Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

40 matches found

CVE
CVEadded 2024/01/22 12:0 a.m.39 views

CVE-2024-23770

Darkhttpd prior to 1.16 (notably 1.15) is affected: local users can enumerate credentials used by --auth by listing processes and their arguments. Fedora advisories/Fedora OSS notes indicate update to darkhttpd 1.16 fixes this issue. In practice, affected product: darkhttpd HTTP server; root caus...

5.5CVSS5.3AI score0.00027EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2024/01/22 12:0 a.m.189 views

CVE-2024-23771

Consolidated data for CVE-2024-23771 shows that darkhttpd (C code http server) before version 1.15 uses strcmp to verify authentication, enabling timing-side-channel bypass of authentication. Multiple feeds (NVD, OSV, Fedora advisories) confirm the issue across affected releases and indicate the ...

9.8CVSS9.4AI score0.00209EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2024/01/22 12:0 a.m.17 views

CVE-2024-23770

darkhttpd through 1.15 allows local users to discover credentials for --auth by listing processes and their arguments...

5.7AI score0.00027EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/01/22 12:0 a.m.16 views

CVE-2024-23771

darkhttpd before 1.15 uses strcmp which is not constant time to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel...

9.8AI score0.00209EPSS
Exploits0References3
CNNVD
CNNVDadded 2024/01/22 12:0 a.m.2 views

darkhttpd security vulnerability

darkhttpd is a software application. When you need a web server. A security vulnerability exists in versions of darkhttpd prior to 1.15 that stems from the use of strcmp not constant time to verify authentication, making it easier for a remote attacker to bypass authentication via a timed side...

9.8CVSS7AI score0.00209EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2024/01/22 12:0 a.m.24 views

CVE-2024-23770

darkhttpd through 1.15 allows local users to discover credentials for --auth by listing processes and their arguments...

5.5CVSS6.9AI score0.00027EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/01/21 12:0 a.m.1 views

PT-2024-20075 · Darkhttpd · Darkhttpd

Name of the Vulnerable Software and Affected Versions: darkhttpd versions prior to 1.15 Description: The issue arises from the use of strcmp which is not constant time to verify authentication, making it easier for remote attackers to bypass authentication via a timing side channel. This allows...

9.8CVSS9.5AI score0.00209EPSS
Exploits0References11
Positive Technologies
Positive Technologiesadded 2024/01/21 12:0 a.m.3 views

PT-2024-20074 · Darkhttpd · Darkhttpd

Name of the Vulnerable Software and Affected Versions: darkhttpd versions 1.15 and earlier Description: The issue allows local users to discover credentials by listing processes and their arguments. This is related to the --auth option. Recommendations: For darkhttpd versions 1.15 and earlier,...

5.5CVSS5.2AI score0.00027EPSS
Exploits0References11
Tenable Nessus
Tenable Nessusadded 2022/11/08 12:0 a.m.15 views

FreeBSD : darkhttpd -- DOS vulnerability (9c399521-5f80-11ed-8ac4-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9c399521-5f80-11ed-8ac4-b42e991fc52e advisory. - A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause...

7.5CVSS7.2AI score0.00471EPSS
Exploits0References3
Veracode
Veracodeadded 2022/10/21 6:59 p.m.14 views

Denial Of Service (DoS)

darkhttpd is vulnerable to denial of service. The vulnerability exists when accessing a file with a large modification date which allows an attacker to cause an application crash...

7.5CVSS7AI score0.00471EPSS
Exploits0References3Affected Software1
OSV
OSVadded 2022/04/01 11:15 p.m.3 views

ALPINE-CVE-2020-25691

A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability...

7.5CVSS6.6AI score0.00471EPSS
Exploits0References1
OSV
OSVadded 2022/04/01 11:15 p.m.16 views

CVE-2020-25691

A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability...

7.5CVSS4AI score
Exploits0References1
NVD
NVDadded 2022/04/01 11:15 p.m.11 views

CVE-2020-25691

A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability...

7.5CVSS0.00471EPSS
Exploits0References1
Prion
Prionadded 2022/04/01 11:15 p.m.12 views

Design/Logic Flaw

A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability...

5CVSS7.4AI score0.00471EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2022/04/01 12:0 a.m.1 views

darkhttpd 安全漏洞

darkhttpd is a software application. When you need a web server. darkhttpd has a security vulnerability that allows a remote attacker to cause a denial of service by accessing a file with a large modification date...

7.5CVSS7.3AI score0.00471EPSS
Exploits0References2
CVE
CVEadded 2022/04/01 12:0 a.m.46 views

CVE-2020-25691

CVE-2020-25691 describes a denial‑of‑service flaw in darkhttpd caused by invalid error handling when a remote attacker accesses a file with a large modification date. The impact is on availability. Connected sources confirm this vulnerability but do not specify affected versions, patches, or miti...

7.5CVSS7.3AI score0.00471EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologiesadded 2022/04/01 12:0 a.m.2 views

PT-2022-8721 · Darkhttpd · Darkhttpd

Name of the Vulnerable Software and Affected Versions: darkhttpd affected versions not specified Description: A flaw was found in darkhttpd, allowing remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to...

7.5CVSS7.3AI score0.00471EPSS
Exploits0References6
Cvelist
Cvelistadded 2022/04/01 12:0 a.m.10 views

CVE-2020-25691

A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability...

7.4AI score0.00471EPSS
Exploits0References1
AlpineLinux
AlpineLinuxadded 2022/04/01 12:0 a.m.37 views

CVE-2020-25691

A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability...

7.5CVSS7.4AI score0.00471EPSS
Exploits0
FreeBSD
FreeBSDadded 2020/11/02 12:0 a.m.21 views

darkhttpd -- DOS vulnerability

Mitre reports: flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-service by accessing a file with a large modification date. The highest threat from this vulnerability is to system availability...

7.5CVSS3.8AI score0.00471EPSS
Exploits0References1
Rows per page
Query Builder