Vulnerabilities (CVE)

Filtered by vendor Zoom Subscribe
Total 131 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-11876 1 Zoom 1 Meetings 2024-06-04 5.0 MEDIUM 7.5 HIGH
airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only occurs within unreachable code
CVE-2020-11877 1 Zoom 1 Meetings 2024-05-17 5.0 MEDIUM 7.5 HIGH
airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code
CVE-2024-24693 1 Zoom 1 Rooms 2024-03-22 N/A 5.5 MEDIUM
Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
CVE-2024-24692 1 Zoom 1 Rooms 2024-03-21 N/A 4.7 MEDIUM
Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.
CVE-2023-49647 2 Microsoft, Zoom 5 Windows, Meeting Software Development Kit, Video Software Development Kit and 2 more 2024-01-22 N/A 7.8 HIGH
Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2023-43583 1 Zoom 3 Meeting Software Development Kit, Video Software Development Kit, Zoom 2023-12-19 N/A 4.9 MEDIUM
Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.
CVE-2023-43585 1 Zoom 3 Meeting Software Development Kit, Video Software Development Kit, Zoom 2023-12-19 N/A 6.5 MEDIUM
Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.
CVE-2023-49646 1 Zoom 4 Meeting Software Development Kit, Video Software Development Kit, Virtual Desktop Infrastructure and 1 more 2023-12-19 N/A 6.5 MEDIUM
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.
CVE-2023-43586 1 Zoom 4 Meeting Software Development Kit, Video Software Development Kit, Virtual Desktop Infrastructure and 1 more 2023-12-18 N/A 8.8 HIGH
Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.
CVE-2023-39214 1 Zoom 3 Meeting Software Development Kit, Rooms, Zoom 2023-12-14 N/A 8.1 HIGH
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
CVE-2023-43582 1 Zoom 4 Meetings, Rooms, Virtual Desktop Infrastructure and 1 more 2023-12-10 N/A 8.8 HIGH
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
CVE-2023-43590 1 Zoom 1 Rooms 2023-12-10 N/A 7.8 HIGH
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2023-43588 1 Zoom 3 Meetings, Virtual Desktop Infrastructure, Zoom 2023-12-10 N/A 6.5 MEDIUM
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
CVE-2023-39203 1 Zoom 2 Virtual Desktop Infrastructure, Zoom 2023-12-10 N/A 7.5 HIGH
Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access.
CVE-2023-39205 1 Zoom 4 Meetings, Video Software Development Kit, Virtual Desktop Infrastructure and 1 more 2023-12-10 N/A 6.5 MEDIUM
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVE-2023-43591 1 Zoom 1 Rooms 2023-12-10 N/A 7.8 HIGH
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2023-39199 1 Zoom 4 Meetings, Rooms, Virtual Desktop Infrastructure and 1 more 2023-12-10 N/A 6.5 MEDIUM
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
CVE-2023-39202 1 Zoom 2 Rooms, Virtual Desktop Infrastructure 2023-12-10 N/A 5.5 MEDIUM
Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access.
CVE-2023-39204 1 Zoom 5 Meetings, Rooms, Video Software Development Kit and 2 more 2023-12-10 N/A 7.5 HIGH
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVE-2023-39206 1 Zoom 5 Meetings, Rooms, Video Software Development Kit and 2 more 2023-12-10 N/A 7.5 HIGH
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.