Midnight-Commander Midnight Commander vulnerabilities

CVE-2021-36370 [HIGH] CWE-287 CVE-2021-36370: An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, An issue was discovered in Midnight Commander through 4.8.26. When establishing an SFTP connection, the fingerprint of the server is neither checked nor displayed. As a result, a user connects to the server without the ability to verify its authenticity.

CVE-2012-4463 [MEDIUM] CWE-20 CVE-2012-4463: Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAG Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.