Zoom Clients Security Vulnerabilities
Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network...
6.5CVSS
6.1AI Score
0.0004EPSS
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local...
7.2CVSS
7AI Score
0.0004EPSS
Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network...
5.4CVSS
5.8AI Score
0.0004EPSS
Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local...
4.9CVSS
4.8AI Score
0.0004EPSS
Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network...
6.5CVSS
6.5AI Score
0.0004EPSS
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network...
6.5CVSS
6.9AI Score
0.0005EPSS
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network...
7.5CVSS
8AI Score
0.001EPSS
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network...
6.5CVSS
6.9AI Score
0.0005EPSS
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network...
7.5CVSS
7.5AI Score
0.001EPSS
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network...
6.5CVSS
7.1AI Score
0.0004EPSS
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network...
7.1CVSS
6.8AI Score
0.0004EPSS
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network...
6.1CVSS
5.3AI Score
0.0005EPSS
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network...
7.1CVSS
6.1AI Score
0.0005EPSS
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network...
7.5CVSS
7.5AI Score
0.001EPSS
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive...
7.5CVSS
7.2AI Score
0.001EPSS
Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network...
7.4CVSS
6.3AI Score
0.001EPSS
Improper input validation in the installer for Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local...
7.8CVSS
7.9AI Score
0.0004EPSS
Insufficient verification of data authenticity in Zoom for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by...
8.7CVSS
8AI Score
0.0004EPSS
Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom...
8.3CVSS
7.1AI Score
0.0005EPSS
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network...
8.8CVSS
8.8AI Score
0.001EPSS
Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous...
7.7CVSS
7.5AI Score
0.0005EPSS
Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application...
7.5CVSS
6.4AI Score
0.001EPSS
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting...
4.3CVSS
4.8AI Score
0.001EPSS
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious...
8.3CVSS
7.7AI Score
0.001EPSS
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of...
7.5CVSS
7.3AI Score
0.001EPSS
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of...
7.5CVSS
7.3AI Score
0.001EPSS
Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted....
7.5CVSS
7AI Score
0.001EPSS
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to...
8.8CVSS
7.7AI Score
0.0004EPSS
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to...
8.8CVSS
7.7AI Score
0.0004EPSS
Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data...
7.1CVSS
6.7AI Score
0.001EPSS
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can....
7.8CVSS
7.3AI Score
0.0004EPSS
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting.....
3.3CVSS
4.2AI Score
0.0004EPSS
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional...
9.6CVSS
9.2AI Score
0.002EPSS
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional...
9.6CVSS
6.8AI Score
0.001EPSS
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local...
7.9CVSS
7AI Score
0.0004EPSS
A vulnerability in Zoom On-Premise Meeting Connector Controller version 4.8.102.20220310 and On-Premise Meeting Connector MMR version 4.8.102.20220310 exposes process memory fragments to connected clients, which could be observed by a passive...
7.5CVSS
7.4AI Score
0.002EPSS
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to...
9.8CVSS
9.1AI Score
0.009EPSS