15 matches found
OESA-2026-2323 gvfs security update
Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...
OESA-2026-2321 gvfs security update
Gvfs is a userspace virtual filesystem implementation for GIO a library available in GLib. It comes with a set of backends, including trash support, SFTP, SMB, HTTP, DAV, and many others. Gvfs also contains modules for GIO that implement volume monitors and persistent metadata storage. Security...
Updated gvfs packages fix security vulnerabilities
Gvfs: gvfs ftp backend: information disclosure via untrusted pasv responses. CVE-2026-28295 Gvfs: ftp gvfs backend: arbitrary ftp command injection via crlf sequences in file paths. CVE-2026-28296...
Amazon Linux 2 : gvfs, --advisory ALAS2-2026-3197 (ALAS-2026-3197)
The version of gvfs installed on the remote host is prior to 1.36.2-3. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3197 advisory. A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP...
📄 GVfs 1.58.1 FTP Backend CRLF Injection
A vulnerability was identified in the FTP backend of GVfs due to improper input validation. A remote attacker can exploit this flaw by supplying specially crafted file paths containing Carriage Return and Line Feed CRLF sequences. Because these CRLF sequences are not properly sanitized, they allo...
Linux Distros Unpatched Vulnerability : CVE-2026-28296
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containi...
CVE-2026-28295
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...
CVE-2026-28296
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...
EUVD-2014-8873
Malware in sbrugna...
Apache Httpd < 2.4.42 : mod_proxy_ftp use of uninitialized value
in Apache HTTP Server versions 2.4.0 to 2.4.41, modproxyftp use of uninitialized value with malicious FTP backend...
CVE-2014-9045
Summary: CVE-2014-9045 affects the ownCloud Server FTP backend in the external user_External backend. The flaw arises because the FTP backend did not URL-encode credentials, allowing a remote attacker to bypass authentication with a crafted password. Affected versions (per sources): ownCloud Serv...
Fedora 7 : duplicity-0.4.9-1.fc7 (2008-1584)
WARNING: Command line syntax incompatibility! See e.g. https://www.redhat.com/archives/epel-devel-list/2008-February/msg00056 .html for furhter information. - Upgrade to 0.4.9 - Duplicity discloses password in FTP backend CVE-2007-5201 - Several bug and problem fixes Note that Tenable Network...
Fedora 8 : duplicity-0.4.9-1.fc8 (2008-1521)
WARNING: Command line syntax incompatibility! See e.g. https://www.redhat.com/archives/epel-devel-list/2008-February/msg00056 .html for furhter information. - Upgrade to 0.4.9 - Duplicity discloses password in FTP backend CVE-2007-5201 - Several bug and problem fixes Note that Tenable Network...
CVE-2007-5201
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments...
CVE-2007-5201
The FTP backend for Duplicity before 0.4.9 sends the password as a command line argument when calling ncftp, which might allow local users to read the password by listing the process and its arguments...