25 matches found
CVE-2022-28755
Zoom Client for Meetings (Android, iOS, Linux, macOS, Windows) prior to version 5.11.0 is affected by a URL parsing vulnerability. A malicious Zoom meeting URL can direct the user to an arbitrary network address, enabling potential remote code execution by launching executables from arbitrary pat...
CVE-2021-34423
CVE-2021-34423 describes a buffer overflow in Zoom products (client and MMR server components) due to insecure deserialization of a blob in the Zoom messaging path. The issue arises when deserializing packets where a length field is read to allocate a buffer, then a second length is read and used...
CVE-2021-34424
The CVE-2021-34424 entry concerns Zoom products (client and MMR servers) prior to versions around 5.8.x with a memory exposure/info-leak in deserialized data (ssb::variant_t) that could reveal heap/pointer data. The connected sources confirm the vulnerability’s existence, affected components, and...
CVE-2023-36535
CVE-2023-36535 affects Zoom Client for Meetings prior to 5.14.10. The issue arises from client-side enforcement of server-side security, potentially allowing an authenticated user to disclose information via network access. Zoom has released fixes; NCSC notes this vulnerability is addressed in Zo...
CVE-2022-28763
CVE-2022-28763 affects Zoom Client for Meetings (Android, iOS, Linux, macOS, Windows) prior to version 5.12.2. The issue is a URL parsing vulnerability where opening a malicious Zoom meeting URL may direct the user to connect to an arbitrary network address, enabling attacks such as session takeo...
CVE-2023-28597
CVE-2023-28597 affects Zoom clients prior to 5.13.5 and stems from an improper trust boundary implementation in SMB handling. An attacker on an adjacent network could lure a user who saves a local recording to an SMB location and later opens a link from Zoom’s web portal; by hosting a malicious S...
CVE-2023-43586
The CVE-2023-43586 issue is a path traversal vulnerability in Zoom components on Windows: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows. The NVD entry describes authenticated privilege escalation via network access, supported by accompanying metrics showi...
CVE-2023-22880
CVE-2023-22880 affects Zoom client on Windows: Zoom for Windows prior to 5.13.3, Zoom Rooms for Windows prior to 5.13.5, and Zoom VDI for Windows prior to 5.13.1. The vulnerability is an information disclosure caused by a Microsoft Edge WebView2 runtime update that sent text to Microsoft's online...
CVE-2023-43582
CVE-2023-43582 affects Zoom client software via improper authorization that can enable an escalation of privilege over the network from an authorized user. NVD records a high base score (8.8/3.1) with impact to confidentiality, integrity, and availability, and the vector is network-based with low...
CVE-2023-49647
CVE-2023-49647 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows prior to version 5.16.10. The root cause is improper access control that may allow an authenticated user with local access to escalate privileges, with high impact to confidentiality, in...
CVE-2023-39213
Zoom Desktop Client for Windows and Zoom VDI Client prior to 5.15.2 are affected by CVE-2023-39213: improper neutralization of special elements allows an unauthenticated privilege escalation via network access. Mitigation: upgrade to version 5.15.2 or later (updates exist to 5.15.5 per security a...
CVE-2023-49646
CVE-2023-49646 affects Zoom client software incl. Zoom Client for Meetings and Zoom VDI Meeting Client when running versions prior to 5.16.5. The issue is described as improper authentication that may allow an authenticated user to cause a denial-of-service via network access. The vulnerability h...
CVE-2023-34121
CVE-2023-34121 concerns Zoom for Windows, Zoom Rooms, and Zoom VDI Windows Meeting clients prior to 5.14.0. The vulnerability stems from improper input validation, potentially allowing an authenticated user to escalate privileges via network access. Public sources in the provided documents consis...
CVE-2023-39215
CVE-2023-39215 is an authentication issue in Zoom clients that enables an authenticated user to cause a denial of service over the network. Connected advisories and scanners show affected Zoom products and ranges such as: Zoom Client for Meetings prior to 5.15.5; Zoom VDI Meeting Client prior to ...
CVE-2023-39205
CVE-2023-39205 describes an issue in Zoom Team Chat affecting Zoom Client platforms where an improper conditions check can allow an authenticated user to cause a denial-of-service over the network. Reports in NVD summarize impact as Availability: High (DoS) with Confidentiality/Integrity not impa...
CVE-2023-39206
CVE-2023-39206 refers to a buffer overflow in Zoom Client variants that allows an unauthenticated user to cause a denial of service over the network. Connected sources indicate affected builds include Zoom Client before 5.16.0 (Mac, Windows, Linux) with multiple advisories (ZSB family) and a CVSS...
CVE-2023-39203
CVE-2023-39203 affects Zoom Desktop Client for Windows and Zoom VDI Client within Zoom Team Chat, where uncontrolled resource consumption could allow an unauthenticated user to disclose information via network access. Public records confirm this as a resource-management vulnerability tied to Zoom...
CVE-2023-36532
CVE-2023-36532 : Zoom Client for Meetings (Windows/macOS/Linux) is affected if prefix versions are before 5.14.5. The issue is a buffer overflow in Zoom Clients that can be triggered by unsanitized input over the network, allowing an unauthenticated remote user to cause a denial of service. The a...
CVE-2023-39204
CVE-2023-39204 targets Zoom client software with a buffer overflow vulnerability that can allow an unauthenticated attacker to cause a denial of service over the network. Public details confirm affected products include Zoom Client for Meetings (Windows/macOS) older than 5.15.10 and Zoom VDI/Meet...
CVE-2023-34120
CVE-2023-34120 affects Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows prior to 5.14.0. The issue is improper privilege management that could let an authenticated user spawn processes with escalated privileges via local access. Impacts include potential elevation of privilege w...
CVE-2023-39202
CVE-2023-39202 affects Zoom Rooms Client for Windows and Zoom VDI Client. The root cause is an untrusted search path in these components, which could allow a privileged local user to cause a denial of service. Public details in connected documents confirm the affected products and the local-acces...
CVE-2023-28603
CVE-2023-28603 concerns the Zoom VDI client installer, with an improper access control flaw in versions prior to 5.14.0. The vulnerability could allow a malicious user to delete local files without proper permissions. Affected component: Zoom VDI client installer (pre-5.14.0). Root cause: imprope...
CVE-2023-39218
Zoom Client for Meetings versions before 5.14.10 are affected by CVE-2023-39218 due to client-side enforcement of server-side security that may allow information disclosure via network access. The impact is confidentiality disclosure as noted in sources; exploitation status is not detailed in the...
CVE-2023-39199
CVE-2023-39199 is described across multiple sources as a cryptographic issue in Zoom’s In-Meeting/ conference chat that may allow a privileged user to disclose information via network access. The NVD entry notes a confidentiality impact (high) with network attack vector and low attack complexity;...
CVE-2023-43588
CVE-2023-43588 describes insufficient control flow management in Zoom Client, potentially allowing an authenticated user to disclose information over a network. The NVD entry lists a CVSS‑3.1 base score of 6.5 (MEDIUM) with Confidentiality impact HIGH, and mentions no exploitation details beyond ...