Zoom@* Security Vulnerabilities and Issues — Zoom@* CVE List

Lucene search

ZoomZoom*

55 matches found

CVE•added 2021/03/18 2:15 p.m.•2142 views

CVE-2021-28133

Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants...

4.3CVSS4.4AI score0.01324EPSS

CVE•added 2018/11/30 8:29 p.m.•1794 views

CVE-2018-15715

Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invok...

9.8CVSS9.1AI score0.01511EPSS

CVE•added 2019/07/12 4:15 a.m.•838 views

CVE-2019-13567

The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciou...

8.8CVSS6.8AI score0.01518EPSS

CVE•added 2022/08/11 3:15 p.m.•524 views

CVE-2022-28755

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attack...

9.6CVSS8.2AI score0.00408EPSS

CVE•added 2019/07/09 6:15 a.m.•207 views

CVE-2019-13450

In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable...

6.5CVSS6.5AI score0.00617EPSS

CVE•added 2019/07/09 6:15 a.m.•175 views

CVE-2019-13449

In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421.

6.5CVSS6.3AI score0.0101EPSS

CVE•added 2023/01/09 7:15 p.m.•171 views

CVE-2022-36928

Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory.

7.1CVSS6.3AI score0.00176EPSS

CVE•added 2023/08/08 6:15 p.m.•130 views

CVE-2023-36535

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.

7.1CVSS6.1AI score0.00173EPSS

CVE•added 2024/02/14 12:15 a.m.•130 views

CVE-2024-24691

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.

9.8CVSS9.7AI score0.00467EPSS

CVE•added 2023/03/27 9:15 p.m.•110 views

CVE-2023-28597

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SM...

8.3CVSS8AI score0.00776EPSS

CVE•added 2023/07/11 5:15 p.m.•102 views

CVE-2023-34116

Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.

8.8CVSS8.8AI score0.00401EPSS

CVE•added 2020/06/08 2:15 p.m.•90 views

CVE-2020-6109

An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a sp...

9.8CVSS9.5AI score0.00503EPSS

CVE•added 2020/06/08 2:15 p.m.•89 views

CVE-2020-6110

An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to...

8.8CVSS9.1AI score0.00412EPSS

CVE•added 2023/12/13 11:15 p.m.•84 views

CVE-2023-43586

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

8.8CVSS8.8AI score0.00073EPSS

CVE•added 2023/06/13 6:15 p.m.•82 views

CVE-2023-28601

Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client.

8.3CVSS7.1AI score0.00342EPSS

CVE•added 2017/12/19 3:29 p.m.•79 views

CVE-2017-15048

Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.

8.8CVSS9.1AI score0.21428EPSS

CVE•added 2023/06/13 7:15 p.m.•73 views

CVE-2023-34114

Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access.

7.4CVSS6.3AI score0.0019EPSS

CVE•added 2023/03/16 9:15 p.m.•71 views

CVE-2023-22880

Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted ...

7.5CVSS6.6AI score0.00389EPSS

CVE•added 2017/12/19 3:29 p.m.•70 views

CVE-2017-15049

The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler.

9.3CVSS8.9AI score0.28861EPSS

CVE•added 2023/11/15 12:15 a.m.•69 views

CVE-2023-43582

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.

8.8CVSS7.1AI score0.00163EPSS

CVE•added 2023/03/16 9:15 p.m.•64 views

CVE-2023-22881

Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.

7.5CVSS6.7AI score0.00444EPSS

CVE•added 2024/02/14 12:15 a.m.•64 views

CVE-2024-24690

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.

6.5CVSS5.5AI score0.00075EPSS

CVE•added 2023/08/08 6:15 p.m.•62 views

CVE-2023-36534

Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

9.8CVSS9.7AI score0.00621EPSS

CVE•added 2023/08/08 10:15 p.m.•61 views

CVE-2023-39209

Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.

6.5CVSS6.1AI score0.00098EPSS

CVE•added 2023/08/08 6:15 p.m.•59 views

CVE-2023-39216

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

9.8CVSS9.7AI score0.00463EPSS

CVE•added 2023/06/13 6:15 p.m.•58 views

CVE-2023-28602

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions.

7.7CVSS7.5AI score0.00102EPSS

CVE•added 2024/01/12 10:15 p.m.•58 views

CVE-2023-49647

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.

8.8CVSS7.7AI score0.00037EPSS

CVE•added 2023/08/08 10:15 p.m.•54 views

CVE-2023-39213

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.

9.8CVSS9.8AI score0.01106EPSS

CVE•added 2024/02/14 12:15 a.m.•50 views

CVE-2024-24698

Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.

4.9CVSS4.8AI score0.00112EPSS

CVE•added 2023/06/13 6:15 p.m.•49 views

CVE-2023-34121

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.

8.8CVSS6.6AI score0.00556EPSS

CVE•added 2024/02/14 12:15 a.m.•49 views

CVE-2024-24699

Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.

6.5CVSS6.1AI score0.00282EPSS

CVE•added 2023/06/13 5:15 p.m.•47 views

CVE-2023-28599

Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.

4.3CVSS5AI score0.00516EPSS

CVE•added 2023/09/12 8:15 p.m.•47 views

CVE-2023-39215

Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.

7.1CVSS6.8AI score0.00375EPSS

CVE•added 2023/12/13 11:15 p.m.•47 views

CVE-2023-49646

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.

6.5CVSS6.5AI score0.00022EPSS

CVE•added 2024/02/14 12:15 a.m.•47 views

CVE-2024-24697

Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.

7.8CVSS7AI score0.00052EPSS

CVE•added 2023/06/13 5:15 p.m.•45 views

CVE-2023-28598

Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.

7.5CVSS6.4AI score0.00299EPSS

CVE•added 2023/11/14 11:15 p.m.•44 views

CVE-2023-39205

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.

6.5CVSS7.1AI score0.00369EPSS

CVE•added 2023/03/16 9:15 p.m.•43 views

CVE-2023-22882

7.5CVSS6.8AI score0.00294EPSS

CVE•added 2023/08/08 10:15 p.m.•43 views

CVE-2023-39211

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.

8.8CVSS7.3AI score0.00037EPSS

CVE•added 2023/12/13 11:15 p.m.•43 views

CVE-2023-43583

Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.

4.9CVSS4.7AI score0.00118EPSS

CVE•added 2024/02/14 12:15 a.m.•43 views

CVE-2024-24695

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.

6.8CVSS6.3AI score0.00206EPSS

CVE•added 2023/06/13 6:15 p.m.•42 views

CVE-2023-28600

Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.

5.4CVSS5.3AI score0.00056EPSS

CVE•added 2023/11/14 11:15 p.m.•42 views

CVE-2023-39203

Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access.

7.5CVSS7.5AI score0.00167EPSS

CVE•added 2023/11/14 11:15 p.m.•40 views

CVE-2023-39206

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

7.5CVSS8AI score0.00312EPSS

CVE•added 2023/09/12 8:15 p.m.•40 views

CVE-2023-39208

Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access.

7.5CVSS7.4AI score0.00064EPSS

CVE•added 2024/02/14 12:15 a.m.•40 views

CVE-2024-24696

6.8CVSS6.3AI score0.0019EPSS

CVE•added 2023/08/08 6:15 p.m.•38 views

CVE-2023-36540

Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.

7.8CVSS7.9AI score0.00034EPSS

CVE•added 2023/11/14 11:15 p.m.•38 views

CVE-2023-39204

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

7.5CVSS7.5AI score0.00273EPSS

CVE•added 2023/08/08 6:15 p.m.•35 views

CVE-2023-36532

Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.

7.5CVSS7.5AI score0.00683EPSS

CVE•added 2023/08/08 6:15 p.m.•35 views

CVE-2023-36541

Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access.

8.8CVSS8.8AI score0.00389EPSS

Total number of security vulnerabilities55