Zoom: >> Meetings >> 5.11.3 Security Vulnerabilities
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
CVSS Score
5.5
EPSS Score
0.002
Published
2023-11-15
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVSS Score
3.7
EPSS Score
0.003
Published
2023-11-14
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
CVSS Score
4.9
EPSS Score
0.001
Published
2023-11-14
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
CVSS Score
4.3
EPSS Score
0.003
Published
2023-11-14
Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.
CVSS Score
4.3
EPSS Score
0.004
Published
2023-11-14
The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-11-17
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
CVSS Score
3.3
EPSS Score
0.001
Published
2022-11-14
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.
CVSS Score
8.8
EPSS Score
0.008
Published
2022-10-31
Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-10-14
The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
CVSS Score
8.8
EPSS Score
0.002
Published
2022-08-18
Page 1