CVEs (22)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Midnight Commander 1Midnight Commander Nov 21, 2024 Aug 30, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the a...Show more |
1Midnight Commander 1Midnight Commander Apr 29, 2026 Oct 10, 2012 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbit...Show more |
1Midnight Commander 1Midnight Commander Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code. |
6Debian GentooMidnight Commander+3 more8Debian Linux Enterprise LinuxLinux+5 moreApr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
6Debian GentooMidnight Commander+3 more8Debian Linux Enterprise LinuxLinux+5 moreApr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. |
6Debian GentooMidnight Commander+3 more8Debian Linux Enterprise LinuxLinux+5 moreApr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." |
6Debian GentooMidnight Commander+3 more8Debian Linux Enterprise LinuxLinux+5 moreApr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." |
6Debian GentooMidnight Commander+3 more8Debian Linux Enterprise LinuxLinux+5 moreApr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. |
6Debian GentooMidnight Commander+3 more8Debian Linux Enterprise LinuxLinux+5 moreApr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. |
6Debian GentooMidnight Commander+3 more8Debian Linux Enterprise LinuxLinux+5 moreApr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." |
6Debian GentooMidnight Commander+3 more8Debian Linux Enterprise LinuxLinux+5 moreApr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. |
6Debian GentooMidnight Commander+3 more8Debian Linux Enterprise LinuxLinux+5 moreApr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. |
6Debian GentooMidnight Commander+3 more8Debian Linux Enterprise LinuxLinux+5 moreApr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. |
4Gentoo Midnight CommanderSgi+1 more4Linux Midnight CommanderPropack+1 moreApr 16, 2026 Aug 18, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. |
4Gentoo Midnight CommanderSgi+1 more4Linux Midnight CommanderPropack+1 moreApr 16, 2026 Aug 18, 2004 N/A· v4 N/A· v3 2.1 LOW· v2 Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations." |
4Gentoo Midnight CommanderSgi+1 more4Linux Midnight CommanderPropack+1 moreApr 16, 2026 Aug 18, 2004 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. |
1Midnight Commander 1Midnight Commander Apr 16, 2026 Jan 20, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversi...Show more |
1Midnight Commander 1Midnight Commander Apr 16, 2026 Nov 12, 2001 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file. |
1Midnight Commander 1Midnight Commander Apr 16, 2026 Jan 9, 2001 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special...Show more |
1Midnight Commander 1Midnight Commander Apr 16, 2026 Jan 9, 2001 N/A· v4 N/A· v3 4.6 MEDIUM· v2 cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling m...Show more |