Vulnerabilities > Midnight Commander

DATE CVE VULNERABILITY TITLE RISK
2021-08-30 CVE-2021-36370 Improper Authentication vulnerability in Midnight-Commander Midnight Commander
An issue was discovered in Midnight Commander through 4.8.26.
network
low complexity
midnight-commander CWE-287
5.0
2012-10-10 CVE-2012-4463 Improper Input Validation vulnerability in Midnight-Commander Midnight Commander 4.8.5
Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.
network
high complexity
midnight-commander CWE-20
5.1
2005-05-02 CVE-2005-0763 Unspecified vulnerability in Midnight Commander Midnight Commander
Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code.
local
low complexity
midnight-commander
4.6
2005-04-14 CVE-2004-1176 Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. 7.5
2005-04-14 CVE-2004-1175 fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. 7.5
2005-04-14 CVE-2004-1174 direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." 5.0
2005-04-14 CVE-2004-1093 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." 5.0
2005-04-14 CVE-2004-1092 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. 5.0
2005-04-14 CVE-2004-1091 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. 5.0
2005-04-14 CVE-2004-1090 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." 5.0