Filtered by vendor Zoom
Subscribe
Total
131 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-39218 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2023-12-10 | N/A | 4.9 MEDIUM |
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. | |||||
CVE-2023-39212 | 1 Zoom | 1 Rooms | 2023-12-10 | N/A | 5.5 MEDIUM |
Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access. | |||||
CVE-2023-36533 | 1 Zoom | 2 Meeting Software Development Kit, Video Software Development Kit | 2023-12-10 | N/A | 7.5 HIGH |
Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access. | |||||
CVE-2023-36532 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2023-12-10 | N/A | 7.5 HIGH |
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. | |||||
CVE-2023-39215 | 1 Zoom | 3 Meeting Software Development Kit, Virtual Desktop Infrastructure, Zoom | 2023-12-10 | N/A | 6.5 MEDIUM |
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access. | |||||
CVE-2023-39216 | 1 Zoom | 1 Zoom | 2023-12-10 | N/A | 9.8 CRITICAL |
Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. | |||||
CVE-2023-36540 | 1 Zoom | 1 Zoom | 2023-12-10 | N/A | 7.8 HIGH |
Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. | |||||
CVE-2023-36534 | 1 Zoom | 1 Zoom | 2023-12-10 | N/A | 9.8 CRITICAL |
Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access. | |||||
CVE-2023-36535 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2023-12-10 | N/A | 6.5 MEDIUM |
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. | |||||
CVE-2023-39213 | 1 Zoom | 2 Virtual Desktop Infrastructure, Zoom | 2023-12-10 | N/A | 9.8 CRITICAL |
Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access. | |||||
CVE-2023-39209 | 1 Zoom | 1 Zoom | 2023-12-10 | N/A | 6.5 MEDIUM |
Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access. | |||||
CVE-2023-39217 | 1 Zoom | 2 Meeting Software Development Kit, Video Software Development Kit | 2023-12-10 | N/A | 7.5 HIGH |
Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access. | |||||
CVE-2023-36541 | 1 Zoom | 1 Zoom | 2023-12-10 | N/A | 8.8 HIGH |
Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access. | |||||
CVE-2023-39201 | 1 Zoom | 1 Cleanzoom | 2023-12-10 | N/A | 6.7 MEDIUM |
Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access. | |||||
CVE-2023-39211 | 1 Zoom | 2 Rooms, Zoom | 2023-12-10 | N/A | 7.8 HIGH |
Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. | |||||
CVE-2023-39208 | 1 Zoom | 1 Zoom | 2023-12-10 | N/A | 7.5 HIGH |
Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access. | |||||
CVE-2023-39210 | 1 Zoom | 1 Meeting Software Development Kit | 2023-12-10 | N/A | 5.5 MEDIUM |
Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access. | |||||
CVE-2023-28599 | 1 Zoom | 1 Zoom | 2023-12-10 | N/A | 4.3 MEDIUM |
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation. | |||||
CVE-2023-28601 | 1 Zoom | 1 Zoom | 2023-12-10 | N/A | 6.5 MEDIUM |
Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client. | |||||
CVE-2023-28603 | 2 Microsoft, Zoom | 2 Windows, Virtual Desktop Infrastructure | 2023-12-10 | N/A | 7.1 HIGH |
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. |