CVE-2026-41253

In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...

CVE-2026-41253

In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band...

iTerm2 安全漏洞

iTerm2 is a terminal emulator developed by George Nachman for Mac OS X. Versions of iTerm2 prior to 3.6.9 contained security vulnerabilities. These vulnerabilities stemmed from the possibility of executing code through DCS 2000p and OSC 135 data when displaying .txt files. This was because iTerm2...

EUVD-2019-18907

Malware in sbrugna...

EUVD-2025-2685

Malicious code in bioql PyPI...

EUVD-2023-50542

Malicious code in bioql PyPI...

EUVD-2023-50543

Malicious code in bioql PyPI...

CVE-2023-46301

iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to upload...

CVE-2023-46300

iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to tmux integration...

CVE-2022-45872

iTerm2 before 3.4.18 mishandles a DECRQSS response...

CVE-2015-9231

iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords by reading DNS queries. A new default feature was added to iTerm2 version 3.0.0 and unreleased 2.9.x versions such as 2.9.20150717 that resulted in a potential information disclosure. In an attempt to see whether the text under...

CVE-2025-22275

iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python...

CVE-2025-22275

iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python...

CVE-2025-22275

iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python...

iTerm2 安全漏洞

iTerm2 is a terminal emulation program written for Mac OS X by George Nachman, a personal developer. A security vulnerability exists in iTerm2. A remote attacker can exploit the vulnerability to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file...

PT-2024-27979 · Iterm2 · Iterm2

Name of the Vulnerable Software and Affected Versions: iTerm2 versions prior to 3.5.2 Description: The issue arises because the "Terminal may report window title" setting is not honored, potentially leading to remote code execution, although it is noted that exploitation is not trivial...

PT-2023-29959 · Iterm2 · Iterm2

Name of the Vulnerable Software and Affected Versions: iTerm2 versions prior to 3.5.0beta12 Description: The issue is related to the iTermSessionLauncher.m component in iTerm2, which does not properly sanitize ssh hostnames in URLs. This allows hostnames with non-alphanumeric initial characters a...

CVE-2023-46301

iTerm2 before 3.4.20 allow potentially remote code execution because of mishandling of certain escape sequences related to upload...

PT-2022-27662 · Iterm2 · Iterm2

Name of the Vulnerable Software and Affected Versions: iTerm2 versions prior to 3.4.18 Description: The issue is related to the mishandling of a DECRQSS response. Recommendations: For versions prior to 3.4.18, update to version 3.4.18 or later to resolve the issue...

iTerm2 Information Disclosure Vulnerability (CNVD-2020-41520)

iTerm2 is a GPL-licensed terminal emulator for macOS. An information disclosure vulnerability exists in iTerm2 3.3.6 and earlier versions, which can be exploited by a remote attacker to obtain sensitive information by searching for the NoSyncSearchHistory string in a .plist file in a public Git...