57 matches found
CVE-2024-45421
CVE-2024-45421 describes a buffer overflow in some Zoom Apps that could allow an authenticated user to escalate privileges over the network. The PT-2024-31624 entry specifies Zoom Product Suite versions prior to 6.2.0 as affected and recommends upgrading to 6.2.0 or later to address the issue. Ot...
CVE-2025-46785
CVE-2025-46785 affects Zoom Workplace Apps for Windows. The issue is a buffer over-read in affected components that can allow an authenticated user to cause a denial of service over the network. The available sources (NVD/Red Hat/CVE listings, PT-2025-21206 notes) identify the vulnerability and i...
CVE-2025-27442
CVE-2025-27442 corresponds to a cross-site scripting vulnerability in Zoom Workplace Apps. The issue allows an unauthenticated attacker to potentially compromise integrity via adjacent network access, with user interaction required. The exploits/patch status is not detailed in the provided docume...
CVE-2025-0144
CVE-2025-0144 describes an out-of-bounds write in Zoom Workplace Apps that can lead to loss of integrity over a network when processing a specific request. Multiple sources confirm the issue affects Zoom Workplace Desktop App prior to version 6.2.5 (per Nessus ZSB-25003) and indicate the vulnerab...
CVE-2024-39825
CVE-2024-39825 affects Zoom Workplace Apps and Rooms Clients. The issue is a heap-based buffer overflow that can allow an authenticated, remote attacker to escalate privileges over the network. Exploitation context: network access; no user interaction required; impact reported as high for confide...
CVE-2024-42435
The CVE-2024-42435 entry covers a sensitive information disclosure in Zoom components. Affected software includes Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. The root cause and impact details in the provided sources indicate that a privileged user could obtain confidential da...
CVE-2024-27246
CVE-2024-27246 affects Zoom Workplace Apps and SDKs. The issue is a use-after-free in components handling network activity, allowing an authenticated user to cause a denial of service over the network. Used details: CVSS v3.1 base metrics indicate MEDIUM severity (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/...
CVE-2024-39818
CVE-2024-39818 affects Zoom Workplace Apps and SDKs. The issue is a protection mechanism failure that may allow an authenticated user to disclose information over the network. CVSSv3.1: base score 6.5 (MEDIUM) from NVD, with Confidentiality Impact: High, Attack Vector: Network, Attack Complexity:...
CVE-2024-39824
CVE-2024-39824 affects Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. The issue is missing authorization that may allow a privileged user to disclose information over the network. The description and connected documents consistently identify the affected Zoom products and the im...
CVE-2024-42434
The CVE-2024-42434 issue affects Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. It is described as a Missing authorization vulnerability that could allow a privileged user to disclose information over the network. The NVD/CVE entries and related sources cite a network-access att...
CVE-2024-42436
CVE-2024-42436 describes a buffer overflow in Zoom components: Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. The underlying issue allows an authenticated user, leveraging network access, to cause a denial of service. The NVD metrics assign a CVSS v3.1 base score of 6.5 (Medium) with...
CVE-2025-0145
CVE-2025-0145 affects Zoom Workplace Desktop App for Windows. Vulnerability: untrusted search path in the installer could allow an authorized local user to escalate privileges. Public details consistently reference installations prior to version 6.2.5 as affected (e.g., Nessus ZSB-25004 notes). R...
CVE-2024-45425
CVE-2024-45425 concerns Zoom Workplace Apps and refers to incorrect user management that may allow a privileged user to disclose information over the network. The provided sources consistently describe a network-accessible path to information disclosure with high confidentiality impact (per CVSS ...
CVE-2024-39823
CVE-2024-39823 affects Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. The connected sources indicate a missing authorization in these Zoom products could allow a privileged user to perform information disclosure over a network. The exact vulnerable components (versions, files) a...
CVE-2025-30671
CVE-2025-30671 affects Zoom Workplace Apps for Windows. The issue is a null pointer dereference that can allow an authenticated user to cause a denial of service over the network. Connected Nessus advisories note affected versions prior to 6.3.10 for Zoom Workplace Desktop/Client components and r...
CVE-2024-45424
CVE-2024-45424 is described as a business logic error in Zoom Workplace Apps that could allow an unauthenticated user to disclose information over the network. Public details indicate affected software is Zoom Workplace/Desktop App prior to version 6.1.0, with the root cause tied to business logi...
CVE-2024-45426
CVE-2024-45426 : Affected product is Zoom Workplace Apps. The root cause is an incorrect ownership assignment that can permit a privileged user to disclose information over the network. Reported impact is solely on confidentiality (high), with no integrity/availability effects per the sources. Th...
CVE-2024-42438
The CVE-2024-42438 entry applies to Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. The issue is a buffer overflow in these components that allows an authenticated user to trigger a denial of service over the network. The available connected records confirm the affected product a...
CVE-2024-45419
CVE-2024-45419 concerns Zoom Apps and involves improper input validation that can allow an unauthenticated user to disclose information over the network. Affected software is Zoom Apps (per the CVE entry and multiple sources), with the vulnerability described as enabling information disclosure vi...
CVE-2024-27239
CVE-2024-27239 is a use-after-free vulnerability in some Zoom Workplace Apps and SDKs that could allow an authenticated user to cause a denial-of-service over the network. Affected software is Zoom Workplace Apps and SDKs; root cause is use-after-free. Impact is DoS with network access; no explic...
CVE-2024-42437
CVE-2024-42437 describes a buffer overflow in Zoom components: Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers. An authenticated user could cause a denial of service via network access due to the overflow vulnerability. The CVSS details indicate NETWORK access, low attack complexity, a...
CVE-2025-30670
Summary of CVE-2025-30670 : The issue is a null pointer dereference in Zoom Workplace Apps for Windows that can allow an authenticated user to cause a denial of service over the network. Connected documents specify affected products as Zoom Workplace Desktop App and Zoom Client for Meetings, with...
CVE-2024-27243
CVE-2024-27243 describes a buffer overflow in Zoom Workplace Apps and SDKs. The vulnerability affects Zoom’s Workplace components when processing untrusted input, allowing an authenticated user to cause a denial of service over a network connection. The CVSSv3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:...
CVE-2025-27439
Summary (CVE-2025-27439): Buffer underflow vulnerability in Zoom Workplace Apps may allow an authenticated user to escalate privileges over the network. Evidence from Nessus (Zoom Workplace Desktop App
CVE-2025-30663
CVE-2025-30663 affects Zoom Workplace Apps. It describes a Time-of-check time-of-use race condition that could allow an authenticated user with local access to escalate privileges. Severity is high (CVSS v3.1 metrics show high impact to confidentiality, integrity, and availability; local attack w...
CVE-2025-0149
CVE-2025-0149 affects Zoom Workplace Apps. The issue is insufficient verification of data authenticity, potentially allowing an unauthenticated, network-connected user to cause a denial-of-service. CVSS describes high availability impact (A: HIGH) with network access and no user interaction requi...
CVE-2024-27241
CVE-2024-27241 corresponds to an improper input validation flaw affecting Zoom Apps and SDKs. The connected Nessus entry specifies Zoom Workplace Desktop App
CVE-2024-27245
This CVE (CVE-2024-27245) affects Zoom Workplace Apps and SDKs. The vulnerability is a buffer overflow in these components that could allow an authenticated user to cause a denial of service over the network. The available sources confirm the affected product family (Zoom Workplace Apps and SDKs)...
CVE-2025-27441
CVE-2025-27441 is a cross-site scripting issue in Zoom Workplace Apps caused by improper filtering of user-supplied input. The vulnerability could allow an unauthenticated attacker to compromise data integrity via adjacent network access. The connected sources corroborate the vulnerability and it...
CVE-2025-30667
CVE-2025-30667 affects Zoom Workplace Apps for Windows and is caused by a NULL pointer dereference in the application. An authenticated user could trigger a denial-of-service via network access. The available sources (NVD/Red Hat/CVE listings) describe the issue but do not provide concrete inform...
CVE-2024-39826
CVE-2024-39826 affects Zoom Workplace Apps and SDKs for Windows. The connected sources indicate a path traversal vulnerability in Zoom Workplace Desktop App for Windows (pre-6.0.0) that could let an authenticated user disclose information via network access. Affected component is the Windows Zoom...
CVE-2024-27240
CVE-2024-27240 concerns Zoom Apps for Windows where the installer contains improper input validation. The vulnerability affects the Zoom Apps installer component, enabling a local, authenticated user to escalate privileges via local access. The NVD metrics indicate LOCAL attack vector, LOW attack...
CVE-2025-30668
CVE-2025-30668 affects Zoom Workplace Apps. An integer underflow in affected components may allow an authenticated user to cause a denial of service over the network. The description/references in the supplied documents confirm the vulnerability type and impact (DoS) but do not provide concrete e...
CVE-2025-30666
CVE-2025-30666 corresponds to a NULL pointer dereference in Zoom Workplace Apps for Windows. The vulnerability could allow an authenticated user to cause a denial of service over the network, with CVSSv3.1 base metrics indicating Availability Impact: HIGH and Confidentiality/Integrity Impact: NON...
CVE-2024-27244
Summary (CVE-2024-27244) Zoom Workplace VDI App for Windows contains an issue where the installer performs insufficient validation of data authenticity, enabling an authenticated user to escalate privileges via local access. Documented impact is elevation of privilege with local access; no exploi...
CVE-2025-27440
CVE-2025-27440 describes a heap overflow in some Zoom Workplace Apps that enables an authenticated user to escalate privileges over the network. The most concrete public details point to Zoom Workplace Desktop App prior to 6.3.0 being affected (per Nessus ZSB-25012), with the vulnerability charac...
CVE-2025-0151
CVE-2025-0151 affects Zoom Workplace Desktop App (Zoom Workplace/Zoom Apps) with a use-after-free condition that an authenticated user can exploit over the network to escalate privileges. The Nessus entry ties the issue to Zoom Workplace Desktop App versions before 6.3.0 (ZSB-ZSB-25010). The vuln...
CVE-2025-30664
CVE-2025-30664 is a cross-site scripting issue in Zoom Workplace Apps that could enable an authenticated local attacker to escalate privileges. The reported vector is local, requiring low privileges and user interaction, with a focus on improper neutralization of special elements as the root caus...
CVE-2025-30665
The CVE-2025-30665 entry concerns Zoom Workplace Apps for Windows, where a NULL pointer dereference could allow an authenticated user to cause a denial of service over the network. Affected component is Zoom Workplace Apps for Windows (specific versions not listed in the provided docs). The under...
CVE-2025-46786
The CVE-2025-46786 entry concerns Zoom Workplace Apps (including Zoom Workplace Desktop App) with an improper neutralization of special elements that enables Cross-site Scripting by an authenticated user over the network, potentially impacting app integrity. The vulnerability affects the app’s ab...
CVE-2025-49457
CVE-2025-49457 affects Zoom Clients for Windows (multiple Zoom products: Zoom Workplace for Windows, Zoom Rooms for Windows, Zoom Rooms Controller, Zoom Meeting SDK for Windows) where an untrusted search path could allow an unauthenticated attacker to escalate privileges over the network. Affecte...
CVE-2025-64740
CVE-2025-64740 affects Zoom Workplace VDI Client for Windows prior to 6.3.14, 6.4.12, or 6.5.10. Root cause: improper verification of the installer’s cryptographic signature, enabling an authenticated local user to escalate privileges. Remediation: upgrade to the fixed versions (6.3.14+, 6.4.12+,...
CVE-2025-49456
CVE-2025-49456 concerns a race condition in the installer of Zoom Clients for Windows. The connected sources consistently describe that the vulnerability stems from a faulty installer process, allowing an unauthenticated local user to impact (compromise) application integrity. The affected softwa...
CVE-2025-49461
CVE-2025-49461 concerns Zoom Workplace Clients affected by a cross-site scripting vulnerability that may allow an unauthenticated attacker to cause a denial of service over the network. The issue is described in the ZSB-25034 advisory and is associated with Zoom Workplace versions prior to 6.3.14...
CVE-2025-58135
CVE-2025-58135 concerns Zoom Workplace Clients for Windows. The vulnerability arises from improper action enforcement, enabling an unauthenticated attacker to disclose information via network access. Affected product family: Zoom Workplace Clients for Windows; root cause is improper enforcement o...
CVE-2026-30902
CVE-2026-30902 concerns an elevation of privilege in Zoom Clients for Windows due to improper privilege management. An authenticated user may exploit local access to escalate privileges. The description notes a high-severity outcome (CVSS v3.1 base score 7.8, impact on confidentiality, integrity ...
CVE-2025-49458
CVE-2025-49458 describes a buffer overflow in Zoom Workplace Clients that could allow an authenticated user to cause a denial of service over the network. Public documentation and scanner advisories (e.g., ZSB-25031) indicate the issue affects Zoom Workplace Clients generally and is mitigated by ...
CVE-2026-30905
CVE-2026-30905 concerns the Zoom Workplace VDI Plugin Windows Universal Installer. The issue arises from external control of a file name or path in the installer, potentially allowing an authenticated user to escalate privileges through local access on installations prior to version 6.6.11. Affec...
CVE-2025-64739
The CVE-2025-64739 issue affects Zoom Workplace and Zoom Clients. The vulnerability is described as external control of a file name or path, enabling an unauthenticated user to disclose information over the network. Public advisories (NCSC, Red Hat, CVE listings) confirm the flaw and indicate mit...
CVE-2025-49460
The CVE-2025-49460 issue affects Zoom Workplace family components (notably Zoom Workplace/VDI Client) with versions older than fixed releases. The publicly documented impact is Uncontrolled resource consumption that allows an unauthenticated remote attacker to cause a denial of service over the n...