portamento from an OPL instrument to an empty instrument note map slot...

CVE-2015-9308

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit map feature...

CVE-2013-6681

Tube Map Live Underground for Android before 3.0.22 has an Information Disclosure Vulnerability...

CVE-2019-12395

In Webbukkit Dynmap 3.0-beta-3 or below, due to a missing login check in servlet/MapStorageHandler.java, an attacker can see a map image without login even if victim enables login-required in setting...

CVE-2012-1661

ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly prompt users before executing embedded VBA macros, which allows user-assisted remote attackers to execute arbitrary VBA code via a crafted map .mxd file...

CVE-2015-9307

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit location feature...

CVE-2012-0048

OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial of service game pause by connecting to the server and not finishing the 1 authorization phase or 2 map download, aka a "slow read" attack...

CVE-2015-9309

The wp-google-map-plugin plugin before 2.3.10 for WordPress has CSRF in the add/edit category feature...

CVE-2025-4729

A vulnerability was found in TOTOLINK A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMapDelDevice of the component HTTP POST Request Handler. The manipulation of the argument macstr lead...

kernel: bpf, sockmap: Fix race between element replace and close()

In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close Element replace with a socket different from the one stored may race with socket's close link popping & unlinking. sockmapdelete unconditionally unrefs the wrong element: /...

kernel: xsk: fix OOB map writes when deleting elements

In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xskmapdeleteelem function an unsigned integer map-maxentries is compared with a user-controlled signed integer k. Due to implicit type conversion, a large unsign...

kernel: secretmem: disable memfd_secret() if arch cannot set direct map

In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfdsecret if arch cannot set direct map Return -ENOSYS from memfdsecret syscall if !cansetdirectmap. This is the case for example on some arm64 configurations, where marking 4k PTEs in the direct map not...

kernel: arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud

In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect filemapcount for non-leaf pmd/pud The page table check trigger BUGON unexpectedly when collapse hugepage: ------------ cut here ------------ kernel BUG at mm/pagetablecheck.c:82! Internal error: Oops - BUG...

kernel: of/irq: Prevent device address out-of-bounds read in interrupt map walk

In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When ofirqparseraw is invoked with a device address smaller than the interrupt parent node from address-cells property, KASAN detects the following...

kernel: sock_map: avoid race between sock_map_close and sk_psock_put

In the Linux kernel, the following vulnerability has been resolved: sockmap: avoid race between sockmapclose and skpsockput skpsockget will return NULL if the refcount of psock has gone to 0, which will happen when the last call of skpsockput is done. However, skpsockdrop may not have finished ye...