EUVD-2025-0104

Malicious code in bioql PyPI...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write via the scanruns function in the MMRDecoder component. An attacker can cause heap corruption or read sensitive memory by providing specially crafted input that causes the xr pointer to write or read outside the bound...

GHSA-RCXC-WJGW-579R Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders

Impact If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in ImageMagick. In some ImageMagick installations, this includes the capability to run Ghostscript...

Matrix Media Repo (MMR) allows untrusted file formats can be thumbnailed, invoking potentially further untrusted decoders

Impact If SVG or JPEGXL thumbnailers are enabled they are disabled by default, a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in ImageMagick. In some ImageMagick installations, this includes the capability to run Ghostscript...

SAP NetWeaver AS Resource Management Error Vulnerability

SAP NetWeaver AS is an SAP web application server from SAP, Germany. It not only provides network services, but is also the basic platform for SAP software. A resource management error vulnerability exists in SAP NetWeaver AS Java MMRSERVER version 7.5, which arises from unrestricted access to th...

SUSE CVE-2009-1183

The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service infinite loop and hang via a crafted PDF file...

CVE-2022-28760

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions...

CVE-2022-28761

Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions...

CVE-2022-28759

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions...

Improper access control

Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions...

CVE-2022-28761

The CVE-2022-28761 entry concerns Zoom On-Premise Meeting Connector MMR prior to version 4.8.20220916.131, with an improper access control flaw. The root cause is inadequate access control within the Meeting Connector, enabling a meeting/webinar participant who is authorized to join to prevent ot...

CVE-2022-28759

Summary (CVE-2022-28759): Zoom On-Premise Meeting Connector MMR versions prior to 4.8.20220815.130 are affected by an improper access control vulnerability that could allow a malicious actor to obtain the audio and video feed of a meeting they were not authorized to join and potentially disrupt m...

CVE-2022-28759 Zoom On-Premise Deployments: Improper Access Control

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions...

CVE-2022-28760

The CVE-2022-28760 issue affects Zoom On-Premise Meeting Connector MMR prior to 4.8.20220815.130, caused by improper access control that could allow an unauthorized user to obtain the audio and video feeds of a meeting and cause disruptions. Affected product: Zoom On-Premise Meeting Connector MMR...

CVE-2022-28758

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions...

CVE-2022-28758

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions...

CVE-2022-28758

The CVE-2022-28758 entry concerns Zoom On-Premise Meeting Connector MMR prior to 4.8.20220815.130, with an improper access control flaw. The issue could allow a malicious actor to obtain the audio and video feeds of a meeting they are not authorized to join, potentially causing other meeting disr...

CVE-2022-28753

CVE-2022-28753 affects Zoom On-Premise Meeting Connector MMR before 4.8.129.20220714. The issue is improper access control that lets a participant join a meeting without appearing to others, admit themselves from the waiting room, and escalate to host, enabling disruptions. Affected versions are ...

CVE-2022-28753 Zoom On-Premise Deployments: Improper Access Control Vulnerability

Zoom On-Premise Meeting Connector MMR before version 4.8.129.20220714 contains an improper access control vulnerability. As a result, a malicious actor can join a meeting which they are authorized to join without appearing to the other participants, can admit themselves into the meeting from the...

CVE-2022-28754

CVE-2022-28754 – Zoom On-Premise Meeting Connector MMR is affected in versions prior to 4.8.129.20220714. The issue is an improper access control that lets a legitimate participant join without appearing to others, admit themselves from the waiting room, and assume host privileges, causing meetin...