Search CVE reports
1 – 4 of 4 results
CVE-2022-41322
Medium prioritySome fixes available 1 of 3
In Kitty before 0.26.2, insufficient validation in the desktop notification escape sequence can lead to arbitrary code execution. The user must display attacker-controlled content in the terminal, then click on a notification popup.
1 affected package
kitty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kitty | — | Fixed | Not affected | Not in release | Not in release |
CVE-2021-25322
Medium priorityA UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects:...
1 affected package
hyperkitty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| hyperkitty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2021-33038
Medium priorityAn issue was discovered in management/commands/hyperkitty_import.py in HyperKitty through 1.3.4. When importing a private mailing list's archives, these archives are publicly visible for the duration of the import. For example,...
1 affected package
hyperkitty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| hyperkitty | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2020-35605
Medium prioritySome fixes available 1 of 4
The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message.
1 affected package
kitty
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| kitty | — | Not affected | Fixed | Not in release | Not in release |