Zoom VDI
by Zoom Video Communications, Inc.
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-24698 | 0.00 | — | 0.01 | Feb 13, 2024 | Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access. | |||
| CVE-2023-43588 | 0.00 | — | 0.01 | Nov 14, 2023 | Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. | |||
| CVE-2023-39218 | 0.00 | — | 0.01 | Aug 8, 2023 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. | |||
| CVE-2023-36535 | 0.00 | — | 0.01 | Aug 8, 2023 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. | |||
| CVE-2023-36539 | 0.00 | — | 0.00 | Jun 30, 2023 | Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. | |||
| CVE-2023-34114 | 0.00 | — | 0.01 | Jun 13, 2023 | Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. | |||
| CVE-2023-28599 | 0.00 | — | 0.01 | Jun 13, 2023 | Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation. | |||
| CVE-2023-28598 | 0.00 | — | 0.01 | Jun 13, 2023 | Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash. | |||
| CVE-2023-28597 | 0.00 | — | 0.01 | Mar 27, 2023 | Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could… | |||
| CVE-2023-22880 | 0.00 | — | 0.01 | Mar 16, 2023 | Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom… | |||
| CVE-2018-15715 | 0.00 | — | 0.03 | Nov 30, 2018 | Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom… |
- CVE-2024-24698Feb 13, 2024risk 0.00cvss —epss 0.01
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
- CVE-2023-43588Nov 14, 2023risk 0.00cvss —epss 0.01
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
- CVE-2023-39218Aug 8, 2023risk 0.00cvss —epss 0.01
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.
- CVE-2023-36535Aug 8, 2023risk 0.00cvss —epss 0.01
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
- CVE-2023-36539Jun 30, 2023risk 0.00cvss —epss 0.00
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
- CVE-2023-34114Jun 13, 2023risk 0.00cvss —epss 0.01
Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access.
- CVE-2023-28599Jun 13, 2023risk 0.00cvss —epss 0.01
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.
- CVE-2023-28598Jun 13, 2023risk 0.00cvss —epss 0.01
Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.
- CVE-2023-28597Mar 27, 2023risk 0.00cvss —epss 0.01
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could…
- CVE-2023-22880Mar 16, 2023risk 0.00cvss —epss 0.01
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom…
- CVE-2018-15715Nov 30, 2018risk 0.00cvss —epss 0.03
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom…