29 matches found
UBUNTU-CVE-2026-53217
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...
CVE-2026-53217 net: mvpp2: sync RX data at the hardware packet offset
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...
EUVD-2026-39308
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes +...
CVE-2026-53217
The CVE-2026-53217 issue affects the Linux kernel MVPP2 driver: RX data was synchronized at the hardware packet offset, leaving end-of-frame data possibly stale on non‑coherent DMA. Root cause is incorrect DMA sync range (starting at dma_addr and not covering the actual written packet tail). The ...
CVE-2026-42858
Open edX Platform contains a server-side request forgery (SSRF) in the sync_provider_data endpoint of SAMLProviderDataViewSet. An authenticated Enterprise Admin can supply an arbitrary URL via the metadata_url parameter, which is passed to requests.get() in fetch_metadata_xml() without URL valida...
CVE-2026-42858 Open edX Platform: Server-Side Request Forgery (SSRF) in SAML Provider Data Sync Endpoint
Open edX Platform enables the authoring and delivery of online learning at any scale. The syncproviderdata endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadataurl POST parameter. This URL is passed directly to requests.get in...
Google Pixel 安全漏洞
The Google Pixel is a smartphone produced by Google Inc. The Google Pixel has a security vulnerability. This vulnerability stems from the lack of boundary checks in the DeviceId function within DeviceId.java, which results in persistent data synchronization issues. This may lead to an increase in...
f2fs: fix return value of f2fs_recover_fsync_data()
...
EUVD-2010-4511
Malware in sbrugna...
EUVD-2017-16117
Malware in sbrugna...
CVE-2025-7379
CVE-2025-7379 is a security bypass risk affecting ASUSTOR DataSync Center on ADM, via Reverse Tabnabbing. Affected versions are DataSync Center 1.1.0 up to but not including 1.1.0.r207, and 1.2.0 up to but not including 1.2.0.r206. The root cause is a tab hijacking/phishing vector that could enab...
CVE-2010-4545
IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated users to cause a denial of service resource consumption and sync outage by syncing a large volume of data...
ElasticPress < 5.1.2 - Data Sync via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the dosync function. This makes it possible for unauthenticated attackers to sync data via a forged request granted they can trick a site administrator into performing an action such...
CVE-2024-26697
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix data corruption in dsync block recovery for small block sizes The helper function nilfsrecoverycopyblock of nilfsrecoverydsyncblocks, which recovers data from logs created by data sync writes during a mount after an...
Design/Logic Flaw
IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370...
pgsync 安全漏洞
pgsync is an open source application. Synchronizes data from one Postgres database to another. A security vulnerability exists in versions prior to pgsync 0.6.7, which stems from being affected by the disclosure of sensitive information...
CVE-2017-7079
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...
CVE-2017-7079
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...
Code injection
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...
CVE-2017-7079
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue involves the "Data Sync" component. It allows attackers to access iOS backups written by iTunes via a crafted app...