Vulnerabilities > Unix4Lyfe > Darkhttpd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-22 | CVE-2024-23770 | Unspecified vulnerability in Unix4Lyfe Darkhttpd darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments. | 5.5 |
| 2024-01-22 | CVE-2024-23771 | Information Exposure Through Discrepancy vulnerability in Unix4Lyfe Darkhttpd darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | 9.8 |
| 2022-04-01 | CVE-2020-25691 | Improper Handling of Exceptional Conditions vulnerability in Unix4Lyfe Darkhttpd 1.13/1.131 A flaw was found in darkhttpd. | 7.5 |