Search for packages
| purl | pkg:deb/debian/lftp@2.4.9-1woody2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1rct-hq8w-yqcm
Aliases: CVE-2007-2348 |
lftp mirror --script does not escape names and targets of symbolic links |
Affected by 2 other vulnerabilities. |
|
VCID-7n8q-fb86-2uec
Aliases: CVE-2003-0963 |
Affected by 3 other vulnerabilities. |
|
|
VCID-jtdw-p1ew-vyez
Aliases: CVE-2010-2251 |
Affected by 1 other vulnerability. |
|
|
VCID-kkqc-jz9x-mycw
Aliases: CVE-2018-10916 |
It has been discovered that lftp up to and including version 4.8.3 does not properly sanitize remote file names, leading to a loss of integrity on the local system when reverse mirroring is used. A remote attacker may trick a user to use reverse mirroring on an attacker controlled FTP server, resulting in the removal of all files in the current working directory of the victim's system. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-08-01T17:49:48.857685+00:00 | Debian Oval Importer | Affected by | VCID-kkqc-jz9x-mycw | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T17:04:46.377890+00:00 | Debian Oval Importer | Affected by | VCID-7n8q-fb86-2uec | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T14:54:50.938490+00:00 | Debian Oval Importer | Affected by | VCID-jtdw-p1ew-vyez | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |
| 2025-08-01T12:05:15.243547+00:00 | Debian Oval Importer | Affected by | VCID-1rct-hq8w-yqcm | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 37.0.0 |