Lucene search
K
ZoomVirtual Desktop Infrastructure

25 matches found

CVE
CVE
added 2022/08/11 2:55 p.m.545 views

CVE-2022-28755

Zoom Client for Meetings (Android, iOS, Linux, macOS, Windows) prior to version 5.11.0 is affected by a URL parsing vulnerability. A malicious Zoom meeting URL can direct the user to an arbitrary network address, enabling potential remote code execution by launching executables from arbitrary pat...

9.6CVSS8.2AI score0.00727EPSS
CVE
CVE
added 2021/11/24 4:53 p.m.260 views

CVE-2021-34423

CVE-2021-34423 describes a buffer overflow in Zoom products (client and MMR server components) due to insecure deserialization of a blob in the Zoom messaging path. The issue arises when deserializing packets where a length field is read to allocate a buffer, then a second length is read and used...

9.8CVSS8.4AI score0.03207EPSS
CVE
CVE
added 2021/11/24 4:54 p.m.182 views

CVE-2021-34424

The CVE-2021-34424 entry concerns Zoom products (client and MMR servers) prior to versions around 5.8.x with a memory exposure/info-leak in deserialized data (ssb::variant_t) that could reveal heap/pointer data. The connected sources confirm the vulnerability’s existence, affected components, and...

7.5CVSS6AI score0.01666EPSS
CVE
CVE
added 2023/08/08 5:39 p.m.145 views

CVE-2023-36535

CVE-2023-36535 affects Zoom Client for Meetings prior to 5.14.10. The issue arises from client-side enforcement of server-side security, potentially allowing an authenticated user to disclose information via network access. Zoom has released fixes; NCSC notes this vulnerability is addressed in Zo...

7.1CVSS6.1AI score0.01032EPSS
CVE
CVE
added 2022/10/31 7:49 p.m.128 views

CVE-2022-28763

CVE-2022-28763 affects Zoom Client for Meetings (Android, iOS, Linux, macOS, Windows) prior to version 5.12.2. The issue is a URL parsing vulnerability where opening a malicious Zoom meeting URL may direct the user to connect to an arbitrary network address, enabling attacks such as session takeo...

9.6CVSS9.2AI score0.01134EPSS
CVE
CVE
added 2023/03/27 12:0 a.m.128 views

CVE-2023-28597

CVE-2023-28597 affects Zoom clients prior to 5.13.5 and stems from an improper trust boundary implementation in SMB handling. An attacker on an adjacent network could lure a user who saves a local recording to an SMB location and later opens a link from Zoom’s web portal; by hosting a malicious S...

8.3CVSS8AI score0.00525EPSS
CVE
CVE
added 2023/12/13 10:17 p.m.101 views

CVE-2023-43586

The CVE-2023-43586 issue is a path traversal vulnerability in Zoom components on Windows: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows. The NVD entry describes authenticated privilege escalation via network access, supported by accompanying metrics showi...

8.8CVSS8.8AI score0.00991EPSS
CVE
CVE
added 2023/03/16 12:0 a.m.88 views

CVE-2023-22880

CVE-2023-22880 affects Zoom client on Windows: Zoom for Windows prior to 5.13.3, Zoom Rooms for Windows prior to 5.13.5, and Zoom VDI for Windows prior to 5.13.1. The vulnerability is an information disclosure caused by a Microsoft Edge WebView2 runtime update that sent text to Microsoft's online...

7.5CVSS6.6AI score0.00983EPSS
CVE
CVE
added 2023/11/14 11:12 p.m.84 views

CVE-2023-43582

CVE-2023-43582 affects Zoom client software via improper authorization that can enable an escalation of privilege over the network from an authorized user. NVD records a high base score (8.8/3.1) with impact to confidentiality, integrity, and availability, and the vector is network-based with low...

8.8CVSS7.1AI score0.0066EPSS
CVE
CVE
added 2024/01/12 9:44 p.m.75 views

CVE-2023-49647

CVE-2023-49647 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows prior to version 5.16.10. The root cause is improper access control that may allow an authenticated user with local access to escalate privileges, with high impact to confidentiality, in...

8.8CVSS7.7AI score0.00246EPSS
CVE
CVE
added 2023/08/08 9:36 p.m.71 views

CVE-2023-39213

Zoom Desktop Client for Windows and Zoom VDI Client prior to 5.15.2 are affected by CVE-2023-39213: improper neutralization of special elements allows an unauthenticated privilege escalation via network access. Mitigation: upgrade to version 5.15.2 or later (updates exist to 5.15.5 per security a...

9.8CVSS9.8AI score0.01289EPSS
CVE
CVE
added 2023/12/13 10:19 p.m.71 views

CVE-2023-49646

CVE-2023-49646 affects Zoom client software incl. Zoom Client for Meetings and Zoom VDI Meeting Client when running versions prior to 5.16.5. The issue is described as improper authentication that may allow an authenticated user to cause a denial-of-service via network access. The vulnerability h...

6.5CVSS6.5AI score0.00403EPSS
CVE
CVE
added 2023/06/13 5:42 p.m.67 views

CVE-2023-34121

CVE-2023-34121 concerns Zoom for Windows, Zoom Rooms, and Zoom VDI Windows Meeting clients prior to 5.14.0. The vulnerability stems from improper input validation, potentially allowing an authenticated user to escalate privileges via network access. Public sources in the provided documents consis...

8.8CVSS6.6AI score0.00952EPSS
CVE
CVE
added 2023/09/12 7:53 p.m.62 views

CVE-2023-39215

CVE-2023-39215 is an authentication issue in Zoom clients that enables an authenticated user to cause a denial of service over the network. Connected advisories and scanners show affected Zoom products and ranges such as: Zoom Client for Meetings prior to 5.15.5; Zoom VDI Meeting Client prior to ...

7.1CVSS6.8AI score0.00924EPSS
CVE
CVE
added 2023/11/14 10:32 p.m.60 views

CVE-2023-39205

CVE-2023-39205 describes an issue in Zoom Team Chat affecting Zoom Client platforms where an improper conditions check can allow an authenticated user to cause a denial-of-service over the network. Reports in NVD summarize impact as Availability: High (DoS) with Confidentiality/Integrity not impa...

6.5CVSS7.1AI score0.00855EPSS
CVE
CVE
added 2023/11/14 11:2 p.m.60 views

CVE-2023-39206

CVE-2023-39206 refers to a buffer overflow in Zoom Client variants that allows an unauthenticated user to cause a denial of service over the network. Connected sources indicate affected builds include Zoom Client before 5.16.0 (Mac, Windows, Linux) with multiple advisories (ZSB family) and a CVSS...

7.5CVSS8AI score0.01135EPSS
CVE
CVE
added 2023/11/14 10:23 p.m.58 views

CVE-2023-39203

CVE-2023-39203 affects Zoom Desktop Client for Windows and Zoom VDI Client within Zoom Team Chat, where uncontrolled resource consumption could allow an unauthenticated user to disclose information via network access. Public records confirm this as a resource-management vulnerability tied to Zoom...

7.5CVSS7.5AI score0.00928EPSS
CVE
CVE
added 2023/08/08 5:30 p.m.55 views

CVE-2023-36532

CVE-2023-36532 : Zoom Client for Meetings (Windows/macOS/Linux) is affected if prefix versions are before 5.14.5. The issue is a buffer overflow in Zoom Clients that can be triggered by unsanitized input over the network, allowing an unauthenticated remote user to cause a denial of service. The a...

7.5CVSS7.5AI score0.01259EPSS
CVE
CVE
added 2023/11/14 10:28 p.m.54 views

CVE-2023-39204

CVE-2023-39204 targets Zoom client software with a buffer overflow vulnerability that can allow an unauthenticated attacker to cause a denial of service over the network. Public details confirm affected products include Zoom Client for Meetings (Windows/macOS) older than 5.15.10 and Zoom VDI/Meet...

7.5CVSS7.5AI score0.01063EPSS
CVE
CVE
added 2023/06/13 5:38 p.m.53 views

CVE-2023-34120

CVE-2023-34120 affects Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows prior to 5.14.0. The issue is improper privilege management that could let an authenticated user spawn processes with escalated privileges via local access. Impacts include potential elevation of privilege w...

8.7CVSS8.3AI score0.00134EPSS
CVE
CVE
added 2023/11/14 10:17 p.m.53 views

CVE-2023-39202

CVE-2023-39202 affects Zoom Rooms Client for Windows and Zoom VDI Client. The root cause is an untrusted search path in these components, which could allow a privileged local user to cause a denial of service. Public details in connected documents confirm the affected products and the local-acces...

5.5CVSS5.3AI score0.0021EPSS
CVE
CVE
added 2023/06/13 5:34 p.m.51 views

CVE-2023-28603

CVE-2023-28603 concerns the Zoom VDI client installer, with an improper access control flaw in versions prior to 5.14.0. The vulnerability could allow a malicious user to delete local files without proper permissions. Affected component: Zoom VDI client installer (pre-5.14.0). Root cause: imprope...

7.7CVSS6.8AI score0.00157EPSS
CVE
CVE
added 2023/08/08 5:54 p.m.51 views

CVE-2023-39218

Zoom Client for Meetings versions before 5.14.10 are affected by CVE-2023-39218 due to client-side enforcement of server-side security that may allow information disclosure via network access. The impact is confidentiality disclosure as noted in sources; exploitation status is not detailed in the...

6.1CVSS5.3AI score0.00931EPSS
CVE
CVE
added 2023/11/14 11:6 p.m.50 views

CVE-2023-39199

CVE-2023-39199 is described across multiple sources as a cryptographic issue in Zoom’s In-Meeting/ conference chat that may allow a privileged user to disclose information via network access. The NVD entry notes a confidentiality impact (high) with network attack vector and low attack complexity;...

6.5CVSS6.9AI score0.00619EPSS
CVE
CVE
added 2023/11/14 11:11 p.m.45 views

CVE-2023-43588

CVE-2023-43588 describes insufficient control flow management in Zoom Client, potentially allowing an authenticated user to disclose information over a network. The NVD entry lists a CVSS‑3.1 base score of 6.5 (MEDIUM) with Confidentiality impact HIGH, and mentions no exploitation details beyond ...

6.5CVSS4.9AI score0.00654EPSS