Filtered by vendor Midnight-commander
Subscribe
Total
2 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36370 | 1 Midnight-commander | 1 Midnight Commander | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. | |||||
CVE-2012-4463 | 1 Midnight-commander | 1 Midnight Commander | 2024-11-21 | 5.1 MEDIUM | N/A |
Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name. |