Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-24690

Summary
Assigner-Zoom
Assigner Org ID-99b9af0d-a833-4a5d-9e2f-8b1324f35351
Published At-14 Feb, 2024 | 00:00
Updated At-20 Sep, 2024 | 14:50
Rejected At-
Credits

Zoom Clients - Improper Input Validation

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Zoom
Assigner Org ID:99b9af0d-a833-4a5d-9e2f-8b1324f35351
Published At:14 Feb, 2024 | 00:00
Updated At:20 Sep, 2024 | 14:50
Rejected At:
▼CVE Numbering Authority (CNA)
Zoom Clients - Improper Input Validation

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Affected Products
Vendor
Zoom Communications, Inc.Zoom Video Communications, Inc.
Product
Zoom Clients
Platforms
  • Windows
  • iOS
  • Linux
  • Android
Default Status
unaffected
Versions
Affected
  • see references
Problem Types
TypeCWE IDDescription
CWECWE-1284CWE-1284: Improper Validation of Specified Quantity in Input
Type: CWE
CWE ID: CWE-1284
Description: CWE-1284: Improper Validation of Specified Quantity in Input
Metrics
VersionBase scoreBase severityVector
3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-153CAPEC-153 Input Data Manipulation
CAPEC ID: CAPEC-153
Description: CAPEC-153 Input Data Manipulation
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/
N/A
Hyperlink: https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/
x_transferred
Hyperlink: https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/
Resource:
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@zoom.us
Published At:14 Feb, 2024 | 00:15
Updated At:04 Oct, 2024 | 16:52

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary3.15.4MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
CPE Matches
Zoom Communications, Inc.
zoom
>>meeting_software_development_kit>>Versions before 5.16.5(exclusive)
cpe:2.3:a:zoom:meeting_software_development_kit:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>rooms>>Versions before 5.17.0(exclusive)
cpe:2.3:a:zoom:rooms:*:*:*:*:*:*:*:*
Zoom Communications, Inc.
zoom
>>vdi_windows_meeting_clients>>Versions before 5.14.14(exclusive)
cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>vdi_windows_meeting_clients>>Versions between 5.14.14(exclusive) and 5.15.12(exclusive)
cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>vdi_windows_meeting_clients>>Versions between 5.15.12(exclusive) and 5.16.10(exclusive)
cpe:2.3:a:zoom:vdi_windows_meeting_clients:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>video_software_development_kit>>Versions before 5.16.5(exclusive)
cpe:2.3:a:zoom:video_software_development_kit:*:*:*:*:*:windows:*:*
Zoom Communications, Inc.
zoom
>>zoom>>Versions before 5.16.5(exclusive)
cpe:2.3:a:zoom:zoom:*:*:*:*:*:android:*:*
Zoom Communications, Inc.
zoom
>>zoom>>Versions before 5.16.5(exclusive)
cpe:2.3:a:zoom:zoom:*:*:*:*:*:iphone_os:*:*
Zoom Communications, Inc.
zoom
>>zoom>>Versions before 5.16.5(exclusive)
cpe:2.3:a:zoom:zoom:*:*:*:*:*:linux:*:*
Zoom Communications, Inc.
zoom
>>zoom>>Versions before 5.16.5(exclusive)
cpe:2.3:a:zoom:zoom:*:*:*:*:*:macos:*:*
Zoom Communications, Inc.
zoom
>>zoom>>Versions before 5.16.5(exclusive)
cpe:2.3:a:zoom:zoom:*:*:*:*:*:windows:*:*
Weaknesses
CWE IDTypeSource
CWE-1284Primarynvd@nist.gov
CWE-1284Secondarysecurity@zoom.us
CWE ID: CWE-1284
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-1284
Type: Secondary
Source: security@zoom.us
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/security@zoom.us
Vendor Advisory
Hyperlink: https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/
Source: security@zoom.us
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

30Records found
CVE-2022-28761
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.24% / 47.66%
||
7 Day CHG~0.00%
Published-14 Oct, 2022 | 14:51
Updated-14 May, 2025 | 14:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom On-Premise Deployments: Improper Access Control

Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoom_on-premise_meeting_connector_mmrZoom On-Premise Meeting Connector MMR
CWE ID-CWE-284
Improper Access Control
CVE-2024-27246
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.45%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 20:32
Updated-20 Aug, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDKs - Use After Free

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplace_desktopworkplaceZoom Workplace Apps and SDKs
CWE ID-CWE-416
Use After Free
CVE-2023-49646
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 4.13%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 22:19
Updated-20 Sep, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvideo_software_development_kitvirtual_desktop_infrastructurezoomZoom Clients
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-287
Improper Authentication
CVE-2025-49464
Matching Score-8
Assigner-Zoom Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.38%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 16:32
Updated-05 Aug, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients for Windows- Classic Buffer Overflow

Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Clients for Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-46789
Matching Score-8
Assigner-Zoom Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 16.97%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 15:50
Updated-22 Aug, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients for Windows - Classic Buffer Overflow

Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Clients for Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-46785
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.59%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:41
Updated-19 Aug, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Buffer Over-read

Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopworkplace_virtual_desktop_infrastructuremeeting_software_development_kitroomsrooms_controllerZoom Workplace Apps
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-39205
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 57.96%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:32
Updated-29 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructurevideo_software_development_kitmeetingszoomZoom Clients
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-39215
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.38% / 58.34%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 19:53
Updated-27 Sep, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvirtual_desktop_infrastructurezoomZoom Clients
CWE ID-CWE-449
The UI Performs the Wrong Action
CWE ID-CWE-287
Improper Authentication
CVE-2023-28600
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.2||MEDIUM
EPSS-0.06% / 17.53%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 17:00
Updated-02 Jan, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom for macOS Client
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CVE-2023-22882
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.29% / 52.31%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 20:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in Zoom Clients

Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-22881
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.44% / 62.48%
||
7 Day CHG~0.00%
Published-16 Mar, 2023 | 00:00
Updated-26 Feb, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Denial of Service in Zoom Clients

Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom (for Android, iOS, Linux, macOS, and Windows) clients before version 5.13.5
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2025-30670
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.00%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 16:20
Updated-01 Aug, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Null Pointer

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-rooms_controllermeeting_software_development_kitworkplace_virtual_desktop_infrastructureroomsworkplace_desktopZoom Workplace Apps for Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30665
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.64%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:35
Updated-05 Aug, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - NULL Pointer Dereference

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructurerooms_controllerworkplace_desktopmeeting_software_development_kitZoom Workplace Apps for Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30666
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.64%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:35
Updated-05 Aug, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - NULL Pointer Dereference

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructurerooms_controllerworkplace_desktopmeeting_software_development_kitZoom Workplace Apps for Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30671
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 35.00%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 16:21
Updated-01 Aug, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Null Pointer

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-rooms_controllermeeting_software_development_kitworkplace_virtual_desktop_infrastructureroomsworkplace_desktopZoom Workplace Apps for Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-0150
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 17:06
Updated-01 Aug, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for iOS - Incorrect Behavior Order

Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplacemeeting_software_development_kitZoom Workplace Apps for iOS
CWE ID-CWE-696
Incorrect Behavior Order
CVE-2024-45420
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.05%
||
7 Day CHG~0.00%
Published-19 Nov, 2024 | 19:32
Updated-19 Aug, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps - Uncontrolled Resource Consumption

Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopmeeting_software_development_kitvideo_software_development_kitroomsrooms_controllerworkplaceZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-42437
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 47.94%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:41
Updated-04 Sep, 2024 | 21:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42436
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.41%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:41
Updated-04 Sep, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42438
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.41%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:41
Updated-29 Aug, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-27245
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.31%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 20:31
Updated-20 Aug, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDKs - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplace_desktopworkplaceZoom Workplace Apps and SDKs
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-27243
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.80% / 73.17%
||
7 Day CHG~0.00%
Published-15 May, 2024 | 20:37
Updated-21 Aug, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps and SDK’s may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopmeeting_software_development_kitworkplacevirtual_desktop_infrastructuresee references
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-27239
Matching Score-8
Assigner-Zoom Video Communications, Inc.
ShareView Details
Matching Score-8
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.59%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 20:33
Updated-20 Aug, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDKs - Divide By Zero

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplace_desktopworkplaceZoom Workplace Apps and SDKs
CWE ID-CWE-369
Divide By Zero
CVE-2022-28199
Matching Score-4
Assigner-NVIDIA Corporation
ShareView Details
Matching Score-4
Assigner-NVIDIA Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.63% / 69.38%
||
7 Day CHG~0.00%
Published-01 Sep, 2022 | 16:20
Updated-03 Aug, 2024 | 05:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NVIDIA’s distribution of the Data Plane Development Kit (MLNX_DPDK) contains a vulnerability in the network stack, where error recovery is not handled properly, which can allow a remote attacker to cause denial of service and some impact to data integrity and confidentiality.

Action-Not Available
Vendor-NVIDIA CorporationLinux Kernel Organization, IncMicrosoft Corporation
Product-data_plane_development_kitwindowslinux_kernelNVIDIA FLARE
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-20
Improper Input Validation
CVE-2022-2592
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.50%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-13 May, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-23580
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.89%
||
7 Day CHG~0.00%
Published-04 Feb, 2022 | 22:32
Updated-22 Apr, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Abort caused by allocating a vector that is too large in Tensorflow

Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.

Action-Not Available
Vendor-Google LLCTensorFlow
Product-tensorflowtensorflow
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2022-4111
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.57%
||
7 Day CHG~0.00%
Published-22 Nov, 2022 | 00:00
Updated-24 Apr, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Specified Quantity in Input in tooljet/tooljet

Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.

Action-Not Available
Vendor-tooljettooljet
Product-tooljettooljet/tooljet
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2024-52901
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.62%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 16:06
Updated-07 Jan, 2025 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM InfoSphere Information Server denial of service

IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation.

Action-Not Available
Vendor-IBM Corporation
Product-infosphere_information_serverInfoSphere Information Server
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2024-31416
Matching Score-4
Assigner-Eaton
ShareView Details
Matching Score-4
Assigner-Eaton
CVSS Score-5.6||MEDIUM
EPSS-0.09% / 26.84%
||
7 Day CHG~0.00%
Published-13 Sep, 2024 | 16:48
Updated-26 Aug, 2025 | 11:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Eaton Foreseer software provides multiple customizable input fields for the users to configure parameters in the tool like alarms, reports, etc. Some of these input fields were not checking the length and bounds of the entered value. The exploit of this security flaw by a bad actor may result in excessive memory consumption or integer overflow.

Action-Not Available
Vendor-eatonEaton
Product-foreseer_electrical_power_monitoring_systemForeseer
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-3411
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.47% / 63.55%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 00:00
Updated-21 Mar, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CWE ID-CWE-400
Uncontrolled Resource Consumption
Details not found