CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45925 – Midnight Commander 4.8.29-146-g299d9a2fb Null Pointer
https://notcve.org/view.php?id=CVE-2023-45925
29 Jan 2024 — GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails). Se descubrió que GNU Midnight Commander 4.8.29-146-g299d9a2fb contiene una desreferencia de puntero NULL a través de la función x_error_handler() en tty/x11conn.c. NOTA: esto está en disputa porque debería categorizarse como un problema de usabilida... • http://seclists.org/fulldisclosure/2024/Jan/53 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2021-36370 – openSUSE Security Advisory - openSUSE-SU-2022:0061-1
https://notcve.org/view.php?id=CVE-2021-36370
30 Aug 2021 — An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. Se ha detectado un problema en Midnight Commander versiones hasta 4.8.26. Cuando se establece una conexión SFTP, la huella digital del servidor no se comprueba ni se muestra. • https://docs.ssh-mitm.at/CVE-2021-36370.html • CWE-287: Improper Authentication •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2012-4463 – Gentoo Linux Security Advisory 201402-18
https://notcve.org/view.php?id=CVE-2012-4463
10 Oct 2012 — Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name. Midnight Commander (mc) v4.8.5 no gestiona de forma adecuada las variables de entorno (1) MC_EXT_SELECTED o (2) MC_EXT_ONLYTAGGED cuando se seleccionan varios ficheros, lo que permite a atacantes remotos asistidos por los usuarios a ejecutar comandos a ... • http://www.openwall.com/lists/oss-security/2012/10/03/4 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0763 – dsa-698.txt
https://notcve.org/view.php?id=CVE-2005-0763
29 Mar 2005 — Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code. An unfixed buffer overflow has been discovered by Andrew V. Samoilov in mc, the midnight commander, a file browser and manager. This update also fixes a regression from DSA 497. • http://www.debian.org/security/2005/dsa-698 •
CVSS: 7.5EPSS: 1%CPEs: 47EXPL: 0CVE-2004-1093 – dsa-639.txt
https://notcve.org/view.php?id=CVE-2004-1093
16 Jan 2005 — Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release. • http://secunia.com/advisories/13863 •
CVSS: 7.5EPSS: 1%CPEs: 47EXPL: 0CVE-2004-1009 – dsa-639.txt
https://notcve.org/view.php?id=CVE-2004-1009
16 Jan 2005 — Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. Midnight Commander (mc) 4.5.55 y versiones anteriores, permiten a atacantes remotos causar la Denegación de Servicio (DoS) por bucle infinito mediante un ataque desconocido. Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the cur... • http://secunia.com/advisories/13863 •
CVSS: 9.8EPSS: 2%CPEs: 47EXPL: 0CVE-2004-1176 – dsa-639.txt
https://notcve.org/view.php?id=CVE-2004-1176
16 Jan 2005 — Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release. • http://secunia.com/advisories/13863 •
CVSS: 7.5EPSS: 1%CPEs: 47EXPL: 0CVE-2004-1174 – dsa-639.txt
https://notcve.org/view.php?id=CVE-2004-1174
16 Jan 2005 — direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release. • http://secunia.com/advisories/13863 •
CVSS: 7.5EPSS: 0%CPEs: 47EXPL: 0CVE-2004-1092 – dsa-639.txt
https://notcve.org/view.php?id=CVE-2004-1092
16 Jan 2005 — Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the current version of mc that Debian ships in their stable release. • http://secunia.com/advisories/13863 •
CVSS: 9.1EPSS: 0%CPEs: 47EXPL: 0CVE-2004-1004 – dsa-639.txt
https://notcve.org/view.php?id=CVE-2004-1004
16 Jan 2005 — Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. Múltiples vulnerabilidades de cadena de formato en Midnight Commander (mc) 4.5.55 y versiones anteriores, permiten a atacantes remotos ejecutar acciones de impacto desconocido. Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the curre... • http://secunia.com/advisories/13863 •