20 matches found
Debian dsa-6307 : kitty - security update
The remote Debian 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6307 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6307-1 [email protected] https://www.debian.org/securit...
CVE-2026-33642
A flaw was found in Kitty, a cross-platform GPU-based terminal. A remote attacker, by sending specially crafted escape sequences to a Kitty terminal, can exploit an integer wrapping vulnerability in the handlecomposecommand function. This vulnerability allows for out-of-bounds memory access, whic...
CVE-2026-33642
Kitty is a cross-platform GPU based terminal. In versions 0.46.2 and below, the handlecomposecommand function in kitty/graphics.c performs bounds validation on composition offsets using unsigned 32-bit arithmetic that is subject to integer wrapping, potentially leading to Heap Buffer...
TencentOS Server 4: kitty (TSSA-2025:0486)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0486 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...
EUVD-2024-22365
Malicious code in bioql PyPI...
Debian dla-4203 : kitty - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4203 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4203-1 [email protected] https://www.debian.org/lts/security/...
CVE-2024-25003
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution...
CVE-2024-25004
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization at line 2600. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution...
SUSE CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
DEBIAN-CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
UBUNTU-CVE-2025-43929
openactions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document e.g., a document opened in KDE ghostwriter...
Fedora 41 : kitty (2025-756c627691)
The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-756c627691 advisory. Update to 0.40.0 https://sw.kovidgoyal.net/kitty/changelog/detailed-list-of-changes Tenable has extracted the preceding description block directly from the...
Stack overflow
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization at line 2600. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution...
CVE-2024-25004
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization at line 2600. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution...
CVE-2024-25004
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization at line 2600. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution...
CVE-2024-23749
KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls at lines 2369-2390. This allows an attacker to add inputs inside the...
CVE-2024-25003
KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution...
UBUNTU-CVE-2022-41322
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup...
CVE-2022-41322
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup...
CVE-2016-2563
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service stack memory corruption or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request...