Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Meetings
(Zoom)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 37 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-08-18 | CVE-2022-28757 | The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. | Meetings | 7.8 | ||
| 2022-10-14 | CVE-2022-28762 | Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client. | Meetings | 7.8 | ||
| 2022-10-31 | CVE-2022-28763 | The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers. | Meetings, Rooms_for_conference_rooms, Virtual_desktop_infrastructure | 9.6 | ||
| 2022-11-14 | CVE-2022-28764 | The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account. | Meetings, Rooms, Vdi_windows_meeting_clients | 3.3 | ||
| 2022-11-17 | CVE-2022-28766 | Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. | Meetings, Rooms | 7.3 | ||
| 2022-11-17 | CVE-2022-28768 | The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root. | Meetings | 7.8 | ||
| 2023-03-16 | CVE-2023-22883 | Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user. | Meetings | 7.8 | ||
| 2023-03-27 | CVE-2023-28596 | Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root. | Meetings | 7.8 | ||
| 2023-06-30 | CVE-2023-36539 | Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. | Meetings, Poly_ccx_600_firmware, Poly_ccx_700_firmware, Rooms, Video_software_development_kit, Yealink_mp54_firmware, Yealink_mp56_firmware, Yealink_vp59_firmware, Zoom | 7.5 | ||
| 2023-11-14 | CVE-2023-39199 | Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. | Meetings, Rooms, Virtual_desktop_infrastructure, Zoom | 6.5 |