Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
iterm2 iterm2 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2024-38396
An issue exists in iTerm2 3.5.x prior to 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an malicious user to inject arbitrary code into the terminal, a different vulnerab...
1 Github repository
NA
CVE-2024-38395
In iTerm2 prior to 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."
1 Github repository
NA
CVE-2023-46321
iTermSessionLauncher.m in iTerm2 prior to 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line.
Iterm2 Iterm2
Iterm2 Iterm2 3.5.0
NA
CVE-2023-46322
iTermSessionLauncher.m in iTerm2 prior to 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period.
Iterm2 Iterm2
Iterm2 Iterm2 3.5.0
NA
CVE-2023-46300
iTerm2 prior to 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.
Iterm2 Iterm2
NA
CVE-2023-46301
iTerm2 prior to 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.
Iterm2 Iterm2
NA
CVE-2022-45872
iTerm2 prior to 3.4.18 mishandles a DECRQSS response.
Iterm2 Iterm2
NA
CVE-2022-45063
xterm prior to 375 allows code execution via font ops, e.g., because an OSC 50 response may have Ctrl-g and therefore lead to command execution within the vi line-editing mode of Zsh. NOTE: font ops are not allowed in the xterm default configurations of some Linux distributions.
Invisible-island Xterm
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Fedoraproject Fedora 37
5
CVSSv2
CVE-2019-19022
iTerm2 up to and including 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote malicious users to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory stri...
Iterm2 Iterm2
10
CVSSv2
CVE-2019-9535
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an malicious user to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may...
Iterm2 Iterm2
1 Article
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2018-25103
CVE-2024-36279
CVE-2024-38457
elevation of privilege
CVE-2024-27801
CVE-2024-30103
NULL pointer dereference
CVE-2024-6057
XML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »