Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
unix4lyfe darkhttpd vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2024-23771
darkhttpd prior to 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote malicious users to bypass authentication via a timing side channel.
Unix4lyfe Darkhttpd
7.5
CVSSv3
CVE-2020-25691
A flaw was found in darkhttpd. Invalid error handling allows remote malicious users to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.
Unix4lyfe Darkhttpd
5.5
CVSSv3
CVE-2024-23770
darkhttpd up to and including 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.
Unix4lyfe Darkhttpd
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
TCP
CVE-2024-4577
CVE-2024-2695
CVE-2024-31870
injection
CVE-2024-3813
arbitrary code
CVE-2024-27801
CVE-2024-30120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started