CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46301
https://notcve.org/view.php?id=CVE-2023-46301
22 Oct 2023 — iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload. iTerm2 anterior a 3.4.20 permite la ejecución de código (potencialmente remota) debido al mal manejo de ciertas secuencias de escape relacionadas con la carga. • https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-46322
https://notcve.org/view.php?id=CVE-2023-46322
22 Oct 2023 — iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period. iTermSessionLauncher.m en iTerm2 anterior a 3.5.0beta12 no sanitiza los nombres de host ssh en las URL. El carácter inicial del nombre de host puede no ser alfanumérico. Los demás caracteres del nombre de host pueden estar fuera del conjunto de caracteres alfa... • https://gitlab.com/gnachman/iterm2/-/commit/ef7bb84520013b2524df9787d4aa9f2c96746c01 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46300
https://notcve.org/view.php?id=CVE-2023-46300
22 Oct 2023 — iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration. iTerm2 anterior a 3.4.20 permite la ejecución de código (potencialmente remota) debido al mal manejo de ciertas secuencias de escape relacionadas con la integración de tmux. • https://blog.solidsnail.com/posts/2023-08-28-iterm2-rce • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0CVE-2023-46321
https://notcve.org/view.php?id=CVE-2023-46321
22 Oct 2023 — iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line. iTermSessionLauncher.m en iTerm2 anterior a 3.5.0beta12 no sanitiza las rutas en las URL de la página de manual x. Pueden tener metacaracteres de shell para una línea de comando /usr/bin/man. • https://gitlab.com/gnachman/iterm2/-/commit/de3d351e1bd3bc1c1a4f85fe976c592e497dd071 • CWE-117: Improper Output Neutralization for Logs •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45872
https://notcve.org/view.php?id=CVE-2022-45872
23 Nov 2022 — iTerm2 before 3.4.18 mishandles a DECRQSS response. iTerm2 en versiones anteriores a la 3.4.18 maneja mal una respuesta DECRQSS. • https://iterm2.com/downloads.html •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2019-19022
https://notcve.org/view.php?id=CVE-2019-19022
17 Nov 2019 — iTerm2 through 3.3.6 has potentially insufficient documentation about the presence of search history in com.googlecode.iterm2.plist, which might allow remote attackers to obtain sensitive information, as demonstrated by searching for the NoSyncSearchHistory string in .plist files within public Git repositories. iTerm2 versiones hasta 3.3.6, posee una documentación potencialmente insuficiente sobre la presencia del historial de búsqueda en com.googlecode.iterm2.plist, lo que podría permitir a atacantes remot... • https://gitlab.com/gnachman/iterm2/issues/8491 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2019-9535 – iTerm2, up to and including version 3.3.5, with tmux integration is vulnerable to remote command execution
https://notcve.org/view.php?id=CVE-2019-9535
09 Oct 2019 — A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal. This affects versions of iTerm2 up to and including 3.3.5. This vulnerability may allow an attacker to execute arbitrary commands on their victim's computer by providing malicious output to the terminal. It could be exploited using command-line utilities that print attacker-controlled content. Se presenta una vulnerabilida... • https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data •
CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 1CVE-2015-9231
https://notcve.org/view.php?id=CVE-2015-9231
20 Sep 2017 — iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new (default) feature was added to iTerm2 version 3.0.0 (and unreleased 2.9.x versions such as 2.9.20150717) that resulted in a potential information disclosure. In an attempt to see whether the text under the cursor (or selected text) was a URL, the text would be sent as an unencrypted DNS query. This has the potential to result in passwords and other sensitive information being sent in cleartext without the use... • https://github.com/gnachman/iTerm2/commit/33ccaf61e34ef32ffc9d6b2be5dd218f6bb55f51 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •