Zoom clients
by Zoom Video Communications, Inc.
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-28597 | Hig | 0.54 | 8.3 | 0.01 | Mar 27, 2023 | Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could… | ||
| CVE-2023-39215 | Hig | 0.46 | 7.1 | 0.01 | Sep 12, 2023 | Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access. | ||
| CVE-2023-36535 | Hig | 0.46 | 7.1 | 0.01 | Aug 8, 2023 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. | ||
| CVE-2023-49646 | Med | 0.42 | 6.4 | 0.00 | Dec 13, 2023 | Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. | ||
| CVE-2023-22882 | Med | 0.42 | 6.5 | 0.01 | Mar 16, 2023 | Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | ||
| CVE-2023-22881 | Med | 0.42 | 6.5 | 0.01 | Mar 16, 2023 | Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. | ||
| CVE-2023-39218 | Med | 0.40 | 6.1 | 0.01 | Aug 8, 2023 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. | ||
| CVE-2023-36532 | Med | 0.38 | 5.9 | 0.01 | Aug 8, 2023 | Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. | ||
| CVE-2023-43582 | Med | 0.36 | 5.5 | 0.01 | Nov 15, 2023 | Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. | ||
| CVE-2023-36539 | Med | 0.34 | 5.3 | 0.01 | Jun 30, 2023 | Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. | ||
| CVE-2023-39204 | Med | 0.28 | 4.3 | 0.01 | Nov 14, 2023 | Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. | ||
| CVE-2023-28599 | Med | 0.28 | 4.3 | 0.01 | Jun 13, 2023 | Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation. | ||
| CVE-2023-39206 | Low | 0.24 | 3.7 | 0.01 | Nov 14, 2023 | Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. | ||
| CVE-2023-43588 | Low | 0.23 | 3.5 | 0.01 | Nov 15, 2023 | Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. |
- risk 0.54cvss 8.3epss 0.01
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could…
- risk 0.46cvss 7.1epss 0.01
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
- risk 0.46cvss 7.1epss 0.01
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
- risk 0.42cvss 6.4epss 0.00
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
- risk 0.42cvss 6.5epss 0.01
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.
- risk 0.42cvss 6.5epss 0.01
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.
- risk 0.40cvss 6.1epss 0.01
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.
- risk 0.38cvss 5.9epss 0.01
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
- risk 0.36cvss 5.5epss 0.01
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
- risk 0.34cvss 5.3epss 0.01
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
- risk 0.28cvss 4.3epss 0.01
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
- risk 0.28cvss 4.3epss 0.01
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.
- risk 0.24cvss 3.7epss 0.01
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
- risk 0.23cvss 3.5epss 0.01
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.