83 matches found
CVE-2024-24691
CVE-2024-24691 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. Root cause: improper input validation that may allow an unauthenticated user to escalate privileges via network access. Impact per sources: high confidentiality, integrity, and a...
CVE-2023-43586
The CVE-2023-43586 issue is a path traversal vulnerability in Zoom components on Windows: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows. The NVD entry describes authenticated privilege escalation via network access, supported by accompanying metrics showi...
CVE-2024-45421
CVE-2024-45421 describes a buffer overflow in some Zoom Apps that could allow an authenticated user to escalate privileges over the network. The PT-2024-31624 entry specifies Zoom Product Suite versions prior to 6.2.0 as affected and recommends upgrading to 6.2.0 or later to address the issue. Ot...
CVE-2024-24690
The CVE-2024-24690 entry concerns Zoom clients with improper input validation that can allow an authenticated user to trigger a denial of service over the network. Connected documents corroborate affected Zoom products (e.g., Zoom Client for Meetings and Zoom VDI Client) and show vulnerable versi...
CVE-2024-24695
CVE-2024-24695 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The root cause is improper input validation, which may allow an authenticated user to disclose sensitive information over the network. Documented impact is information disclosure...
CVE-2025-46785
CVE-2025-46785 affects Zoom Workplace Apps for Windows. The issue is a buffer over-read in affected components that can allow an authenticated user to cause a denial of service over the network. The available sources (NVD/Red Hat/CVE listings, PT-2025-21206 notes) identify the vulnerability and i...
CVE-2024-45417
Zoom Apps for macOS is affected by CVE-2024-45417 due to uncontrolled resource consumption in the installer prior to version 6.1.5. A privileged local user could leverage this to disclose information. The available details indicate the impact is information disclosure with local access, and remed...
CVE-2025-0144
CVE-2025-0144 describes an out-of-bounds write in Zoom Workplace Apps that can lead to loss of integrity over a network when processing a specific request. Multiple sources confirm the issue affects Zoom Workplace Desktop App prior to version 6.2.5 (per Nessus ZSB-25003) and indicate the vulnerab...
CVE-2023-49647
CVE-2023-49647 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows prior to version 5.16.10. The root cause is improper access control that may allow an authenticated user with local access to escalate privileges, with high impact to confidentiality, in...
CVE-2024-39822
CVE-2024-39822 affects Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. Affected: Zoom components vulnerable to information disclosure via network access by an authenticated user. Root cause: sensitive information exposure in these Zoom products. Impact: confidentiality loss witho...
CVE-2024-27246
CVE-2024-27246 affects Zoom Workplace Apps and SDKs. The issue is a use-after-free in components handling network activity, allowing an authenticated user to cause a denial of service over the network. Used details: CVSS v3.1 base metrics indicate MEDIUM severity (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/...
CVE-2023-49646
CVE-2023-49646 affects Zoom client software incl. Zoom Client for Meetings and Zoom VDI Meeting Client when running versions prior to 5.16.5. The issue is described as improper authentication that may allow an authenticated user to cause a denial-of-service via network access. The vulnerability h...
CVE-2024-27238
CVE-2024-27238 concerns a race condition in the Windows installer for Zoom products (Zoom Apps and SDKs) prior to version 6.0.0 that may allow a locally authenticated user to escalate privileges. Multiple sources describe the issue as a local race condition affecting Zoom components installed on ...
CVE-2024-42435
The CVE-2024-42435 entry covers a sensitive information disclosure in Zoom components. Affected software includes Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. The root cause and impact details in the provided sources indicate that a privileged user could obtain confidential da...
CVE-2024-45418
CVE-2024-45418 affects Zoom Apps for macOS prior to 6.1.5. The root cause is symlink following in the installer which could enable an authenticated user to escalate privileges over the network. Impact is elevated privileges on the host; no exploitation details are provided beyond the stated risk....
CVE-2025-27442
CVE-2025-27442 corresponds to a cross-site scripting vulnerability in Zoom Workplace Apps. The issue allows an unauthenticated attacker to potentially compromise integrity via adjacent network access, with user interaction required. The exploits/patch status is not detailed in the provided docume...
CVE-2024-42434
The CVE-2024-42434 issue affects Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. It is described as a Missing authorization vulnerability that could allow a privileged user to disclose information over the network. The NVD/CVE entries and related sources cite a network-access att...
CVE-2024-24698
CVE-2024-24698 is described as an improper authentication vulnerability in Zoom clients that can allow a privileged user to disclose information via local access. The connected documents reference affected Zoom products (e.g., Zoom Client for Meetings and Zoom VDI/Desktop variants) and indicate t...
CVE-2024-42436
CVE-2024-42436 describes a buffer overflow in Zoom components: Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. The underlying issue allows an authenticated user, leveraging network access, to cause a denial of service. The NVD metrics assign a CVSS v3.1 base score of 6.5 (Medium) with...
CVE-2024-45426
CVE-2024-45426 : Affected product is Zoom Workplace Apps. The root cause is an incorrect ownership assignment that can permit a privileged user to disclose information over the network. Reported impact is solely on confidentiality (high), with no integrity/availability effects per the sources. Th...
CVE-2025-0143
CVE-2025-0143 describes an out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5, which may allow an unauthorized user to cause a denial of service via network access. Affected software is the Zoom Workplace App for Linux; root cause is the out-of-bounds write condition. Th...
CVE-2025-0145
CVE-2025-0145 affects Zoom Workplace Desktop App for Windows. Vulnerability: untrusted search path in the installer could allow an authorized local user to escalate privileges. Public details consistently reference installations prior to version 6.2.5 as affected (e.g., Nessus ZSB-25004 notes). R...
CVE-2024-45424
CVE-2024-45424 is described as a business logic error in Zoom Workplace Apps that could allow an unauthenticated user to disclose information over the network. Public details indicate affected software is Zoom Workplace/Desktop App prior to version 6.1.0, with the root cause tied to business logi...
CVE-2024-27239
CVE-2024-27239 is a use-after-free vulnerability in some Zoom Workplace Apps and SDKs that could allow an authenticated user to cause a denial-of-service over the network. Affected software is Zoom Workplace Apps and SDKs; root cause is use-after-free. Impact is DoS with network access; no explic...
CVE-2025-0147
Zoom Workplace App for Linux prior to version 6.2.10 contains a type confusion vulnerability that may allow an authorized user to escalate privileges via network access. The issue affects the Linux desktop client and is tied to handling of data types, enabling escalation to root-level privileges ...
CVE-2024-39824
CVE-2024-39824 affects Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. The issue is missing authorization that may allow a privileged user to disclose information over the network. The description and connected documents consistently identify the affected Zoom products and the im...
CVE-2024-45425
CVE-2024-45425 concerns Zoom Workplace Apps and refers to incorrect user management that may allow a privileged user to disclose information over the network. The provided sources consistently describe a network-accessible path to information disclosure with high confidentiality impact (per CVSS ...
CVE-2025-30671
CVE-2025-30671 affects Zoom Workplace Apps for Windows. The issue is a null pointer dereference that can allow an authenticated user to cause a denial of service over the network. Connected Nessus advisories note affected versions prior to 6.3.10 for Zoom Workplace Desktop/Client components and r...
CVE-2023-39215
CVE-2023-39215 is an authentication issue in Zoom clients that enables an authenticated user to cause a denial of service over the network. Connected advisories and scanners show affected Zoom products and ranges such as: Zoom Client for Meetings prior to 5.15.5; Zoom VDI Meeting Client prior to ...
CVE-2024-24697
CVE-2024-24697 affects Zoom Windows clients with 32‑bit binaries, due to an untrusted search path that enables local privilege escalation for an authenticated user. Public references indicate affected Zoom products include Zoom Desktop/VDI and Zoom Client for Meetings; remediation is to update to...
CVE-2024-27243
CVE-2024-27243 describes a buffer overflow in Zoom Workplace Apps and SDKs. The vulnerability affects Zoom’s Workplace components when processing untrusted input, allowing an authenticated user to cause a denial of service over a network connection. The CVSSv3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:...
CVE-2024-27245
This CVE (CVE-2024-27245) affects Zoom Workplace Apps and SDKs. The vulnerability is a buffer overflow in these components that could allow an authenticated user to cause a denial of service over the network. The available sources confirm the affected product family (Zoom Workplace Apps and SDKs)...
CVE-2024-39823
CVE-2024-39823 affects Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. The connected sources indicate a missing authorization in these Zoom products could allow a privileged user to perform information disclosure over a network. The exact vulnerable components (versions, files) a...
CVE-2024-45419
CVE-2024-45419 concerns Zoom Apps and involves improper input validation that can allow an unauthenticated user to disclose information over the network. Affected software is Zoom Apps (per the CVE entry and multiple sources), with the vulnerability described as enabling information disclosure vi...
CVE-2025-0146
CVE-2025-0146 affects Zoom Workplace App for macOS prior to 6.2.10. The issue arises from symlink following in the installer, allowing an authenticated user with local access to cause a denial of service. Public sources in the connected documents corroborate the DoS impact via local access due to...
CVE-2025-0149
CVE-2025-0149 affects Zoom Workplace Apps. The issue is insufficient verification of data authenticity, potentially allowing an unauthenticated, network-connected user to cause a denial-of-service. CVSS describes high availability impact (A: HIGH) with network access and no user interaction requi...
CVE-2025-27441
CVE-2025-27441 is a cross-site scripting issue in Zoom Workplace Apps caused by improper filtering of user-supplied input. The vulnerability could allow an unauthenticated attacker to compromise data integrity via adjacent network access. The connected sources corroborate the vulnerability and it...
CVE-2023-43583
CVE-2023-43583 affects Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android/iOS prior to 5.16.0. The issue is described as cryptographic problems that may let a privileged user disclose information via network access. Affected components include the Zoom Mobile Apps acr...
CVE-2024-27241
CVE-2024-27241 corresponds to an improper input validation flaw affecting Zoom Apps and SDKs. The connected Nessus entry specifies Zoom Workplace Desktop App
CVE-2024-39826
CVE-2024-39826 affects Zoom Workplace Apps and SDKs for Windows. The connected sources indicate a path traversal vulnerability in Zoom Workplace Desktop App for Windows (pre-6.0.0) that could let an authenticated user disclose information via network access. Affected component is the Windows Zoom...
CVE-2024-42437
CVE-2024-42437 describes a buffer overflow in Zoom components: Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. An authenticated user could cause a denial of service via network access due to the overflow vulnerability. The CVSS details indicate NETWORK access, low attack complexity, a...
CVE-2024-42438
The CVE-2024-42438 entry applies to Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. The issue is a buffer overflow in these components that allows an authenticated user to trigger a denial of service over the network. The available connected records confirm the affected product a...
CVE-2024-42439
CVE-2024-42439 affects Zoom Workplace Desktop App for macOS and Zoom Meeting SDK for macOS prior to 6.1.0. The root cause is an untrusted search path in the installer, which may allow a local, privileged user to escalate privileges. Affected products: Zoom Workplace Desktop App for macOS (pre-6.1...
CVE-2025-30670
Summary of CVE-2025-30670 : The issue is a null pointer dereference in Zoom Workplace Apps for Windows that can allow an authenticated user to cause a denial of service over the network. Connected documents specify affected products as Zoom Workplace Desktop App and Zoom Client for Meetings, with...
CVE-2024-42440
CVE-2024-42440 affects Zoom on macOS: Zoom Workplace Desktop App, Zoom Meeting SDK, and Zoom Rooms Client prior to version 6.1.5 suffer from improper privilege management in the installer, enabling privilege escalation via local access. Public details from multiple sources confirm the affected co...
CVE-2025-27443
CVE-2025-27443 concerns Zoom Workplace Apps for Windows, caused by insecure default variable initialization in the affected software. The vulnerability could allow an authenticated user to cause a loss of integrity via local access. Multiple connected sources consistently describe the issue in Zo...
CVE-2025-30667
CVE-2025-30667 affects Zoom Workplace Apps for Windows and is caused by a NULL pointer dereference in the application. An authenticated user could trigger a denial-of-service via network access. The available sources (NVD/Red Hat/CVE listings) describe the issue but do not provide concrete inform...
CVE-2024-24696
CVE-2024-24696 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The root issue is improper input validation that may allow an authenticated user to disclose information over the network. Affected scope includes Zoom products on Windows with r...
CVE-2024-42441
CVE-2024-42441 affects Zoom macOS components (Zoom Workplace Desktop App, Zoom Meeting SDK, Zoom Rooms Client) prior to 6.1.5. The issue is improper privilege management in the installer, enabling a local escalation of privileges by a privileged user. Impact is eventuated as high confidentiality,...
CVE-2024-39819
CVE-2024-39819 covers a privilege-escalation issue in the Windows installer for Zoom Workplace Apps and SDKs. The root cause is an integrity check within the installer that may allow an authenticated user with local access to elevate privileges. Documents consistently describe this as a local, au...