Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Meetings
(Zoom)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-14 | CVE-2023-39204 | Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. | Meetings, Rooms, Video_software_development_kit, Virtual_desktop_infrastructure, Zoom | 7.5 | ||
| 2023-11-14 | CVE-2023-39205 | Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. | Meetings, Video_software_development_kit, Virtual_desktop_infrastructure, Zoom | 6.5 | ||
| 2023-11-14 | CVE-2023-39206 | Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. | Meetings, Rooms, Video_software_development_kit, Virtual_desktop_infrastructure, Zoom | 7.5 | ||
| 2023-11-15 | CVE-2023-43582 | Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. | Meetings, Rooms, Virtual_desktop_infrastructure, Zoom | 8.8 | ||
| 2023-11-15 | CVE-2023-43588 | Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. | Meetings, Virtual_desktop_infrastructure, Zoom | 6.5 | ||
| 2020-04-17 | CVE-2020-11876 | airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only occurs within unreachable code | Meetings | 7.5 | ||
| 2020-04-17 | CVE-2020-11877 | airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code | Meetings | 7.5 | ||
| 2020-04-01 | CVE-2020-11469 | Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot. | Meetings | 7.8 | ||
| 2020-04-01 | CVE-2020-11470 | Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access. | Meetings | 3.3 | ||
| 2020-04-03 | CVE-2020-11500 | Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key. | Meetings | N/A |