Shodan
Vulnerabilities
Vulnerable Software
Zoom:  >> Rooms  >> 5.11.4  Security Vulnerabilities
CVE-2023-39199
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-11-14
CVE-2023-39204
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-11-14
CVE-2023-39214
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
CVSS Score
7.6
EPSS Score
0.003
Published
2023-08-08
CVE-2023-39218
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.
CVSS Score
6.1
EPSS Score
0.003
Published
2023-08-08
CVE-2023-36535
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
CVSS Score
7.1
EPSS Score
0.002
Published
2023-08-08
CVE-2023-36532
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
CVSS Score
5.9
EPSS Score
0.005
Published
2023-08-08
CVE-2023-28597
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.
CVSS Score
8.3
EPSS Score
0.006
Published
2023-03-27
CVE-2022-28764
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
CVSS Score
3.3
EPSS Score
0.001
Published
2022-11-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved