Amazon Linux 2 : gimp, --advisory ALAS2GIMP-2026-010 (ALASGIMP-2026-010)

The version of gimp installed on the remote host is prior to 2.8.22-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2GIMP-2026-010 advisory. GIMP PNM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute...

EUVD-2022-1338

Malicious code in bioql PyPI...

CVE-2023-28273

creationtimestamp| type| source ---|---|--- 2025-01-15 00:19:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/1667...

CVE-2023-28273

Windows Clip Service Elevation of Privilege Vulnerability...

CVE-2023-28273 Windows Clip Service Elevation of Privilege Vulnerability

...

CVE-2023-28273

CVE-2023-28273 is a Windows Clip Service Elevation of Privilege vulnerability. The initial data lists a local attack vector with high impact and exploitation conditions: local access, high attack complexity, low privileges required, no user interaction, and impact to confidentiality, integrity, a...

CVE-2023-28273 Windows Clip Service Elevation of Privilege Vulnerability

...

CVE-2022-28273

creationtimestamp| type| source ---|---|--- 2022-05-06 22:23:18+00:00| seen| https://t.me/cibsecurity/42151...

CVE-2022-28273

Adobe Photoshop is affected by CVE-2022-28273 (font parsing out-of-bounds write) which could allow arbitrary code execution in the context of the current user. Affected versions: 22.5.6 and earlier, 23.2.2 and earlier. Exploitation requires user interaction (opening a malicious file). Mitigation:...

Prototype Pollution in set-in

The package set-in before 2.0.3 is vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-28273...

GHSA-6956-83FG-5WC5 Prototype Pollution in set-in

The package set-in before 2.0.3 is vulnerable to Prototype Pollution via the setIn method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-28273...

CVE-2022-25354

CVE-2022-25354 affects the JavaScript package set-in, with versions before 2.0.3 vulnerable to Prototype Pollution via the setIn method. Root cause is an incomplete fix of CVE-2020-28273. Exploitation details are not provided in the documents; public references describe the issue and advisories. ...

swear (>=0.0.0 <=0.0.4), tcomb-view (>=2.0.0 <=2.0.3) +1 more potentially affected by CVE-2020-28273 via set-in (=1.1.1)

set-in NPM version =1.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on set-in and may be impacted: - swear =0.0.0, =2.0.0, =0.0.0, =1.0.0 Source cves: CVE-2020-28273 Source advisory: OSV:GHSA-QR4P-C9WR-PHR6...

CVE-2020-28273

creationtimestamp| type| source ---|---|--- 2020-12-02 18:55:04+00:00| seen| https://t.me/cibsecurity/17029 2022-03-17 15:21:44+00:00| seen| https://t.me/cibsecurity/39142...

CVE-2020-28273

Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2020-28273

The CVE-2020-28273 entry concerns a prototype pollution vulnerability in the npm package set-in, affected in versions 1.0.0 through 2.0.0. The root cause is prototype pollution via the setIn method, which allows merging object prototypes and can lead to a denial of service and may enable remote c...

JavaScript Prototype Pollution (CVE-2020-28269; CVE-2020-28272; CVE-2020-28273; CVE-2020-28442; CVE-2020-28458; CVE-2020-28472; CVE-2020-7778; CVE-2020-8158; CVE-2020-8203; CVE-2021-25912; CVE-2021-44906)

The JavaScript proto property object exposes the internal Prototype to an attack. A remote attacker can exploit this vulnerability by modifying the exposed prototype's property of an object. Successful exploitation of this vulnerability could result in run arbitrary code on the victim machine...