Unix4lyfe Darkhttpd
3 CVEs affecting Unix4lyfe Darkhttpd. Latest disclosed: 2024-01-22. Critical: 1, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-23771 | Critical | 9.8 | 2024-01-22 | darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication vi… |
CVE-2020-25691 | High | 7.5 | 2022-04-01 | A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. Th… |
CVE-2024-23770 | Medium | 5.5 | 2024-01-22 | darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments. |