57 matches found
CVE-2018-15715
CVE-2018-15715 affects Zoom Client for Meetings on Windows, macOS, and Linux (before specific builds). The vulnerability stems from Zoom’s internal messaging pump sending both UDP (untrusted) and TCP (trusted) messages to the same handler, enabling a remote, unauthenticated attacker to craft UDP ...
CVE-2019-13567
CVE-2019-13567 affects the Zoom Client for macOS, prior to 4.4.53932.0709. The issue arises when the ZoomOpener daemon (a hidden local web server) is running but the Zoom Client is not installed or cannot be opened; an attacker can remotely execute code by using a maliciously crafted launch URL. ...
CVE-2022-28755
Zoom Client for Meetings (Android, iOS, Linux, macOS, Windows) prior to version 5.11.0 is affected by a URL parsing vulnerability. A malicious Zoom meeting URL can direct the user to an arbitrary network address, enabling potential remote code execution by launching executables from arbitrary pat...
CVE-2019-13449
The CVE-2019-13449 issue affects Zoom Client for macOS prior to 4.4.2, where a remote attacker can trigger a DoS by sending invalid join requests to localhost:19421, causing continual focus grabs and making the client unresponsive. The linked Nessus entry notes later fixes (e.g., 4.4.2 hotfix and...
CVE-2022-36928
CVE-2022-36928 — Path traversal in Zoom for Android is documented across multiple sources. It affects Zoom for Android versions prior to 5.13.0, where a third-party app could exploit a path traversal flaw to read and write to the Zoom application data directory. The underlying issue is described ...
CVE-2024-24691
CVE-2024-24691 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. Root cause: improper input validation that may allow an unauthenticated user to escalate privileges via network access. Impact per sources: high confidentiality, integrity, and a...
CVE-2023-36535
CVE-2023-36535 affects Zoom Client for Meetings prior to 5.14.10. The issue arises from client-side enforcement of server-side security, potentially allowing an authenticated user to disclose information via network access. Zoom has released fixes; NCSC notes this vulnerability is addressed in Zo...
CVE-2023-28597
CVE-2023-28597 affects Zoom clients prior to 5.13.5 and stems from an improper trust boundary implementation in SMB handling. An attacker on an adjacent network could lure a user who saves a local recording to an SMB location and later opens a link from Zoom’s web portal; by hosting a malicious S...
CVE-2023-34116
CVE-2023-34116 concerns the Zoom Desktop Client for Windows prior to version 5.15.0. The root cause is improper input validation in the client, which may allow an unauthorized user to escalate privileges via network access. Impact is described as privilege escalation with high severity. Documents...
CVE-2023-43586
The CVE-2023-43586 issue is a path traversal vulnerability in Zoom components on Windows: Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows. The NVD entry describes authenticated privilege escalation via network access, supported by accompanying metrics showi...
CVE-2023-28601
CVE-2023-28601 affects Zoom Client for Windows prior to version 5.14.0. The vulnerability is described as an improper restriction of operations within the bounds of a memory buffer, potentially allowing memory buffer tampering that could cause integrity issues in the Zoom Client. Affected compone...
CVE-2017-15048
CVE-2017-15048 – Zoom Linux client buffer overflow . The vulnerability is a stack-based overflow in the ZoomLauncher binary of the Zoom client for Linux, triggered by the zoommtg:// scheme handler. It allows a remote attacker to execute arbitrary code in the context of the affected user. Affected...
CVE-2017-15049
The CVE-2017-15049 entry relates to the Zoom Linux client where the ZoomLauncher binary did not properly sanitize user input when building a shell command, enabling remote arbitrary code execution via the zoommtg:// scheme handler in versions before 2.0.115900.1201. Connected advisories and explo...
CVE-2023-22880
CVE-2023-22880 affects Zoom client on Windows: Zoom for Windows prior to 5.13.3, Zoom Rooms for Windows prior to 5.13.5, and Zoom VDI for Windows prior to 5.13.1. The vulnerability is an information disclosure caused by a Microsoft Edge WebView2 runtime update that sent text to Microsoft's online...
CVE-2023-34114
CVE-2023-34114 affects Zoom Client for Windows and MacOS prior to 5.14.10, where exposure of a resource to the wrong sphere may enable information disclosure over a network by an authenticated user. Affected components: Zoom Client for Meetings on Windows/macOS. Impact is information disclosure (...
CVE-2023-43582
CVE-2023-43582 affects Zoom client software via improper authorization that can enable an escalation of privilege over the network from an authorized user. NVD records a high base score (8.8/3.1) with impact to confidentiality, integrity, and availability, and the vector is network-based with low...
CVE-2023-36534
CVE-2023-36534 describes a path traversal vulnerability in Zoom Desktop Client for Windows prior to version 5.14.7, allowing an unauthenticated attacker to escalate privileges via network access. The issue affects the Zoom Desktop Client on Windows and is exploited through path traversal, enablin...
CVE-2024-24695
CVE-2024-24695 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The root cause is improper input validation, which may allow an authenticated user to disclose sensitive information over the network. Documented impact is information disclosure...
CVE-2024-24690
The CVE-2024-24690 entry concerns Zoom clients with improper input validation that can allow an authenticated user to trigger a denial of service over the network. Connected documents corroborate affected Zoom products (e.g., Zoom Client for Meetings and Zoom VDI Client) and show vulnerable versi...
CVE-2023-22881
The CVE-2023-22881 issue affects Zoom Client for Meetings prior to version 5.13.5, where a STUN parsing vulnerability could allow a remote attacker to crash the client via specially crafted UDP traffic, leading to a denial of service. The available connected sources corroborate that Zoom has fixe...
CVE-2023-39216
CVE-2023-39216 affects the Zoom Desktop Client for Windows prior to 5.14.7. The issue is due to improper input validation that may allow an unauthenticated user to achieve privilege escalation via network access. Documents consistently identify this as a high-severity, client-side vulnerability w...
CVE-2023-49647
CVE-2023-49647 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows prior to version 5.16.10. The root cause is improper access control that may allow an authenticated user with local access to escalate privileges, with high impact to confidentiality, in...
CVE-2023-39209
CVE-2023-39209 affects Zoom Desktop Client for Windows prior to 5.15.5. The issue is improper input validation in the Windows client that may allow an authenticated user to disclose information over the network. The vulnerability is labeled with confidentiality impact HIGH and exploit potential r...
CVE-2023-39213
Zoom Desktop Client for Windows and Zoom VDI Client prior to 5.15.2 are affected by CVE-2023-39213: improper neutralization of special elements allows an unauthenticated privilege escalation via network access. Mitigation: upgrade to version 5.15.2 or later (updates exist to 5.15.5 per security a...
CVE-2023-49646
CVE-2023-49646 affects Zoom client software incl. Zoom Client for Meetings and Zoom VDI Meeting Client when running versions prior to 5.16.5. The issue is described as improper authentication that may allow an authenticated user to cause a denial-of-service via network access. The vulnerability h...
CVE-2023-28602
Zoom Client for Windows versions before 5.13.5 are affected by an improper verification of cryptographic signatures, enabling potential downgrades of Zoom Client components. Affected component: Zoom Client for Meetings/Zoom Client (Windows). Root cause: inadequate cryptographic signature verifica...
CVE-2024-24694
Affected software: Zoom Desktop Client for Windows (prior to version 5.17.10). Vulnerability: Improper privilege management in the installer could allow an authenticated user to escalate privileges via local access. Root cause / vector: Local access with low privileges; flaw is in the Windows ins...
CVE-2024-24698
CVE-2024-24698 is described as an improper authentication vulnerability in Zoom clients that can allow a privileged user to disclose information via local access. The connected documents reference affected Zoom products (e.g., Zoom Client for Meetings and Zoom VDI/Desktop variants) and indicate t...
CVE-2023-34121
CVE-2023-34121 concerns Zoom for Windows, Zoom Rooms, and Zoom VDI Windows Meeting clients prior to 5.14.0. The vulnerability stems from improper input validation, potentially allowing an authenticated user to escalate privileges via network access. Public sources in the provided documents consis...
CVE-2023-43583
CVE-2023-43583 affects Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android/iOS prior to 5.16.0. The issue is described as cryptographic problems that may let a privileged user disclose information via network access. Affected components include the Zoom Mobile Apps acr...
CVE-2024-27247
CVE-2024-27247 describes an issue in the Zoom Desktop Client for macOS installer prior to version 5.17.10 where improper privilege management could allow a privileged local user to escalate privileges. Affected software: Zoom Desktop Client for macOS (pre-5.17.10). Root cause: installer privilege...
CVE-2024-24699
CVE-2024-24699 affects Zoom clients via a business logic error that can disclose information to an authenticated user over the network. The base score is 6.5 (MEDIUM) with high confidentiality impact and no integrity/availability impact. Connected sources confirm this affects Zoom Client for Meet...
CVE-2023-39206
CVE-2023-39206 refers to a buffer overflow in Zoom Client variants that allows an unauthenticated user to cause a denial of service over the network. Connected sources indicate affected builds include Zoom Client before 5.16.0 (Mac, Windows, Linux) with multiple advisories (ZSB family) and a CVSS...
CVE-2023-39215
CVE-2023-39215 is an authentication issue in Zoom clients that enables an authenticated user to cause a denial of service over the network. Connected advisories and scanners show affected Zoom products and ranges such as: Zoom Client for Meetings prior to 5.15.5; Zoom VDI Meeting Client prior to ...
CVE-2023-39205
CVE-2023-39205 describes an issue in Zoom Team Chat affecting Zoom Client platforms where an improper conditions check can allow an authenticated user to cause a denial-of-service over the network. Reports in NVD summarize impact as Availability: High (DoS) with Confidentiality/Integrity not impa...
CVE-2024-24697
CVE-2024-24697 affects Zoom Windows clients with 32‑bit binaries, due to an untrusted search path that enables local privilege escalation for an authenticated user. Public references indicate affected Zoom products include Zoom Desktop/VDI and Zoom Client for Meetings; remediation is to update to...
CVE-2024-27242
CVE-2024-27242 concerns the Zoom Desktop Client for Linux, with affected versions prior to 5.17.10. The vulnerability is a cross-site scripting issue in the Linux client that can be exploited by an authenticated user to cause a denial of service over the network. The impact is limited to availabi...
CVE-2025-49464
CVE-2025-49464 is a documented buffer overflow vulnerability in Zoom Clients for Windows that permits an authorized user to cause a denial of service over the network. The CVSS v3.1 base score is 6.5 (MEDIUM) with network attack vector, low privileges required, no user interaction, and an impact ...
CVE-2023-28599
CVE-2023-28599 affects Zoom Client prior to 5.13.10. An HTML injection in the user’s display name could redirect victims to a malicious website during meeting creation. Root cause: HTML injection in display name handling. Impact: potential unauthorized navigation to attacker-controlled content; c...
CVE-2023-39203
CVE-2023-39203 affects Zoom Desktop Client for Windows and Zoom VDI Client within Zoom Team Chat, where uncontrolled resource consumption could allow an unauthenticated user to disclose information via network access. Public records confirm this as a resource-management vulnerability tied to Zoom...
CVE-2023-39211
CVE-2023-39211 affects Zoom Desktop Client for Windows and Zoom Rooms for Windows prior to 5.15.5. The issue is described as improper privilege management that may allow an authenticated user to enable an information disclosure via local access. According to connected sources, upgrading to versio...
CVE-2023-36532
CVE-2023-36532 : Zoom Client for Meetings (Windows/macOS/Linux) is affected if prefix versions are before 5.14.5. The issue is a buffer overflow in Zoom Clients that can be triggered by unsanitized input over the network, allowing an unauthenticated remote user to cause a denial of service. The a...
CVE-2023-22882
Affected software: Zoom Client (Windows/macOS/Linux) prior to version 5.13.5. The issue is a STUN parsing vulnerability that can be triggered by specially crafted UDP traffic to remotely crash the client, causing a denial of service. The public sources consistently state the impact as availabilit...
CVE-2023-28598
Zoom Client for Linux versions prior to 5.13.10 are affected by an HTML-injection vulnerability that can crash the Zoom application when a user initiates a chat with a malicious contact. The issue is documented across multiple sources (official Zoom security bulletin, Red Hat advisory, OpenVAS/Ne...
CVE-2023-36540
CVE-2023-36540 affects Zoom Desktop Client for Windows prior to 5.14.5. The vulnerability arises from an untrusted search path in the installer, which may allow an authenticated local user to escalate privileges. Affected product/version: Zoom Desktop Client for Windows
CVE-2024-24696
CVE-2024-24696 affects Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows. The root issue is improper input validation that may allow an authenticated user to disclose information over the network. Affected scope includes Zoom products on Windows with r...
CVE-2023-28600
CVE-2023-28600 affects Zoom Client on macOS prior to 5.14.0. The issue is improper access control that could allow a local attacker to delete or replace Zoom Client files, potentially compromising integrity and availability. Supported details indicate the impact is loss of integrity/availability ...
CVE-2023-39204
CVE-2023-39204 targets Zoom client software with a buffer overflow vulnerability that can allow an unauthenticated attacker to cause a denial of service over the network. Public details confirm affected products include Zoom Client for Meetings (Windows/macOS) older than 5.15.10 and Zoom VDI/Meet...
CVE-2023-39208
CVE-2023-39208; Zoom Desktop Client for Linux prior to 5.15.10 is affected by improper input validation that may allow an unauthenticated attacker to cause a denial of service over the network. The issue affects Zoom Desktop Client for Linux (Linux platform) and is triggered via network access wi...
CVE-2023-39199
CVE-2023-39199 is described across multiple sources as a cryptographic issue in Zoom’s In-Meeting/ conference chat that may allow a privileged user to disclose information via network access. The NVD entry notes a confidentiality impact (high) with network attack vector and low attack complexity;...