Zoom: >> Meetings >> 5.1.3 Security Vulnerabilities
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
CVSS Score
5.5
EPSS Score
0.002
Published
2023-11-15
Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.
CVSS Score
3.5
EPSS Score
0.004
Published
2023-11-15
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVSS Score
3.7
EPSS Score
0.003
Published
2023-11-14
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-11-14
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-11-14
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVSS Score
4.3
EPSS Score
0.004
Published
2023-11-14
Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user.
CVSS Score
7.2
EPSS Score
0.001
Published
2023-03-16
Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.
CVSS Score
3.3
EPSS Score
0.002
Published
2022-11-17
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
CVSS Score
3.3
EPSS Score
0.001
Published
2022-11-14
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-10-31
Page 1