Vulnerabilities > Unix4Lyfe > Darkhttpd

DATE CVE VULNERABILITY TITLE RISK
2024-01-22 CVE-2024-23770 Unspecified vulnerability in Unix4Lyfe Darkhttpd
darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.
local
low complexity
unix4lyfe
5.5
2024-01-22 CVE-2024-23771 Information Exposure Through Discrepancy vulnerability in Unix4Lyfe Darkhttpd
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.
network
low complexity
unix4lyfe CWE-203
critical
9.8
2022-04-01 CVE-2020-25691 Improper Handling of Exceptional Conditions vulnerability in Unix4Lyfe Darkhttpd 1.13/1.131
A flaw was found in darkhttpd.
network
low complexity
unix4lyfe CWE-755
7.5