Lucene search
+L

57 matches found

CVE
CVE
added 2018/11/30 8:0 p.m.1820 views

CVE-2018-15715

CVE-2018-15715 affects Zoom Client for Meetings on Windows, macOS, and Linux (before specific builds). The vulnerability stems from Zoom’s internal messaging pump sending both UDP (untrusted) and TCP (trusted) messages to the same handler, enabling a remote, unauthenticated attacker to craft UDP ...

9.8CVSS9.1AI score0.03487EPSS
CVE
CVE
added 2019/07/12 3:0 a.m.862 views

CVE-2019-13567

CVE-2019-13567 affects the Zoom Client for macOS, prior to 4.4.53932.0709. The issue arises when the ZoomOpener daemon (a hidden local web server) is running but the Zoom Client is not installed or cannot be opened; an attacker can remotely execute code by using a maliciously crafted launch URL. ...

8.8CVSS6.8AI score0.03797EPSS
CVE
CVE
added 2022/08/11 2:55 p.m.546 views

CVE-2022-28755

Zoom Client for Meetings (Android, iOS, Linux, macOS, Windows) prior to version 5.11.0 is affected by a URL parsing vulnerability. A malicious Zoom meeting URL can direct the user to an arbitrary network address, enabling potential remote code execution by launching executables from arbitrary pat...

9.6CVSS8.2AI score0.00741EPSS
CVE
CVE
added 2019/07/09 5:48 a.m.197 views

CVE-2019-13449

The CVE-2019-13449 issue affects Zoom Client for macOS prior to 4.4.2, where a remote attacker can trigger a DoS by sending invalid join requests to localhost:19421, causing continual focus grabs and making the client unresponsive. The linked Nessus entry notes later fixes (e.g., 4.4.2 hotfix and...

6.5CVSS6.3AI score0.01997EPSS
CVE
CVE
added 2023/01/09 12:0 a.m.185 views

CVE-2022-36928

CVE-2022-36928 — Path traversal in Zoom for Android is documented across multiple sources. It affects Zoom for Android versions prior to 5.13.0, where a third-party app could exploit a path traversal flaw to read and write to the Zoom application data directory. The underlying issue is described ...

7.1CVSS6.3AI score0.00277EPSS
CVE
CVE
added 2024/02/14 12:1 a.m.171 views

CVE-2024-24691

CVE-2024-24691 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. Root cause: improper input validation that may allow an unauthenticated user to escalate privileges via network access. Impact per sources: high confidentiality, integrity, and a...

9.8CVSS9.7AI score0.01689EPSS
CVE
CVE
added 2023/08/08 5:39 p.m.147 views

CVE-2023-36535

CVE-2023-36535 affects Zoom Client for Meetings prior to 5.14.10. The issue arises from client-side enforcement of server-side security, potentially allowing an authenticated user to disclose information via network access. Zoom has released fixes; NCSC notes this vulnerability is addressed in Zo...

7.1CVSS6.1AI score0.01032EPSS
CVE
CVE
added 2023/03/27 12:0 a.m.131 views

CVE-2023-28597

CVE-2023-28597 affects Zoom clients prior to 5.13.5 and stems from an improper trust boundary implementation in SMB handling. An attacker on an adjacent network could lure a user who saves a local recording to an SMB location and later opens a link from Zoom’s web portal; by hosting a malicious S...

8.3CVSS8AI score0.00525EPSS
CVE
CVE
added 2023/07/11 4:56 p.m.129 views

CVE-2023-34116

CVE-2023-34116 concerns the Zoom Desktop Client for Windows prior to version 5.15.0. The root cause is improper input validation in the client, which may allow an unauthorized user to escalate privileges via network access. Impact is described as privilege escalation with high severity. Documents...

8.8CVSS8.8AI score0.00959EPSS
CVE
CVE
added 2023/12/13 10:17 p.m.103 views

CVE-2023-43586

The CVE-2023-43586 issue is a path traversal vulnerability in Zoom components on Windows: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows. The NVD entry describes authenticated privilege escalation via network access, supported by accompanying metrics showi...

8.8CVSS8.8AI score0.00991EPSS
CVE
CVE
added 2023/06/13 5:5 p.m.101 views

CVE-2023-28601

CVE-2023-28601 affects Zoom Client for Windows prior to version 5.14.0. The vulnerability is described as an improper restriction of operations within the bounds of a memory buffer, potentially allowing memory buffer tampering that could cause integrity issues in the Zoom Client. Affected compone...

8.3CVSS7.1AI score0.00953EPSS
CVE
CVE
added 2017/12/19 3:0 p.m.94 views

CVE-2017-15048

CVE-2017-15048 – Zoom Linux client buffer overflow . The vulnerability is a stack-based overflow in the ZoomLauncher binary of the Zoom client for Linux, triggered by the zoommtg:// scheme handler. It allows a remote attacker to execute arbitrary code in the context of the affected user. Affected...

8.8CVSS9.1AI score0.10163EPSS
Web
CVE
CVE
added 2017/12/19 3:0 p.m.94 views

CVE-2017-15049

The CVE-2017-15049 entry relates to the Zoom Linux client where the ZoomLauncher binary did not properly sanitize user input when building a shell command, enabling remote arbitrary code execution via the zoommtg:// scheme handler in versions before 2.0.115900.1201. Connected advisories and explo...

9.3CVSS8.9AI score0.17048EPSS
Web
CVE
CVE
added 2023/03/16 12:0 a.m.91 views

CVE-2023-22880

CVE-2023-22880 affects Zoom client on Windows: Zoom for Windows prior to 5.13.3, Zoom Rooms for Windows prior to 5.13.5, and Zoom VDI for Windows prior to 5.13.1. The vulnerability is an information disclosure caused by a Microsoft Edge WebView2 runtime update that sent text to Microsoft's online...

7.5CVSS6.6AI score0.00983EPSS
CVE
CVE
added 2023/06/13 6:37 p.m.88 views

CVE-2023-34114

CVE-2023-34114 affects Zoom Client for Windows and MacOS prior to 5.14.10, where exposure of a resource to the wrong sphere may enable information disclosure over a network by an authenticated user. Affected components: Zoom Client for Meetings on Windows/macOS. Impact is information disclosure (...

7.4CVSS6.3AI score0.00983EPSS
CVE
CVE
added 2023/11/14 11:12 p.m.87 views

CVE-2023-43582

CVE-2023-43582 affects Zoom client software via improper authorization that can enable an escalation of privilege over the network from an authorized user. NVD records a high base score (8.8/3.1) with impact to confidentiality, integrity, and availability, and the vector is network-based with low...

8.8CVSS7.1AI score0.0066EPSS
CVE
CVE
added 2023/08/08 5:35 p.m.86 views

CVE-2023-36534

CVE-2023-36534 describes a path traversal vulnerability in Zoom Desktop Client for Windows prior to version 5.14.7, allowing an unauthenticated attacker to escalate privileges via network access. The issue affects the Zoom Desktop Client on Windows and is exploited through path traversal, enablin...

9.8CVSS9.7AI score0.01392EPSS
CVE
CVE
added 2024/02/13 11:50 p.m.84 views

CVE-2024-24695

CVE-2024-24695 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The root cause is improper input validation, which may allow an authenticated user to disclose sensitive information over the network. Documented impact is information disclosure...

6.8CVSS6.3AI score0.00803EPSS
CVE
CVE
added 2024/02/14 12:0 a.m.83 views

CVE-2024-24690

The CVE-2024-24690 entry concerns Zoom clients with improper input validation that can allow an authenticated user to trigger a denial of service over the network. Connected documents corroborate affected Zoom products (e.g., Zoom Client for Meetings and Zoom VDI Client) and show vulnerable versi...

6.5CVSS5.5AI score0.00571EPSS
CVE
CVE
added 2023/03/16 12:0 a.m.80 views

CVE-2023-22881

The CVE-2023-22881 issue affects Zoom Client for Meetings prior to version 5.13.5, where a STUN parsing vulnerability could allow a remote attacker to crash the client via specially crafted UDP traffic, leading to a denial of service. The available connected sources corroborate that Zoom has fixe...

7.5CVSS6.7AI score0.01122EPSS
CVE
CVE
added 2023/08/08 5:48 p.m.77 views

CVE-2023-39216

CVE-2023-39216 affects the Zoom Desktop Client for Windows prior to 5.14.7. The issue is due to improper input validation that may allow an unauthenticated user to achieve privilege escalation via network access. Documents consistently identify this as a high-severity, client-side vulnerability w...

9.8CVSS9.7AI score0.01056EPSS
CVE
CVE
added 2024/01/12 9:44 p.m.77 views

CVE-2023-49647

CVE-2023-49647 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows prior to version 5.16.10. The root cause is improper access control that may allow an authenticated user with local access to escalate privileges, with high impact to confidentiality, in...

8.8CVSS7.7AI score0.00246EPSS
CVE
CVE
added 2023/08/08 9:39 p.m.75 views

CVE-2023-39209

CVE-2023-39209 affects Zoom Desktop Client for Windows prior to 5.15.5. The issue is improper input validation in the Windows client that may allow an authenticated user to disclose information over the network. The vulnerability is labeled with confidentiality impact HIGH and exploit potential r...

6.5CVSS6.1AI score0.00797EPSS
CVE
CVE
added 2023/08/08 9:36 p.m.73 views

CVE-2023-39213

Zoom Desktop Client for Windows and Zoom VDI Client prior to 5.15.2 are affected by CVE-2023-39213: improper neutralization of special elements allows an unauthenticated privilege escalation via network access. Mitigation: upgrade to version 5.15.2 or later (updates exist to 5.15.5 per security a...

9.8CVSS9.8AI score0.01289EPSS
CVE
CVE
added 2023/12/13 10:19 p.m.73 views

CVE-2023-49646

CVE-2023-49646 affects Zoom client software incl. Zoom Client for Meetings and Zoom VDI Meeting Client when running versions prior to 5.16.5. The issue is described as improper authentication that may allow an authenticated user to cause a denial-of-service via network access. The vulnerability h...

6.5CVSS6.5AI score0.00403EPSS
CVE
CVE
added 2023/06/13 5:30 p.m.71 views

CVE-2023-28602

Zoom Client for Windows versions before 5.13.5 are affected by an improper verification of cryptographic signatures, enabling potential downgrades of Zoom Client components. Affected component: Zoom Client for Meetings/Zoom Client (Windows). Root cause: inadequate cryptographic signature verifica...

7.7CVSS7.5AI score0.00312EPSS
CVE
CVE
added 2024/04/09 5:13 p.m.70 views

CVE-2024-24694

Affected software: Zoom Desktop Client for Windows (prior to version 5.17.10). Vulnerability: Improper privilege management in the installer could allow an authenticated user to escalate privileges via local access. Root cause / vector: Local access with low privileges; flaw is in the Windows ins...

7.8CVSS5.9AI score0.00154EPSS
CVE
CVE
added 2024/02/13 11:56 p.m.70 views

CVE-2024-24698

CVE-2024-24698 is described as an improper authentication vulnerability in Zoom clients that can allow a privileged user to disclose information via local access. The connected documents reference affected Zoom products (e.g., Zoom Client for Meetings and Zoom VDI/Desktop variants) and indicate t...

4.9CVSS4.8AI score0.00531EPSS
CVE
CVE
added 2023/06/13 5:42 p.m.68 views

CVE-2023-34121

CVE-2023-34121 concerns Zoom for Windows, Zoom Rooms, and Zoom VDI Windows Meeting clients prior to 5.14.0. The vulnerability stems from improper input validation, potentially allowing an authenticated user to escalate privileges via network access. Public sources in the provided documents consis...

8.8CVSS6.6AI score0.00952EPSS
CVE
CVE
added 2023/12/13 10:8 p.m.68 views

CVE-2023-43583

CVE-2023-43583 affects Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android/iOS prior to 5.16.0. The issue is described as cryptographic problems that may let a privileged user disclose information via network access. Affected components include the Zoom Mobile Apps acr...

4.9CVSS4.7AI score0.00567EPSS
CVE
CVE
added 2024/04/09 5:15 p.m.67 views

CVE-2024-27247

CVE-2024-27247 describes an issue in the Zoom Desktop Client for macOS installer prior to version 5.17.10 where improper privilege management could allow a privileged local user to escalate privileges. Affected software: Zoom Desktop Client for macOS (pre-5.17.10). Root cause: installer privilege...

6.7CVSS5.5AI score0.00118EPSS
CVE
CVE
added 2024/02/13 11:58 p.m.65 views

CVE-2024-24699

CVE-2024-24699 affects Zoom clients via a business logic error that can disclose information to an authenticated user over the network. The base score is 6.5 (MEDIUM) with high confidentiality impact and no integrity/availability impact. Connected sources confirm this affects Zoom Client for Meet...

6.5CVSS6.1AI score0.01662EPSS
CVE
CVE
added 2023/11/14 11:2 p.m.64 views

CVE-2023-39206

CVE-2023-39206 refers to a buffer overflow in Zoom Client variants that allows an unauthenticated user to cause a denial of service over the network. Connected sources indicate affected builds include Zoom Client before 5.16.0 (Mac, Windows, Linux) with multiple advisories (ZSB family) and a CVSS...

7.5CVSS8AI score0.01135EPSS
CVE
CVE
added 2023/09/12 7:53 p.m.64 views

CVE-2023-39215

CVE-2023-39215 is an authentication issue in Zoom clients that enables an authenticated user to cause a denial of service over the network. Connected advisories and scanners show affected Zoom products and ranges such as: Zoom Client for Meetings prior to 5.15.5; Zoom VDI Meeting Client prior to ...

7.1CVSS6.8AI score0.00924EPSS
CVE
CVE
added 2023/11/14 10:32 p.m.63 views

CVE-2023-39205

CVE-2023-39205 describes an issue in Zoom Team Chat affecting Zoom Client platforms where an improper conditions check can allow an authenticated user to cause a denial-of-service over the network. Reports in NVD summarize impact as Availability: High (DoS) with Confidentiality/Integrity not impa...

6.5CVSS7.1AI score0.00855EPSS
CVE
CVE
added 2024/02/13 11:53 p.m.63 views

CVE-2024-24697

CVE-2024-24697 affects Zoom Windows clients with 32‑bit binaries, due to an untrusted search path that enables local privilege escalation for an authenticated user. Public references indicate affected Zoom products include Zoom Desktop/VDI and Zoom Client for Meetings; remediation is to update to...

7.8CVSS7AI score0.00273EPSS
CVE
CVE
added 2024/04/09 5:18 p.m.63 views

CVE-2024-27242

CVE-2024-27242 concerns the Zoom Desktop Client for Linux, with affected versions prior to 5.17.10. The vulnerability is a cross-site scripting issue in the Linux client that can be exploited by an authenticated user to cause a denial of service over the network. The impact is limited to availabi...

6.8CVSS4.3AI score0.00462EPSS
CVE
CVE
added 2025/07/10 4:32 p.m.62 views

CVE-2025-49464

CVE-2025-49464 is a documented buffer overflow vulnerability in Zoom Clients for Windows that permits an authorized user to cause a denial of service over the network. The CVSS v3.1 base score is 6.5 (MEDIUM) with network attack vector, low privileges required, no user interaction, and an impact ...

6.5CVSS7AI score0.00569EPSS
CVE
CVE
added 2023/06/13 4:55 p.m.59 views

CVE-2023-28599

CVE-2023-28599 affects Zoom Client prior to 5.13.10. An HTML injection in the user’s display name could redirect victims to a malicious website during meeting creation. Root cause: HTML injection in display name handling. Impact: potential unauthorized navigation to attacker-controlled content; c...

4.3CVSS5AI score0.00728EPSS
CVE
CVE
added 2023/11/14 10:23 p.m.59 views

CVE-2023-39203

CVE-2023-39203 affects Zoom Desktop Client for Windows and Zoom VDI Client within Zoom Team Chat, where uncontrolled resource consumption could allow an unauthenticated user to disclose information via network access. Public records confirm this as a resource-management vulnerability tied to Zoom...

7.5CVSS7.5AI score0.00928EPSS
CVE
CVE
added 2023/08/08 9:30 p.m.59 views

CVE-2023-39211

CVE-2023-39211 affects Zoom Desktop Client for Windows and Zoom Rooms for Windows prior to 5.15.5. The issue is described as improper privilege management that may allow an authenticated user to enable an information disclosure via local access. According to connected sources, upgrading to versio...

8.8CVSS7.3AI score0.002EPSS
CVE
CVE
added 2023/08/08 5:30 p.m.58 views

CVE-2023-36532

CVE-2023-36532 : Zoom Client for Meetings (Windows/macOS/Linux) is affected if prefix versions are before 5.14.5. The issue is a buffer overflow in Zoom Clients that can be triggered by unsanitized input over the network, allowing an unauthenticated remote user to cause a denial of service. The a...

7.5CVSS7.5AI score0.01259EPSS
CVE
CVE
added 2023/03/16 12:0 a.m.57 views

CVE-2023-22882

Affected software: Zoom Client (Windows/macOS/Linux) prior to version 5.13.5. The issue is a STUN parsing vulnerability that can be triggered by specially crafted UDP traffic to remotely crash the client, causing a denial of service. The public sources consistently state the impact as availabilit...

7.5CVSS6.8AI score0.01142EPSS
CVE
CVE
added 2023/06/13 4:49 p.m.56 views

CVE-2023-28598

Zoom Client for Linux versions prior to 5.13.10 are affected by an HTML-injection vulnerability that can crash the Zoom application when a user initiates a chat with a malicious contact. The issue is documented across multiple sources (official Zoom security bulletin, Red Hat advisory, OpenVAS/Ne...

7.5CVSS6.4AI score0.00542EPSS
CVE
CVE
added 2023/08/08 5:5 p.m.56 views

CVE-2023-36540

CVE-2023-36540 affects Zoom Desktop Client for Windows prior to 5.14.5. The vulnerability arises from an untrusted search path in the installer, which may allow an authenticated local user to escalate privileges. Affected product/version: Zoom Desktop Client for Windows

7.8CVSS7.9AI score0.00287EPSS
CVE
CVE
added 2024/02/13 11:51 p.m.56 views

CVE-2024-24696

CVE-2024-24696 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The root issue is improper input validation that may allow an authenticated user to disclose information over the network. Affected scope includes Zoom products on Windows with r...

6.8CVSS6.3AI score0.00803EPSS
CVE
CVE
added 2023/06/13 5:0 p.m.55 views

CVE-2023-28600

CVE-2023-28600 affects Zoom Client on macOS prior to 5.14.0. The issue is improper access control that could allow a local attacker to delete or replace Zoom Client files, potentially compromising integrity and availability. Supported details indicate the impact is loss of integrity/availability ...

5.4CVSS5.3AI score0.00221EPSS
CVE
CVE
added 2023/11/14 10:28 p.m.55 views

CVE-2023-39204

CVE-2023-39204 targets Zoom client software with a buffer overflow vulnerability that can allow an unauthenticated attacker to cause a denial of service over the network. Public details confirm affected products include Zoom Client for Meetings (Windows/macOS) older than 5.15.10 and Zoom VDI/Meet...

7.5CVSS7.5AI score0.01063EPSS
CVE
CVE
added 2023/09/12 7:55 p.m.54 views

CVE-2023-39208

CVE-2023-39208; Zoom Desktop Client for Linux prior to 5.15.10 is affected by improper input validation that may allow an unauthenticated attacker to cause a denial of service over the network. The issue affects Zoom Desktop Client for Linux (Linux platform) and is triggered via network access wi...

7.5CVSS7.4AI score0.0054EPSS
CVE
CVE
added 2023/11/14 11:6 p.m.53 views

CVE-2023-39199

CVE-2023-39199 is described across multiple sources as a cryptographic issue in Zoom’s In-Meeting/ conference chat that may allow a privileged user to disclose information via network access. The NVD entry notes a confidentiality impact (high) with network attack vector and low attack complexity;...

6.5CVSS6.9AI score0.00619EPSS
Total number of security vulnerabilities57