Search for packages
| purl | pkg:deb/debian/lftp@3.1.3-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1rct-hq8w-yqcm
Aliases: CVE-2007-2348 |
lftp mirror --script does not escape names and targets of symbolic links |
Affected by 2 other vulnerabilities. |
|
VCID-jtdw-p1ew-vyez
Aliases: CVE-2010-2251 |
Affected by 1 other vulnerability. |
|
|
VCID-kkqc-jz9x-mycw
Aliases: CVE-2018-10916 |
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-7n8q-fb86-2uec |
CVE-2003-0963
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T17:49:48.862427+00:00 | Debian Oval Importer | Affected by | VCID-kkqc-jz9x-mycw | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T17:04:46.382380+00:00 | Debian Oval Importer | Fixing | VCID-7n8q-fb86-2uec | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T14:54:50.943270+00:00 | Debian Oval Importer | Affected by | VCID-jtdw-p1ew-vyez | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T12:05:15.249253+00:00 | Debian Oval Importer | Affected by | VCID-1rct-hq8w-yqcm | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |