119 matches found
CVE-2024-38395
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...
CVE-2024-38395
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...
PT-2024-27980 · Iterm2 · Iterm2
Name of the Vulnerable Software and Affected Versions: iTerm2 versions 3.5.x through 3.5.1 Description: An issue was discovered in iTerm2 that allows an attacker to inject arbitrary code into the terminal by abusing title reporting and tmux integration. This is possible due to the unfiltered use ...
PT-2024-27979 · Iterm2 · Iterm2
Name of the Vulnerable Software and Affected Versions: iTerm2 versions prior to 3.5.2 Description: The issue arises because the "Terminal may report window title" setting is not honored, potentially leading to remote code execution, although it is noted that exploitation is not trivial...
CVE-2024-38395
CVE-2024-38395 affects iTerm2 before 3.5.2: the Terminal may report window title setting is not honored, which could allow remote code execution. Noted as not trivially exploitable. A fix is available in iTerm2 3.5.2 (see GitLab tag v3.5.2); upgrade to mitigate. The connected data also documents ...
CVE-2024-38396
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...
CVE-2024-38396
CVE-2024-38396 concerns iTerm2 3.5.x before 3.5.2. The issue is caused by unfiltered use of an escape sequence to report a window title, which, when combined with the built-in tmux integration feature (enabled by default), can allow an attacker to inject arbitrary code into the terminal. The vuln...
iTerm2 Security Vulnerability
iTerm2 is a terminal emulation program written for Mac OS X. A security vulnerability exists in iTerm2 versions prior to 3.5.2, which stems from the possibility of remote code execution...
CVE-2024-38396
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...
iTerm2 Security Vulnerability
iTerm2 is a terminal emulation program written for Mac OS X. A security vulnerability in iTerm2 version 3.5.x prior to 3.5.2, which originates from the unfiltered use of escape sequences to report window titles, allows an attacker to inject arbitrary code into the terminal...
CVE-2024-38395
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...
CVE-2024-38395
In iTerm2 before 3.5.2, the "Terminal may report window title" setting is not honored, and thus remote code execution might occur but "is not trivially exploitable."...
CVE-2024-38396
An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature enabled by default, allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...
The vulnerability of the macOS iTerm2 terminal emulator relates to a lack of mechanisms for encoding or blocking output data, allowing a hacker to execute arbitrary code.
The vulnerability of the terminal emulator for the macOS operating system, iTerm2, is related to a lack of mechanisms for encoding or blocking output data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2023-46321
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line...
CVE-2023-46322
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period...
CVE-2023-46321
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line...
Command injection
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs. They may have shell metacharacters for a /usr/bin/man command line...
Code injection
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs. The hostname's initial character may be non-alphanumeric. The hostname's other characters may be outside the set of alphanumeric characters, dash, and period...
CVE-2023-46300
iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to tmux integration...