17 results (0.009 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3

An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. Se ha detectado un problema en Midnight Commander versiones hasta 4.8.26. Cuando se establece una conexión SFTP, la huella digital del servidor no se comprueba ni se muestra. • https://docs.ssh-mitm.at/CVE-2021-36370.html https://github.com/MidnightCommander/mc/blob/5c1d3c55dd15356ec7d079084d904b7b0fd58d3e/src/vfs/sftpfs/connection.c#L484 https://github.com/MidnightCommander/mc/blob/master/src/vfs/sftpfs/connection.c https://mail.gnome.org/archives/mc-devel/2021-August/msg00008.html https://midnight-commander.org https://sourceforge.net/projects/mcwin32/files • CWE-287: Improper Authentication •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code. • http://www.debian.org/security/2005/dsa-698 http://www.redhat.com/support/errata/RHSA-2005-512.html https://access.redhat.com/security/cve/CVE-2005-0763 https://bugzilla.redhat.com/show_bug.cgi?id=1617578 •

CVSS: 7.5EPSS: 1%CPEs: 47EXPL: 0

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. • http://secunia.com/advisories/13863 http://securitytracker.com/id?1012903 http://www.debian.org/security/2005/dsa-639 http://www.redhat.com/support/errata/RHSA-2005-512.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18906 https://access.redhat.com/security/cve/CVE-2004-1175 https://bugzilla.redhat.com/show_bug.cgi?id=1617387 •

CVSS: 5.0EPSS: 0%CPEs: 47EXPL: 0

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. • http://secunia.com/advisories/13863 http://www.debian.org/security/2005/dsa-639 http://www.gentoo.org/security/en/glsa/glsa-200502-24.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/18904 •

CVSS: 5.0EPSS: 0%CPEs: 47EXPL: 0

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." • http://secunia.com/advisories/13863 http://securitytracker.com/id?1012903 http://www.debian.org/security/2005/dsa-639 http://www.redhat.com/support/errata/RHSA-2005-512.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18909 https://access.redhat.com/security/cve/CVE-2004-1174 https://bugzilla.redhat.com/show_bug.cgi?id=1617386 •