Vendor CVEs
Zoom Video Communications, Inc.
All CVEs
230 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-24691 | 0.00 | — | 0.02 | Feb 14, 2024 | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. | |||
| CVE-2024-24698 | 0.00 | — | 0.01 | Feb 13, 2024 | Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access. | |||
| CVE-2024-24697 | 0.00 | — | 0.00 | Feb 13, 2024 | Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2024-24696 | 0.00 | — | 0.01 | Feb 13, 2024 | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. | |||
| CVE-2024-24695 | 0.00 | — | 0.01 | Feb 13, 2024 | Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. | |||
| CVE-2023-49647 | 0.00 | — | 0.00 | Jan 12, 2024 | Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2023-49646 | 0.00 | — | 0.00 | Dec 13, 2023 | Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. | |||
| CVE-2023-43586 | 0.00 | — | 0.01 | Dec 13, 2023 | Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access. | |||
| CVE-2023-43585 | 0.00 | — | 0.01 | Dec 13, 2023 | Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access. | |||
| CVE-2023-43583 | 0.00 | — | 0.01 | Dec 13, 2023 | Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access. | |||
| CVE-2023-43591 | 0.00 | — | 0.00 | Nov 14, 2023 | Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2023-43590 | 0.00 | — | 0.00 | Nov 14, 2023 | Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | |||
| CVE-2023-43588 | 0.00 | — | 0.01 | Nov 14, 2023 | Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. | |||
| CVE-2023-39199 | 0.00 | — | 0.01 | Nov 14, 2023 | Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. | |||
| CVE-2023-39205 | 0.00 | — | 0.01 | Nov 14, 2023 | Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. | |||
| CVE-2023-39204 | 0.00 | — | 0.01 | Nov 14, 2023 | Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. | |||
| CVE-2023-39203 | 0.00 | — | 0.01 | Nov 14, 2023 | Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access. | |||
| CVE-2023-39202 | 0.00 | — | 0.00 | Nov 14, 2023 | Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. | |||
| CVE-2023-39201 | 0.00 | — | 0.00 | Sep 12, 2023 | Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access. | |||
| CVE-2023-39208 | 0.00 | — | 0.01 | Sep 12, 2023 | Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access. | |||
| CVE-2023-39215 | 0.00 | — | 0.01 | Sep 12, 2023 | Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access. | |||
| CVE-2023-39209 | 0.00 | — | 0.01 | Aug 8, 2023 | Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access. | |||
| CVE-2023-39214 | 0.00 | — | 0.01 | Aug 8, 2023 | Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access. | |||
| CVE-2023-39213 | 0.00 | — | 0.01 | Aug 8, 2023 | Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access. | |||
| CVE-2023-39212 | 0.00 | — | 0.00 | Aug 8, 2023 | Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access. | |||
| CVE-2023-39211 | 0.00 | — | 0.00 | Aug 8, 2023 | Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. | |||
| CVE-2023-39210 | 0.00 | — | 0.00 | Aug 8, 2023 | Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access. | |||
| CVE-2023-39218 | 0.00 | — | 0.01 | Aug 8, 2023 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. | |||
| CVE-2023-39217 | 0.00 | — | 0.01 | Aug 8, 2023 | Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access. | |||
| CVE-2023-39216 | 0.00 | — | 0.01 | Aug 8, 2023 | Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. | |||
| CVE-2023-36535 | 0.00 | — | 0.01 | Aug 8, 2023 | Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. | |||
| CVE-2023-36534 | 0.00 | — | 0.01 | Aug 8, 2023 | Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. | |||
| CVE-2023-36533 | 0.00 | — | 0.01 | Aug 8, 2023 | Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access. | |||
| CVE-2023-36532 | 0.00 | — | 0.01 | Aug 8, 2023 | Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. | |||
| CVE-2023-36541 | 0.00 | — | 0.00 | Aug 8, 2023 | Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access. | |||
| CVE-2023-36540 | 0.00 | — | 0.00 | Aug 8, 2023 | Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | |||
| CVE-2023-36538 | 0.00 | — | 0.00 | Jul 11, 2023 | Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||
| CVE-2023-36537 | 0.00 | — | 0.00 | Jul 11, 2023 | Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | |||
| CVE-2023-36536 | 0.00 | — | 0.00 | Jul 11, 2023 | Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||
| CVE-2023-34119 | 0.00 | — | 0.00 | Jul 11, 2023 | Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. | |||
| CVE-2023-34118 | 0.00 | — | 0.00 | Jul 11, 2023 | Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | |||
| CVE-2023-34117 | 0.00 | — | 0.00 | Jul 11, 2023 | Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access. | |||
| CVE-2023-34116 | 0.00 | — | 0.01 | Jul 11, 2023 | Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access. | |||
| CVE-2023-36539 | 0.00 | — | 0.00 | Jun 30, 2023 | Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. | |||
| CVE-2023-34115 | 0.00 | — | 0.00 | Jun 13, 2023 | Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenticated user to potentially enable a denial of service via local access. This issue may result in the Zoom Meeting SDK to crash and need to be restarted. | |||
| CVE-2023-34114 | 0.00 | — | 0.01 | Jun 13, 2023 | Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. | |||
| CVE-2023-34121 | 0.00 | — | 0.01 | Jun 13, 2023 | Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. | |||
| CVE-2023-34120 | 0.00 | — | 0.00 | Jun 13, 2023 | Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system… | |||
| CVE-2023-28603 | 0.00 | — | 0.00 | Jun 13, 2023 | Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. | |||
| CVE-2023-28602 | 0.00 | — | 0.00 | Jun 13, 2023 | Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions. |
- CVE-2024-24691Feb 14, 2024risk 0.00cvss —epss 0.02
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.
- CVE-2024-24698Feb 13, 2024risk 0.00cvss —epss 0.01
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.
- CVE-2024-24697Feb 13, 2024risk 0.00cvss —epss 0.00
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
- CVE-2024-24696Feb 13, 2024risk 0.00cvss —epss 0.01
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2024-24695Feb 13, 2024risk 0.00cvss —epss 0.01
Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2023-49647Jan 12, 2024risk 0.00cvss —epss 0.00
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
- CVE-2023-49646Dec 13, 2023risk 0.00cvss —epss 0.00
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
- CVE-2023-43586Dec 13, 2023risk 0.00cvss —epss 0.01
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
- CVE-2023-43585Dec 13, 2023risk 0.00cvss —epss 0.01
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
- CVE-2023-43583Dec 13, 2023risk 0.00cvss —epss 0.01
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.
- CVE-2023-43591Nov 14, 2023risk 0.00cvss —epss 0.00
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
- CVE-2023-43590Nov 14, 2023risk 0.00cvss —epss 0.00
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
- CVE-2023-43588Nov 14, 2023risk 0.00cvss —epss 0.01
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
- CVE-2023-39199Nov 14, 2023risk 0.00cvss —epss 0.01
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
- CVE-2023-39205Nov 14, 2023risk 0.00cvss —epss 0.01
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.
- CVE-2023-39204Nov 14, 2023risk 0.00cvss —epss 0.01
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
- CVE-2023-39203Nov 14, 2023risk 0.00cvss —epss 0.01
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access.
- CVE-2023-39202Nov 14, 2023risk 0.00cvss —epss 0.00
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access.
- CVE-2023-39201Sep 12, 2023risk 0.00cvss —epss 0.00
Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access.
- CVE-2023-39208Sep 12, 2023risk 0.00cvss —epss 0.01
Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access.
- CVE-2023-39215Sep 12, 2023risk 0.00cvss —epss 0.01
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
- CVE-2023-39209Aug 8, 2023risk 0.00cvss —epss 0.01
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.
- CVE-2023-39214Aug 8, 2023risk 0.00cvss —epss 0.01
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
- CVE-2023-39213Aug 8, 2023risk 0.00cvss —epss 0.01
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.
- CVE-2023-39212Aug 8, 2023risk 0.00cvss —epss 0.00
Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.
- CVE-2023-39211Aug 8, 2023risk 0.00cvss —epss 0.00
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.
- CVE-2023-39210Aug 8, 2023risk 0.00cvss —epss 0.00
Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.
- CVE-2023-39218Aug 8, 2023risk 0.00cvss —epss 0.01
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.
- CVE-2023-39217Aug 8, 2023risk 0.00cvss —epss 0.01
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.
- CVE-2023-39216Aug 8, 2023risk 0.00cvss —epss 0.01
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.
- CVE-2023-36535Aug 8, 2023risk 0.00cvss —epss 0.01
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
- CVE-2023-36534Aug 8, 2023risk 0.00cvss —epss 0.01
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.
- CVE-2023-36533Aug 8, 2023risk 0.00cvss —epss 0.01
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.
- CVE-2023-36532Aug 8, 2023risk 0.00cvss —epss 0.01
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
- CVE-2023-36541Aug 8, 2023risk 0.00cvss —epss 0.00
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access.
- CVE-2023-36540Aug 8, 2023risk 0.00cvss —epss 0.00
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
- CVE-2023-36538Jul 11, 2023risk 0.00cvss —epss 0.00
Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
- CVE-2023-36537Jul 11, 2023risk 0.00cvss —epss 0.00
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
- CVE-2023-36536Jul 11, 2023risk 0.00cvss —epss 0.00
Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
- CVE-2023-34119Jul 11, 2023risk 0.00cvss —epss 0.00
Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.
- CVE-2023-34118Jul 11, 2023risk 0.00cvss —epss 0.00
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.
- CVE-2023-34117Jul 11, 2023risk 0.00cvss —epss 0.00
Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.
- CVE-2023-34116Jul 11, 2023risk 0.00cvss —epss 0.01
Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.
- CVE-2023-36539Jun 30, 2023risk 0.00cvss —epss 0.00
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.
- CVE-2023-34115Jun 13, 2023risk 0.00cvss —epss 0.00
Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenticated user to potentially enable a denial of service via local access. This issue may result in the Zoom Meeting SDK to crash and need to be restarted.
- CVE-2023-34114Jun 13, 2023risk 0.00cvss —epss 0.01
Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access.
- CVE-2023-34121Jun 13, 2023risk 0.00cvss —epss 0.01
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.
- CVE-2023-34120Jun 13, 2023risk 0.00cvss —epss 0.00
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system…
- CVE-2023-28603Jun 13, 2023risk 0.00cvss —epss 0.00
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions.
- CVE-2023-28602Jun 13, 2023risk 0.00cvss —epss 0.00
Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions.
Page 3 of 5