Zoom: >> Meetings >> 4.6.9 Security Vulnerabilities
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
CVSS Score
5.5
EPSS Score
0.002
Published
2023-11-15
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVSS Score
3.7
EPSS Score
0.003
Published
2023-11-14
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-11-14
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-11-14
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVSS Score
4.3
EPSS Score
0.004
Published
2023-11-14
The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-17
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
CVSS Score
3.3
EPSS Score
0.001
Published
2022-11-14
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-10-31
The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
CVSS Score
8.8
EPSS Score
0.0
Published
2022-08-17
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.10.0 fails to properly validate the hostname during a server switch request. This issue could be used in a more sophisticated attack to trick an unsuspecting users client to connect to a malicious server when attempting to use Zoom services.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-05-18
Page 1