Vendor CVEs
Midnight Commander
All CVEs
25 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-45925 | 0.00 | — | 0.00 | Mar 27, 2024 | GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails). | |||
| CVE-2022-41610 | 0.00 | — | 0.00 | May 10, 2023 | Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access. | |||
| CVE-2022-26341 | 0.00 | — | 0.00 | Nov 11, 2022 | Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access. | |||
| CVE-2021-36370 | 0.00 | — | 0.02 | Aug 30, 2021 | An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity. | |||
| CVE-2012-4463 | 0.00 | — | 0.02 | Oct 10, 2012 | Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name. | |||
| CVE-2005-0763 | 0.00 | — | 0.00 | May 2, 2005 | Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code. | |||
| CVE-2004-1092 | 0.00 | — | 0.02 | Apr 14, 2005 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory. | |||
| CVE-2004-1090 | 0.00 | — | 0.02 | Apr 14, 2005 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header." | |||
| CVE-2004-1174 | 0.00 | — | 0.01 | Apr 14, 2005 | direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." | |||
| CVE-2004-1004 | 0.00 | — | 0.02 | Apr 14, 2005 | Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||
| CVE-2004-1175 | 0.00 | — | 0.02 | Apr 14, 2005 | fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters. | |||
| CVE-2004-1005 | 0.00 | — | 0.02 | Apr 14, 2005 | Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||
| CVE-2004-1009 | 0.00 | — | 0.03 | Apr 14, 2005 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. | |||
| CVE-2004-1176 | 0.00 | — | 0.03 | Apr 14, 2005 | Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||
| CVE-2004-1091 | 0.00 | — | 0.02 | Apr 14, 2005 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference. | |||
| CVE-2004-1093 | 0.00 | — | 0.02 | Apr 14, 2005 | Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory." | |||
| CVE-2004-0231 | 0.00 | — | 0.00 | Aug 18, 2004 | Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations." | |||
| CVE-2004-0226 | 0.00 | — | 0.04 | Aug 18, 2004 | Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. | |||
| CVE-2004-0232 | 0.00 | — | 0.03 | Aug 18, 2004 | Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. | |||
| CVE-2003-1023 | 0.00 | — | 0.05 | Jan 20, 2004 | Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion. | |||
| CVE-2001-1429 | 0.00 | — | 0.00 | Nov 12, 2001 | Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file. | |||
| CVE-2000-1108 | 0.00 | — | 0.00 | Jan 9, 2001 | cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument. | |||
| CVE-2000-1109 | 0.00 | — | 0.00 | Jan 9, 2001 | Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed. | |||
| CVE-1999-1337 | 0.00 | — | 0.00 | Aug 1, 1999 | FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges. | |||
| CVE-1999-0480 | 0.00 | — | 0.00 | Apr 1, 1999 | Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack. |
- CVE-2023-45925Mar 27, 2024risk 0.00cvss —epss 0.00
GNU Midnight Commander 4.8.29-146-g299d9a2fb was discovered to contain a NULL pointer dereference via the function x_error_handler() at tty/x11conn.c. NOTE: this is disputed because it should be categorized as a usability problem (an X operation silently fails).
- CVE-2022-41610May 10, 2023risk 0.00cvss —epss 0.00
Improper authorization in Intel(R) EMA Configuration Tool before version 1.0.4 and Intel(R) MC before version 2.4 software may allow an authenticated user to potentially enable denial of service via local access.
- CVE-2022-26341Nov 11, 2022risk 0.00cvss —epss 0.00
Insufficiently protected credentials in software in Intel(R) AMT SDK before version 16.0.4.1, Intel(R) EMA before version 1.7.1 and Intel(R) MC before version 2.3.2 may allow an authenticated user to potentially enable escalation of privilege via network access.
- CVE-2021-36370Aug 30, 2021risk 0.00cvss —epss 0.02
An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.
- CVE-2012-4463Oct 10, 2012risk 0.00cvss —epss 0.02
Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.
- CVE-2005-0763May 2, 2005risk 0.00cvss —epss 0.00
Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code.
- CVE-2004-1092Apr 14, 2005risk 0.00cvss —epss 0.02
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
- CVE-2004-1090Apr 14, 2005risk 0.00cvss —epss 0.02
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."
- CVE-2004-1174Apr 14, 2005risk 0.00cvss —epss 0.01
direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."
- CVE-2004-1004Apr 14, 2005risk 0.00cvss —epss 0.02
Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
- CVE-2004-1175Apr 14, 2005risk 0.00cvss —epss 0.02
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
- CVE-2004-1005Apr 14, 2005risk 0.00cvss —epss 0.02
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
- CVE-2004-1009Apr 14, 2005risk 0.00cvss —epss 0.03
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
- CVE-2004-1176Apr 14, 2005risk 0.00cvss —epss 0.03
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
- CVE-2004-1091Apr 14, 2005risk 0.00cvss —epss 0.02
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.
- CVE-2004-1093Apr 14, 2005risk 0.00cvss —epss 0.02
Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
- CVE-2004-0231Aug 18, 2004risk 0.00cvss —epss 0.00
Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."
- CVE-2004-0226Aug 18, 2004risk 0.00cvss —epss 0.04
Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
- CVE-2004-0232Aug 18, 2004risk 0.00cvss —epss 0.03
Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
- CVE-2003-1023Jan 20, 2004risk 0.00cvss —epss 0.05
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.
- CVE-2001-1429Nov 12, 2001risk 0.00cvss —epss 0.00
Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted text file.
- CVE-2000-1108Jan 9, 2001risk 0.00cvss —epss 0.00
cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.
- CVE-2000-1109Jan 9, 2001risk 0.00cvss —epss 0.00
Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.
- CVE-1999-1337Aug 1, 1999risk 0.00cvss —epss 0.00
FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.
- CVE-1999-0480Apr 1, 1999risk 0.00cvss —epss 0.00
Local attackers can conduct a denial of service in Midnight Commander 4.x with a symlink attack.