CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2021-36370
https://notcve.org/view.php?id=CVE-2021-36370
30 Aug 2021 — An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. Se ha detectado un problema en Midnight Commander versiones hasta 4.8.26. Cuando se establece una conexión SFTP, la huella digital del servidor no se comprueba ni se muestra. • https://docs.ssh-mitm.at/CVE-2021-36370.html • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0763
https://notcve.org/view.php?id=CVE-2005-0763
29 Mar 2005 — Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code. • http://www.debian.org/security/2005/dsa-698 •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2001-1429
https://notcve.org/view.php?id=CVE-2001-1429
12 Nov 2001 — Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file. • http://www.kb.cert.org/vuls/id/203203 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-1999-1337
https://notcve.org/view.php?id=CVE-1999-1337
01 Aug 1999 — FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges. • http://marc.info/?l=bugtraq&m=93370073207984&w=2 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-1999-0480
https://notcve.org/view.php?id=CVE-1999-0480
01 Apr 1999 — Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack. • https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0480 •