Vulnerabilities > Unix4Lyfe > Darkhttpd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-22 | CVE-2024-23770 | Unspecified vulnerability in Unix4Lyfe Darkhttpd 1.13/1.131/1.14 darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments. | 5.5 |
| 2024-01-22 | CVE-2024-23771 | Information Exposure Through Discrepancy vulnerability in Unix4Lyfe Darkhttpd 1.13/1.131/1.14 darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | 9.8 |
| 2022-04-01 | CVE-2020-25691 | Improper Handling of Exceptional Conditions vulnerability in Unix4Lyfe Darkhttpd 1.13/1.131 A flaw was found in darkhttpd. | 7.5 |