Vulnerabilities > Unix4Lyfe > Darkhttpd > 1.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-22 | CVE-2024-23770 | Unspecified vulnerability in Unix4Lyfe Darkhttpd 1.13/1.131/1.14 darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments. | 5.5 |
| 2024-01-22 | CVE-2024-23771 | Information Exposure Through Discrepancy vulnerability in Unix4Lyfe Darkhttpd 1.13/1.131/1.14 darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. | 9.8 |