Unix4lyfeCVEs & Vulnerabilities
3 CVEs affecting Unix4lyfe products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
3 CVEs→ All vendors
Most Affected Products
darkhttpd 3
CVE-2024-23771CRITICAL
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.
22 Jan 2024
9.8
CVSS
CVE-2024-23770MEDIUM
darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments.
22 Jan 2024
5.5
CVSS
CVE-2020-25691HIGH
A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability.
2 Apr 2022
7.5
CVSS
← PrevPage 1 / 1Next →