10 matches found
SUSE-SU-2026:0916-1 Security update for gvfs
This update for gvfs fixes the following issues: - CVE-2026-28295: fixed by using control connection address for PASV data bsc1258953. - CVE-2026-28296: fixed by rejecting paths containing CR/LF characters bsc1258954...
SUSE CVE-2026-28295
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode PASV response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the...
CVE-2026-28296
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...
CVE-2026-28296
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed CRLF sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and...
gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement queryinfoonread/write...
The vulnerability of the daemon/gvfsbackendadmin.c component of the GVFS subsystem in GNOME desktop environments on Linux operating systems allows a attacker to compromise the integrity, confidentiality, and accessibility of the protected information.
The vulnerability of the daemon/gvfsbackendadmin.c component in the GVFS subsystem of GNOME desktop environments on Linux operating systems arises from the simultaneous execution using shared resources with incorrect synchronization. Exploiting this vulnerability allows an attacker to compromise...
The vulnerability of the daemon/gvfsbackendadmin.c component of the GVFS subsystem in GNOME desktop environments on Linux operating systems allows a attacker to compromise the integrity, confidentiality, and accessibility of the protected information.
The vulnerability of the daemon/gvfsbackendadmin.c component in the GVFS subsystem of GNOME desktop environments on Linux operating systems is related to permission handling errors. Exploiting this vulnerability allows an attacker to compromise the integrity, confidentiality, and accessibility of...
CVE-2004-0494
Multiple extfs backend scripts for GNOME virtual file system VFS before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI...
FreeBSD : gnomevfs -- unsafe URI handling (60)
The following package needs to be updated: gnomevfs2 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkg7884d56ff7a111d89837000c41e2cdad.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
CVE-2004-0494
Multiple extfs backend scripts for GNOME virtual file system VFS before 1.0.1 may allow remote attackers to perform certain unauthorized actions via a gnome-vfs URI...