Zoom: >> Zoom >> 1.0.17701.0125 Security Vulnerabilities
Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVSS Score
7.1
EPSS Score
0.004
Published
2023-09-12
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
CVSS Score
7.6
EPSS Score
0.004
Published
2023-08-08
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-08-08
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-08-08
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
CVSS Score
5.9
EPSS Score
0.007
Published
2023-08-08
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.
CVSS Score
4.3
EPSS Score
0.005
Published
2023-06-13
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.
CVSS Score
8.3
EPSS Score
0.008
Published
2023-03-27
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-03-16
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.
CVSS Score
6.5
EPSS Score
0.004
Published
2023-03-16
Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-01-09