Lucene search
K

598 matches found

CVE
CVE
added 2022/09/23 4:55 a.m.86 views

CVE-2022-41322

Kitty (before 0.26.2) contains a vulnerability where insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. An attacker must have attacker-controlled content displayed in the terminal and the user must click a notification popup to trigger code e...

7.8CVSS7.8AI score0.00499EPSS
Exploits1References8Affected Software1
Vulnrichment
Vulnrichment
added 2022/09/23 4:55 a.m.6 views

CVE-2022-41322

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup...

7.4AI score0.00499EPSS
Exploits1References7
OSV
OSV
added 2022/09/23 4:55 a.m.18 views

CVE-2022-41322

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup...

7.8CVSS7.3AI score0.00499EPSS
Exploits1References10
Debian CVE
Debian CVE
added 2022/09/23 4:55 a.m.41 views

CVE-2022-41322

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup...

7.8CVSS7.8AI score0.00499EPSS
Exploits1
CNNVD
CNNVD
added 2022/09/23 12:0 a.m.6 views

Kitty 安全漏洞

kitty is a fast, feature-rich, GPU-based terminal emulator developed by kovidgoyal. A code execution vulnerability exists in versions prior to Kitty 0.26.2 that stems from insufficient validation in the desktop notification escape sequence and can be exploited by an attacker to cause execution of...

7.8CVSS7.6AI score0.00499EPSS
Exploits1References10
UbuntuCve
UbuntuCve
added 2022/09/23 12:0 a.m.44 views

CVE-2022-41322

In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup...

7.8CVSS7.3AI score0.00499EPSS
Exploits1References4
hivepro
hivepro
added 2022/09/07 2:44 p.m.16 views

Vice Society actors target K-12 institutions in US

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary Vice Society is an extortion hacking group that emerged in the summer of 2021. The Vice Society does not use a specific ransomware variant. Instead, they used variants of Hello Kitty, Five Hands, and...

2.7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.4 views

PT-2022-25815 · Kitty +4 · Kitty +4

Name of the Vulnerable Software and Affected Versions: Kitty versions prior to 0.26.2 Description: The issue is related to insufficient validation in the desktop notification escape sequence, which can lead to arbitrary code execution. This occurs when a user displays attacker-controlled content ...

9.8CVSS7.7AI score0.03608EPSS
Exploits2References36
Packet Storm
Packet Storm
added 2022/06/19 12:0 a.m.360 views

Kitty 0.76.0.8 Stack Buffer Overflow

Exploit Title: Kitty 0.76.0.8 Stack Buffer Overflow Discovered by: Yehia Elghaly Discovered Date: 2022-06-08 Vendor Homepage: http://www.9bis.net/kitty/index.html!index.md Software Link : https://www.fosshub.com/KiTTY.html?dwl=kittyportable-0.76.0.8.exe Tested Version: 0.76.0.8 Vulnerability Type...

0.8AI score
Exploits0
OpenVAS
OpenVAS
added 2021/04/16 12:0 a.m.19 views

openSUSE: Security Advisory for kitty (openSUSE-SU-2021:0025-1)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS9.6AI score0.03608EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.6 views

The vulnerability of the implementation of the GPU-based terminal emulator protocol in GPU Kitty relates to the absence of measures to neutralize special elements. This allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the GPU-based terminal emulator’s protocol implementation is related to the lack of filename cleaning when returning error messages. Exploiting this vulnerability can allow remote attackers to gain access to confidential data, compromise its integrity, and cause service...

9.8CVSS7.8AI score0.03608EPSS
Exploits1References5Affected Software2
Tenable Nessus
Tenable Nessus
added 2021/01/25 12:0 a.m.20 views

openSUSE Security Update : kitty (openSUSE-2021-25)

This update for kitty fixes the following issue : - CVE-2020-35605: Fixed an RCE due to filenames containing special characters contained in error messages boo1180298. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

9.8CVSS8.2AI score0.03608EPSS
Exploits1References2
OSV
OSV
added 2021/01/07 3:25 p.m.3 views

OPENSUSE-SU-2021:0025-1 Security update for kitty

This update for kitty fixes the following issue: - CVE-2020-35605: Fixed an RCE due to filenames containing special characters contained in error messages boo1180298...

9.8CVSS9.4AI score0.03608EPSS
Exploits1References3
OPENSUSE Linux
OPENSUSE Linux
added 2021/01/07 12:0 a.m.32 views

Security update for kitty (important)

openSUSE Security Update: Security update for kitty Announcement ID: openSUSE-SU-2021:0025-1 Rating: important References: 1180298 Cross-References: CVE-2020-35605 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for kitty fix...

9.8CVSS9.3AI score0.03608EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2020/12/28 12:0 a.m.36 views

Debian DSA-4819-1 : kitty - security update

Stephane Chauveau discovered that the graphics protocol implementation in Kitty, a GPU-based terminal emulator, did not sanitise a filename when returning an error message, which could result in the execution of arbitrary shell commands when displaying a file with cat. C Tenable Network Security,...

9.8CVSS8.5AI score0.03608EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2020/12/28 12:0 a.m.15 views

Debian: Security Advisory (DSA-4819-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.7AI score0.03608EPSS
Exploits1References4
Debian
Debian
added 2020/12/26 6:26 p.m.48 views

[SECURITY] [DSA 4819-1] kitty security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4819-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 26, 2020 https://www.debian.org/security/faq -...

9.8CVSS9.6AI score0.03608EPSS
Exploits1
Veracode
Veracode
added 2020/12/23 10:11 p.m.22 views

Remote Code Execution (RCE)

kitty is vulnerable to remote code execution. The vulnerability is possible because filename containing special characters can be included in an error message which allows an attacker to inject malicious code into the system...

9.8CVSS9.5AI score0.03608EPSS
Exploits1References4Affected Software2
NVD
NVD
added 2020/12/21 8:15 p.m.15 views

CVE-2020-35605

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message...

9.8CVSS9.7AI score0.03608EPSS
Exploits1References3
OSV
OSV
added 2020/12/21 8:15 p.m.4 views

DEBIAN-CVE-2020-35605

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message...

9.8CVSS9.2AI score0.03608EPSS
Exploits1References1
Rows per page
Query Builder