Lucene search
K

119 matches found

NVD
NVD
added 2024/06/16 1:15 a.m.37 views

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...

9.8CVSS0.01497EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/06/16 12:0 a.m.25 views

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...

8.1AI score0.01497EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/06/16 12:0 a.m.5 views

PT-2024-27980 · Iterm2 · Iterm2

Name of the Vulnerable Software and Affected Versions: iTerm2 versions 3.5.x through 3.5.1 Description: An issue was discovered in iTerm2 that allows an attacker to inject arbitrary code into the terminal by abusing title reporting and tmux integration. This is possible due to the unfiltered use ...

9.8CVSS7.6AI score0.01697EPSS
Exploits2References12
Positive Technologies
Positive Technologies
added 2024/06/16 12:0 a.m.7 views

PT-2024-27979 · Iterm2 · Iterm2

Name of the Vulnerable Software and Affected Versions: iTerm2 versions prior to 3.5.2 Description: The issue arises because the "Terminal may report window title" setting is not honored, potentially leading to remote code execution, although it is noted that exploitation is not trivial...

9.8CVSS6.9AI score0.01497EPSS
Exploits1References11
CVE
CVE
added 2024/06/16 12:0 a.m.52 views

CVE-2024-38395

CVE-2024-38395 affects iTerm2 before 3.5.2: the Terminal may report window title setting is not honored, which could allow remote code execution. Noted as not trivially exploitable. A fix is available in iTerm2 3.5.2 (see GitLab tag v3.5.2); upgrade to mitigate. The connected data also documents ...

9.8CVSS7.9AI score0.01497EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2024/06/16 12:0 a.m.13 views

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

9.8CVSS7.4AI score0.01697EPSS
Exploits2References6
CVE
CVE
added 2024/06/16 12:0 a.m.66 views

CVE-2024-38396

CVE-2024-38396 concerns iTerm2 3.5.x before 3.5.2. The issue is caused by unfiltered use of an escape sequence to report a window title, which, when combined with the built-in tmux integration feature (enabled by default), can allow an attacker to inject arbitrary code into the terminal. The vuln...

9.8CVSS7.2AI score0.01697EPSS
Exploits2References4Affected Software1
CNNVD
CNNVD
added 2024/06/16 12:0 a.m.5 views

iTerm2 Security Vulnerability

iTerm2 is a terminal emulation program written for Mac OS X. A security vulnerability exists in iTerm2 versions prior to 3.5.2, which stems from the possibility of remote code execution...

9.8CVSS7.9AI score0.01497EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2024/06/16 12:0 a.m.20 views

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

7.1AI score0.01697EPSS
Exploits2References4
CNNVD
CNNVD
added 2024/06/16 12:0 a.m.4 views

iTerm2 Security Vulnerability

iTerm2 is a terminal emulation program written for Mac OS X. A security vulnerability in iTerm2 version 3.5.x prior to 3.5.2, which originates from the unfiltered use of escape sequences to report window titles, allows an attacker to inject arbitrary code into the terminal...

9.8CVSS7.2AI score0.01697EPSS
Exploits2References4
OSV
OSV
added 2024/06/16 12:0 a.m.12 views

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...

9.8CVSS8.1AI score0.01497EPSS
Exploits1References7
Cvelist
Cvelist
added 2024/06/16 12:0 a.m.30 views

CVE-2024-38395

In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...

0.01497EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/06/16 12:0 a.m.22 views

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

0.01697EPSS
Exploits2References4
BDU FSTEC
BDU FSTEC
added 2023/12/12 12:0 a.m.6 views

The vulnerability of the macOS iTerm2 terminal emulator relates to a lack of mechanisms for encoding or blocking output data, allowing a hacker to execute arbitrary code.

The vulnerability of the terminal emulator for the macOS operating system, iTerm2, is related to a lack of mechanisms for encoding or blocking output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.1AI score0.0118EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2023/10/23 12:15 a.m.23 views

CVE-2023-46321

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line...

9.8CVSS9.6AI score0.00656EPSS
Exploits0References2
NVD
NVD
added 2023/10/23 12:15 a.m.22 views

CVE-2023-46322

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period...

9.8CVSS9.5AI score0.00656EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/10/23 12:15 a.m.4 views

CVE-2023-46321

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line...

9.8CVSS5.8AI score0.00656EPSS
Exploits0References3
Prion
Prion
added 2023/10/23 12:15 a.m.13 views

Command injection

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line...

7.5CVSS9.5AI score0.00656EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/10/23 12:15 a.m.17 views

Code injection

iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period...

7.5CVSS9.3AI score0.00656EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/10/22 4:15 a.m.19 views

CVE-2023-46300

iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to tmux integration...

9.8CVSS9.7AI score0.0118EPSS
Exploits1References4
Rows per page
Query Builder