CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2021-36370
https://notcve.org/view.php?id=CVE-2021-36370
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. Se ha detectado un problema en Midnight Commander versiones hasta 4.8.26. Cuando se establece una conexión SFTP, la huella digital del servidor no se comprueba ni se muestra. • https://docs.ssh-mitm.at/CVE-2021-36370.html https://github.com/MidnightCommander/mc/blob/5c1d3c55dd15356ec7d079084d904b7b0fd58d3e/src/vfs/sftpfs/connection.c#L484 https://github.com/MidnightCommander/mc/blob/master/src/vfs/sftpfs/connection.c https://mail.gnome.org/archives/mc-devel/2021-August/msg00008.html https://midnight-commander.org https://sourceforge.net/projects/mcwin32/files • CWE-287: Improper Authentication •
CVSS: 5.1EPSS: 1%CPEs: 1EXPL: 0CVE-2012-4463
https://notcve.org/view.php?id=CVE-2012-4463
Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name. Midnight Commander (mc) v4.8.5 no gestiona de forma adecuada las variables de entorno (1) MC_EXT_SELECTED o (2) MC_EXT_ONLYTAGGED cuando se seleccionan varios ficheros, lo que permite a atacantes remotos asistidos por los usuarios a ejecutar comandos a través de un nombre de fichero manipulado. • http://www.openwall.com/lists/oss-security/2012/10/03/4 http://www.openwall.com/lists/oss-security/2012/10/03/5 http://www.securityfocus.com/bid/55777 https://bugs.gentoo.org/show_bug.cgi?id=436518#c7 https://bugzilla.redhat.com/show_bug.cgi?id=862813 https://exchange.xforce.ibmcloud.com/vulnerabilities/79033 https://www.midnight-commander.org/ticket/2913 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0763
https://notcve.org/view.php?id=CVE-2005-0763
Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code. • http://www.debian.org/security/2005/dsa-698 http://www.redhat.com/support/errata/RHSA-2005-512.html https://access.redhat.com/security/cve/CVE-2005-0763 https://bugzilla.redhat.com/show_bug.cgi?id=1617578 •
CVSS: 5.0EPSS: 0%CPEs: 47EXPL: 0CVE-2004-1092
https://notcve.org/view.php?id=CVE-2004-1092
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. • http://secunia.com/advisories/13863 http://www.debian.org/security/2005/dsa-639 http://www.gentoo.org/security/en/glsa/glsa-200502-24.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/18904 •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2004-1004
https://notcve.org/view.php?id=CVE-2004-1004
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. Múltiples vulnerabilidades de cadena de formato en Midnight Commander (mc) 4.5.55 y versiones anteriores, permiten a atacantes remotos ejecutar acciones de impacto desconocido. • http://secunia.com/advisories/13863 http://www.debian.org/security/2005/dsa-639 http://www.gentoo.org/security/en/glsa/glsa-200502-24.xml http://www.redhat.com/support/errata/RHSA-2005-217.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18902 https://access.redhat.com/security/cve/CVE-2004-1004 https://bugzilla.redhat.com/show_bug.cgi?id=1617344 •