CVE-2024-37897
- EPSS 0.13%
- Veröffentlicht 20.06.2024 18:15:13
- Zuletzt bearbeitet 21.11.2024 09:24:29
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. SFTPGo WebAdmin and WebClient support password reset. This feature is disabled in the default configuration. In SFTPGo ver...
CVE-2023-48795
- EPSS 64.06%
- Veröffentlicht 18.12.2023 16:15:10
- Zuletzt bearbeitet 29.09.2025 21:56:10
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client a...
CVE-2022-39220
- EPSS 0.18%
- Veröffentlicht 20.09.2022 22:15:10
- Zuletzt bearbeitet 21.11.2024 07:17:48
SFTPGo is an SFTP server written in Go. Versions prior to 2.3.5 are subject to Cross-site scripting (XSS) vulnerabilities in the SFTPGo WebClient, allowing remote attackers to inject malicious code. This issue is patched in version 2.3.5. No known wo...
CVE-2022-36071
- EPSS 0.12%
- Veröffentlicht 02.09.2022 18:15:12
- Zuletzt bearbeitet 21.11.2024 07:12:19
SFTPGo is configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support. SFTPGo WebAdmin and WebClient support login using TOTP (Time-based One Time Passwords) as a secondary authentication factor. Because TOTPs are often configured on mobi...