Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iterm2 iterm2 vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-46321
iTermSessionLauncher.m in iTerm2 prior to 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.
Iterm2 Iterm2
Iterm2 Iterm2 3.5.0
9.8
CVSSv3
CVE-2023-46322
iTermSessionLauncher.m in iTerm2 prior to 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.
Iterm2 Iterm2
Iterm2 Iterm2 3.5.0
9.8
CVSSv3
CVE-2023-46300
iTerm2 prior to 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.
Iterm2 Iterm2
9.8
CVSSv3
CVE-2023-46301
iTerm2 prior to 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.
Iterm2 Iterm2
9.8
CVSSv3
CVE-2022-45872
iTerm2 prior to 3.4.18 mishandles a DECRQSS response.
Iterm2 Iterm2
7.5
CVSSv3
CVE-2019-19022
iTerm2 up to and including 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote malicious users to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory stri...
Iterm2 Iterm2
9.8
CVSSv3
CVE-2019-9535
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an malicious user to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may...
Iterm2 Iterm2
1 Article
7.5
CVSSv3
CVE-2015-9231
iTerm2 3.x prior to 3.1.1 allows remote malicious users to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt ...
Iterm2 Iterm2 3.0.0
Iterm2 Iterm2 3.0.20160531
Iterm2 Iterm2 3.1.0
Iterm2 Iterm2 3.0.3
Iterm2 Iterm2 3.0.4
Iterm2 Iterm2 3.0.5
Iterm2 Iterm2 3.0.6
Iterm2 Iterm2 3.0.7
Iterm2 Iterm2 2.9.20160510
Iterm2 Iterm2 2.9.20160426
Iterm2 Iterm2 2.9.20160422
Iterm2 Iterm2 2.9.20160313
Iterm2 Iterm2 2.9.20160206
Iterm2 Iterm2 3.0.12
Iterm2 Iterm2 3.0.13
Iterm2 Iterm2 3.0.14
Iterm2 Iterm2 3.0.15
Iterm2 Iterm2 2.9.20160113
Iterm2 Iterm2 2.9.20151229
Iterm2 Iterm2 3.0.1
Iterm2 Iterm2 3.0.8
Iterm2 Iterm2 3.0.10
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started