Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

rooms

Source -

NVDADP

CNA CVEs -

0

ADP CVEs -

7

CISA CVEs -

0

NVD CVEs -

78
Related CVEsRelated VendorsRelated AssignersReports
78Vulnerabilities found
CVE-2025-46785
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.46%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:41
Updated-19 Aug, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Buffer Over-read

Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopworkplace_virtual_desktop_infrastructuremeeting_software_development_kitroomsrooms_controllerZoom Workplace Apps
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-30666
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.51%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:35
Updated-05 Aug, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - NULL Pointer Dereference

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructurerooms_controllerworkplace_desktopmeeting_software_development_kitZoom Workplace Apps for Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30665
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.51%
||
7 Day CHG~0.00%
Published-14 May, 2025 | 17:35
Updated-05 Aug, 2025 | 13:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - NULL Pointer Dereference

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructurerooms_controllerworkplace_desktopmeeting_software_development_kitZoom Workplace Apps for Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30671
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.97%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 16:21
Updated-01 Aug, 2025 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Null Pointer

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-rooms_controllermeeting_software_development_kitworkplace_virtual_desktop_infrastructureroomsworkplace_desktopZoom Workplace Apps for Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-30670
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.14% / 34.97%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 16:20
Updated-01 Aug, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Null Pointer

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-rooms_controllermeeting_software_development_kitworkplace_virtual_desktop_infrastructureroomsworkplace_desktopZoom Workplace Apps for Windows
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2025-27443
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-2.8||LOW
EPSS-0.02% / 4.13%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 16:16
Updated-01 Aug, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Insecure Default Variable Initialization

Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-rooms_controllerroomsworkplace_desktopmeeting_software_development_kitZoom Workplace Apps for Windows
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2025-0149
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.45%
||
7 Day CHG+0.01%
Published-11 Mar, 2025 | 17:04
Updated-19 Aug, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps - Insufficient Verification of Data Authenticity

Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopworkplace_virtual_desktop_infrastructuremeeting_software_development_kitroomsrooms_controllerworkplaceZoom Apps
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2024-27239
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.52%
||
7 Day CHG+0.02%
Published-25 Feb, 2025 | 20:33
Updated-20 Aug, 2025 | 16:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDKs - Divide By Zero

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplace_desktopworkplaceZoom Workplace Apps and SDKs
CWE ID-CWE-369
Divide By Zero
CVE-2024-27246
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 11.37%
||
7 Day CHG+0.02%
Published-25 Feb, 2025 | 20:32
Updated-20 Aug, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDKs - Use After Free

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplace_desktopworkplaceZoom Workplace Apps and SDKs
CWE ID-CWE-416
Use After Free
CVE-2024-27245
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 31.28%
||
7 Day CHG+0.01%
Published-25 Feb, 2025 | 20:31
Updated-20 Aug, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDKs - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplace_desktopworkplaceZoom Workplace Apps and SDKs
CWE ID-CWE-122
Heap-based Buffer Overflow
CVE-2024-45418
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.63%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 19:52
Updated-04 Mar, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps for macOS - Symbolic Link Following

Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsmeeting_software_development_kitvideo_software_development_kitworkplace_desktopZoom Apps for macOS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CWE ID-CWE-61
UNIX Symbolic Link (Symlink) Following
CVE-2024-45417
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6||MEDIUM
EPSS-0.02% / 2.74%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 19:49
Updated-04 Mar, 2025 | 17:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps for macOS - Uncontrolled Resource Consumption

Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsmeeting_software_development_kitvideo_software_development_kitworkplace_desktopZoom Apps for macOS
CWE ID-CWE-708
Incorrect Ownership Assignment
CVE-2024-45426
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.05% / 13.36%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 19:39
Updated-04 Mar, 2025 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - Incorrect Ownership Assignment

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-rooms_controllerworkplace_virtual_desktop_infrastructureworkplaceworkplace_desktopmeeting_software_development_kitroomsZoom Workplace Apps
CWE ID-CWE-708
Incorrect Ownership Assignment
CVE-2025-0146
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-3.9||LOW
EPSS-0.03% / 5.98%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 19:47
Updated-01 Aug, 2025 | 01:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace app for macOS - Symlink Following

Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktoproomsmeeting_software_development_kitrooms_controllervideo_software_development_kitZoom Workplace app for macOS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2025-0145
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.6||MEDIUM
EPSS-0.02% / 2.88%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 19:45
Updated-20 Aug, 2025 | 12:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps for Windows - Untrusted Search Path

Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-rooms_controllerroomsworkplace_virtual_desktop_infrastructureworkplace_desktopvideo_software_development_kitmeeting_software_development_kitZoom Workplace Apps for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2025-0144
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-3.1||LOW
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-30 Jan, 2025 | 19:44
Updated-20 Aug, 2025 | 12:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps - Out-of-bounds Write

Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplacerooms_controllerroomsworkplace_virtual_desktop_infrastructureworkplace_desktopvideo_software_development_kitmeeting_software_development_kitZoom Workplace Apps
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-45422
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.09% / 25.83%
||
7 Day CHG-0.05%
Published-19 Nov, 2024 | 19:45
Updated-19 Aug, 2025 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps - Improper Input Validation

Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopmeeting_software_development_kitvideo_software_development_kitroomsrooms_controllerworkplaceZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllersworkplace_appmeeting_sdk
CWE ID-CWE-20
Improper Input Validation
CVE-2024-45420
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 26.02%
||
7 Day CHG-0.01%
Published-19 Nov, 2024 | 19:32
Updated-19 Aug, 2025 | 14:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps - Uncontrolled Resource Consumption

Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopmeeting_software_development_kitvideo_software_development_kitroomsrooms_controllerworkplaceZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-45419
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.1||HIGH
EPSS-0.13% / 33.27%
||
7 Day CHG-0.01%
Published-19 Nov, 2024 | 19:28
Updated-19 Aug, 2025 | 14:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps - Improper Input Validation

Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplace_desktopworkplace_virtual_desktop_infrastructuremeeting_software_development_kitvideo_software_development_kitroomsrooms_controllerworkplaceZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllerszoom_meeting_sdk_for_windows
CWE ID-CWE-252
Unchecked Return Value
CVE-2024-42441
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 7.13%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:46
Updated-28 Aug, 2024 | 23:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management

Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitworkplace_desktoproomsZoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOSworkplace_desktoproomsmacos_meeting_sdk
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-42440
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 7.13%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:44
Updated-28 Aug, 2024 | 23:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management

Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitworkplace_desktoproomsZoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOSworkplace_desktoproomsmacos_meeting_sdk
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-42438
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.40%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:41
Updated-29 Aug, 2024 | 00:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42437
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 47.92%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:41
Updated-04 Sep, 2024 | 21:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42436
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.40%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:41
Updated-04 Sep, 2024 | 21:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-42435
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.17% / 38.41%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:39
Updated-04 Sep, 2024 | 21:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure

Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-42434
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.17% / 38.41%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:39
Updated-04 Sep, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure

Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-39824
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.18% / 40.20%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:39
Updated-04 Sep, 2024 | 21:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure

Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-39823
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.18% / 40.20%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:39
Updated-04 Sep, 2024 | 21:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure

Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerworkplaceroomsworkplace_desktopworkplace_virtual_desktop_infrastructureZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-39822
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 45.01%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:38
Updated-04 Sep, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure

Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitrooms_controllerroomsworkplace_desktopworkplaceZoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-39818
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.5||HIGH
EPSS-0.16% / 37.84%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:36
Updated-11 Sep, 2024 | 13:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDKs - Protection Mechanism Failure

Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplaceworkplace_desktoproomsworkplace_virtual_desktop_infrastructureZoom Workplace Apps and SDKsworkplace_appworkplace_desktopvdi_windows_meeting_clientrooms
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2024-39825
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.5||HIGH
EPSS-0.26% / 48.88%
||
7 Day CHG~0.00%
Published-14 Aug, 2024 | 16:34
Updated-04 Sep, 2024 | 21:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and Rooms Clients - Buffer Overflow

Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-workplaceworkplace_desktoproomsworkplace_virtual_desktop_infrastructureZoom Workplace Apps and Rooms Clientsroomsvdi_windows_meeting_clientworkplace_appworkplace_desktop
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-39821
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.07% / 22.80%
||
7 Day CHG-0.00%
Published-15 Jul, 2024 | 17:31
Updated-05 Aug, 2025 | 13:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace App for Windows and Zoom Rooms App for Windows - Race Condition

Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_desktopZoom Workplace App for Windows and Zoom Rooms App for Windows
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-39819
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 30.33%
||
7 Day CHG~0.00%
Published-15 Jul, 2024 | 17:27
Updated-05 Aug, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Workplace Apps and SDK for Windows - Improper Privilege Management

Improper privilege management in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitroomsworkplace_desktopZoom Workplace Apps and SDK for Windowszoom_rooms_app_for_windowsworkplace_desktopzoom_meeting_sdk_for_windows
CWE ID-CWE-269
Improper Privilege Management
CVE-2024-27238
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.11% / 29.30%
||
7 Day CHG~0.00%
Published-15 Jul, 2024 | 17:20
Updated-05 Aug, 2025 | 13:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps and SDKs - Race Condition

Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitroomsworkplace_desktopZoom Apps and SDKsworkplace_desktoproomsmeeting_sdk
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-27241
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.97%
||
7 Day CHG+0.02%
Published-15 Jul, 2024 | 17:17
Updated-20 Aug, 2025 | 15:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps and SDKs - Improper Input Validation

Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructuremeeting_software_development_kitworkplace_desktopworkplaceZoom Apps and SDKsmeeting_software_development_kitroomsworkplace_desktopvirtual_desktop_infrastructureworkplace_app
CWE ID-CWE-20
Improper Input Validation
CVE-2024-27240
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.13% / 33.58%
||
7 Day CHG~0.00%
Published-15 Jul, 2024 | 17:07
Updated-05 Aug, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps for Windows - Improper Input Validation

Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructureworkplace_desktopZoom Apps for Windowsvirtual_desktop_infrastructureroomszoom
CWE ID-CWE-20
Improper Input Validation
CVE-2024-24693
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.2||HIGH
EPSS-0.07% / 21.12%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 19:30
Updated-20 Sep, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Rooms Client for Windows - Improper Access Control

Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsZoom Rooms Client for Windows
CWE ID-CWE-379
Creation of Temporary File in Directory with Insecure Permissions
CVE-2024-24692
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.18%
||
7 Day CHG~0.00%
Published-13 Mar, 2024 | 19:27
Updated-01 Aug, 2024 | 23:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Rooms Client for Windows - Race Condition

Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsZoom Rooms Client for Windows
CWE ID-CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
CVE-2024-24691
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-9.6||CRITICAL
EPSS-0.47% / 63.46%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 00:01
Updated-12 May, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitroomsvdi_windows_meeting_clientszoomZoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows
CWE ID-CWE-176
Improper Handling of Unicode Encoding
CVE-2024-24690
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.98%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 00:00
Updated-04 Oct, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients - Improper Input Validation

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvideo_software_development_kitroomszoomvdi_windows_meeting_clientsZoom Clients
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2024-24699
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.16%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 23:58
Updated-13 Mar, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients - Business Logic Error

Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_sdkroomsvdi_windows_meeting_clientszoomZoom Clients
CVE-2024-24698
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.11% / 30.41%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 23:56
Updated-04 Oct, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients - Improper Authentication

Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitroomsvdi_windows_meeting_clientszoomZoom Clients
CWE ID-CWE-449
The UI Performs the Wrong Action
CVE-2024-24697
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.2||HIGH
EPSS-0.05% / 16.58%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 23:53
Updated-08 May, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients - Untrusted Search Path

Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitroomsvdi_windows_meeting_clientszoomZoom Clients
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-43591
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 24.58%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:16
Updated-11 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsZoom Rooms for macOS
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CVE-2023-43590
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 30.52%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:15
Updated-29 Aug, 2024 | 17:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsZoom Rooms for macOS
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2023-43582
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.77%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:12
Updated-19 Sep, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructureroomsmeetingszoomZoom Clients
CWE ID-CWE-939
Improper Authorization in Handler for Custom URL Scheme
CWE ID-CWE-287
Improper Authentication
CVE-2023-39199
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 28.12%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:06
Updated-19 Sep, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructureroomsmeetingszoomZoom Clients
CWE ID-CWE-325
Missing Cryptographic Step
CVE-2023-39206
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-3.7||LOW
EPSS-0.31% / 53.82%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:02
Updated-29 Aug, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-video_software_development_kitroomsmeetingszoomvirtual_desktop_infrastructureZoom Clients
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-39204
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.39%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:28
Updated-29 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-video_software_development_kitroomsmeetingszoomvirtual_desktop_infrastructureZoom Clients
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-39202
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-3.1||LOW
EPSS-0.03% / 5.80%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:17
Updated-29 Aug, 2024 | 15:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructureroomsZoom Rooms Client for Windows and Zoom VDI Client
CWE ID-CWE-426
Untrusted Search Path
  • Previous
  • 1
  • 2
  • Next