Vulnerabilities (CVE)

Filtered by vendor Midnight-commander Subscribe
Filtered by product Midnight Commander
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-36370 1 Midnight-commander 1 Midnight Commander 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.
CVE-2012-4463 1 Midnight-commander 1 Midnight Commander 2024-11-21 5.1 MEDIUM N/A
Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.