CVE-2026-42858

Open edX Platform contains a server-side request forgery (SSRF) in the sync_provider_data endpoint of SAMLProviderDataViewSet. An authenticated Enterprise Admin can supply an arbitrary URL via the metadata_url parameter, which is passed to requests.get() in fetch_metadata_xml() without URL valida...

CVE-2026-42858 Open edX Platform: Server-Side Request Forgery (SSRF) in SAML Provider Data Sync Endpoint

Open edX Platform enables the authoring and delivery of online learning at any scale. The syncproviderdata endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadataurl POST parameter. This URL is passed directly to requests.get in...

Google Pixel 安全漏洞

The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability. This vulnerability stems from the lack of boundary checks in the DeviceId function within DeviceId.java, which results in persistent data synchronization issues. This may lead to an increase in...

f2fs: fix return value of f2fs_recover_fsync_data()

...

EUVD-2010-4511

Malware in sbrugna...

EUVD-2017-16117

Malware in sbrugna...

CVE-2025-7379

CVE-2025-7379 is a security bypass risk affecting ASUSTOR DataSync Center on ADM, via Reverse Tabnabbing. Affected versions are DataSync Center 1.1.0 up to but not including 1.1.0.r207, and 1.2.0 up to but not including 1.2.0.r206. The root cause is a tab hijacking/phishing vector that could enab...

CVE-2010-4545

IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service resource consumption and sync outage by syncing a large volume of data...

ElasticPress < 5.1.2 - Data Sync via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the dosync function. This makes it possible for unauthenticated attackers to sync data via a forged request granted they can trick a site administrator into performing an action such...

CVE-2024-26697

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfsrecoverycopyblock of nilfsrecoverydsyncblocks, which recovers data from logs created by data sync writes during a mount after an...

Design/Logic Flaw

IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370...

pgsync 安全漏洞

pgsync is an open source application. Synchronizes data from one Postgres database to another. A security vulnerability exists in versions prior to pgsync 0.6.7, which stems from being affected by the disclosure of sensitive information...

CVE-2017-7079

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...

CVE-2017-7079

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...

Code injection

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...

CVE-2017-7079

CVE-2017-7079 affects iTunes before 12.7 (Mac OS X), via the Data Sync component. A crafted app may enable an attacker to access iOS backups created by iTunes. The vulnerability stems from an access control issue in the Data Sync workflow, allowing partial confidentiality impact without integrity...

CVE-2017-7079

An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...

iTunes < 12.7 Data Sync Vulnerability (Mac OS)

The version of iTunes installed on the remote Mac OS X host is older than 12.7. It is, therefore, affected by a data sync vulnerability. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid103508; scriptversion"1.6"; scriptcvsdate"Date: 2019/11/12";...

About the security content of iTunes 12.7

About the security content of iTunes 12.7 This document describes the security content of iTunes 12.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

Cybozu KUNAI for Android information management vulnerability

Overview Cybozu KUNAI for Android is a mobile client software for using Cybozu from an Android device. Cybozu KUNAI for Android provides a function to output log information when synchronizing data with Cybozu, however the function is disabled by default. Cybozu KUNAI for Android contains an issu...