Vulnerabilities > Iterm2 > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-10-23 CVE-2023-46321 Unspecified vulnerability in Iterm2
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize paths in x-man-page URLs.
network
low complexity
iterm2
critical
 9.8
9.8
2023-10-23 CVE-2023-46322 Unspecified vulnerability in Iterm2
iTermSessionLauncher.m in iTerm2 before 3.5.0beta12 does not sanitize ssh hostnames in URLs.
network
low complexity
iterm2
critical
 9.8
9.8
2023-10-22 CVE-2023-46300 Improper Encoding or Escaping of Output vulnerability in Iterm2
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to tmux integration.
network
low complexity
iterm2 CWE-116
critical
 9.8
9.8
2023-10-22 CVE-2023-46301 Improper Encoding or Escaping of Output vulnerability in Iterm2
iTerm2 before 3.4.20 allow (potentially remote) code execution because of mishandling of certain escape sequences related to upload.
network
low complexity
iterm2 CWE-116
critical
 9.8
9.8
2022-11-23 CVE-2022-45872 Unspecified vulnerability in Iterm2
iTerm2 before 3.4.18 mishandles a DECRQSS response.
network
low complexity
iterm2
critical
 9.8
9.8
2019-10-09 CVE-2019-9535 Injection vulnerability in Iterm2
A vulnerability exists in the way that iTerm2 integrates with tmux's control mode, which may allow an attacker to execute arbitrary commands by providing malicious output to the terminal.
network
low complexity
iterm2 CWE-74
critical
 9.8
9.8