Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

zoom

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

63
Related CVEsRelated VendorsRelated AssignersReports
64Vulnerabilities found
CVE-2025-49464
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 15.33%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 16:32
Updated-05 Aug, 2025 | 13:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients for Windows- Classic Buffer Overflow

Classic buffer overflow in certain Zoom Clients for Windows may allow an authorised user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Clients for Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2025-49463
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 20.59%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 16:26
Updated-05 Aug, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients for iOS - Insufficient Control Flow Management

Insufficient control flow management in certain Zoom Clients for iOS before version 6.4.5 may allow an unauthenticated user to conduct a disclosure of information via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Clients for iOS
CWE ID-CWE-691
Insufficient Control Flow Management
CVE-2025-49462
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-3.5||LOW
EPSS-0.02% / 2.25%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 16:24
Updated-05 Aug, 2025 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients - Cross-site Scripting

Cross-site scripting in certain Zoom Clients before version 6.4.5 may allow an authenticated user to conduct a disclosure of information via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Clients
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2025-46789
Assigner-Zoom Communications, Inc.
ShareView Details
Assigner-Zoom Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 16.88%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 15:50
Updated-22 Aug, 2025 | 17:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients for Windows - Classic Buffer Overflow

Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Clients for Windows
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2024-27240
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.13% / 33.58%
||
7 Day CHG~0.00%
Published-15 Jul, 2024 | 17:07
Updated-05 Aug, 2025 | 13:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Apps for Windows - Improper Input Validation

Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomsworkplace_virtual_desktop_infrastructureworkplace_desktopZoom Apps for Windowsvirtual_desktop_infrastructureroomszoom
CWE ID-CWE-20
Improper Input Validation
CVE-2024-27242
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.07% / 22.32%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:18
Updated-31 Jul, 2025 | 20:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Desktop Client for Linux - Cross Site Scripting

Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Desktop Client for Linux
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-27247
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.02% / 2.54%
||
7 Day CHG~0.00%
Published-09 Apr, 2024 | 17:15
Updated-31 Jul, 2025 | 20:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Desktop Client for macOS - Improper Privilege Management

Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Desktop Client for macOSworkplace_desktop
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-24694
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.03% / 5.36%
||
7 Day CHG-0.00%
Published-09 Apr, 2024 | 17:13
Updated-31 Jul, 2025 | 20:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Desktop Client for Windows - Improper Privilege Management

Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Desktop Client for Windowsworkplace_desktop
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2024-24691
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-9.6||CRITICAL
EPSS-0.47% / 63.46%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 00:01
Updated-12 May, 2025 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitroomsvdi_windows_meeting_clientszoomZoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows
CWE ID-CWE-176
Improper Handling of Unicode Encoding
CVE-2024-24690
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.07% / 22.98%
||
7 Day CHG~0.00%
Published-14 Feb, 2024 | 00:00
Updated-04 Oct, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients - Improper Input Validation

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvideo_software_development_kitroomszoomvdi_windows_meeting_clientsZoom Clients
CWE ID-CWE-1284
Improper Validation of Specified Quantity in Input
CVE-2024-24699
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.28% / 51.16%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 23:58
Updated-13 Mar, 2025 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients - Business Logic Error

Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_sdkroomsvdi_windows_meeting_clientszoomZoom Clients
CVE-2024-24698
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.11% / 30.41%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 23:56
Updated-04 Oct, 2024 | 15:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients - Improper Authentication

Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitroomsvdi_windows_meeting_clientszoomZoom Clients
CWE ID-CWE-449
The UI Performs the Wrong Action
CVE-2024-24697
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.2||HIGH
EPSS-0.05% / 16.58%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 23:53
Updated-08 May, 2025 | 15:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Clients - Untrusted Search Path

Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitroomsvdi_windows_meeting_clientszoomZoom Clients
CWE ID-CWE-426
Untrusted Search Path
CVE-2024-24696
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.19% / 41.07%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 23:51
Updated-04 Oct, 2024 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvdi_windows_meeting_clientszoomZoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2024-24695
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.8||MEDIUM
EPSS-0.21% / 43.00%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 23:50
Updated-10 Apr, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows - Improper Input Validation

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvdi_windows_meeting_clientszoomZoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows
CWE ID-CWE-20
Improper Input Validation
CVE-2023-49647
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 9.78%
||
7 Day CHG~0.00%
Published-12 Jan, 2024 | 21:44
Updated-03 Jun, 2025 | 14:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Zoom Desktop Client for Windows - Improper Access Control

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of privilege via local access.

Action-Not Available
Vendor-Microsoft CorporationZoom Communications, Inc.
Product-meeting_software_development_kitvideo_software_development_kitzoomwindowsvirtual_desktop_infrastructureZoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10
CWE ID-CWE-266
Incorrect Privilege Assignment
CVE-2023-49646
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.02% / 4.07%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 22:19
Updated-20 Sep, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvideo_software_development_kitvirtual_desktop_infrastructurezoomZoom Clients
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-287
Improper Authentication
CVE-2023-43586
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.3||HIGH
EPSS-0.07% / 22.74%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 22:17
Updated-02 Aug, 2024 | 19:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvideo_software_development_kitvirtual_desktop_infrastructurezoomZoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom SDKs for Windows
CWE ID-CWE-426
Untrusted Search Path
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-43585
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.13% / 33.07%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 22:15
Updated-27 Sep, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Zoom Mobile App for iOS and Zoom SDKs for iOS before version 5.16.5 may allow an authenticated user to conduct a disclosure of information via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvideo_software_development_kitzoomZoom Mobile App for iOS and SDKs for iOS
CWE ID-CWE-449
The UI Performs the Wrong Action
CVE-2023-43583
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.12% / 31.37%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 22:08
Updated-19 Sep, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptographic issues Zoom Mobile App for Android, Zoom Mobile App for iOS, and Zoom SDKs for Android and iOS before version 5.16.0 may allow a privileged user to conduct a disclosure of information via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvideo_software_development_kitzoomZoom Mobile App for Android, Zoom Mobile App for iOS and Zoom SDK
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-43582
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.16% / 37.77%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:12
Updated-19 Sep, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructureroomsmeetingszoomZoom Clients
CWE ID-CWE-939
Improper Authorization in Handler for Custom URL Scheme
CWE ID-CWE-287
Improper Authentication
CVE-2023-43588
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-3.5||LOW
EPSS-0.35% / 56.76%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:11
Updated-20 Sep, 2024 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructuremeetingszoomZoom Clients
CWE ID-CWE-449
The UI Performs the Wrong Action
CVE-2023-39199
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.9||MEDIUM
EPSS-0.10% / 28.12%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:06
Updated-19 Sep, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructureroomsmeetingszoomZoom Clients
CWE ID-CWE-325
Missing Cryptographic Step
CVE-2023-39206
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-3.7||LOW
EPSS-0.31% / 53.82%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 23:02
Updated-29 Aug, 2024 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-video_software_development_kitroomsmeetingszoomvirtual_desktop_infrastructureZoom Clients
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-39205
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.37% / 57.94%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:32
Updated-29 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructurevideo_software_development_kitmeetingszoomZoom Clients
CWE ID-CWE-754
Improper Check for Unusual or Exceptional Conditions
CVE-2023-39204
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.27% / 50.39%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:28
Updated-29 Aug, 2024 | 15:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-video_software_development_kitroomsmeetingszoomvirtual_desktop_infrastructureZoom Clients
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-39203
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.17% / 38.33%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 22:23
Updated-27 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructurezoomZoom Rooms Client for Windows and Zoom VDI Client
CWE ID-CWE-789
Memory Allocation with Excessive Size Value
CVE-2023-39208
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.81%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 19:55
Updated-27 Sep, 2024 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Desktop Client for Linux
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-20
Improper Input Validation
CVE-2023-39215
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.38% / 58.32%
||
7 Day CHG~0.00%
Published-12 Sep, 2023 | 19:53
Updated-27 Sep, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitvirtual_desktop_infrastructurezoomZoom Clients
CWE ID-CWE-449
The UI Performs the Wrong Action
CWE ID-CWE-287
Improper Authentication
CVE-2023-39209
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.10% / 27.95%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 21:39
Updated-04 Oct, 2024 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Desktop Client for Windows
CWE ID-CWE-449
The UI Performs the Wrong Action
CWE ID-CWE-20
Improper Input Validation
CVE-2023-39214
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.6||HIGH
EPSS-0.42% / 61.24%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 21:38
Updated-27 Sep, 2024 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-meeting_software_development_kitroomszoomZoom SDK's
CWE ID-CWE-749
Exposed Dangerous Method or Function
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-39213
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-9.6||CRITICAL
EPSS-1.11% / 77.20%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 21:36
Updated-10 Oct, 2024 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructurezoomZoom Desktop Client for Windows and Zoom VDI Client
CWE ID-CWE-176
Improper Handling of Unicode Encoding
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2023-39211
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.8||HIGH
EPSS-0.04% / 9.82%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 21:30
Updated-10 Oct, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-roomszoomZoom Desktop Client for Windows and Zoom Rooms for Windows
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CWE ID-CWE-269
Improper Privilege Management
CVE-2023-39218
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 48.01%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:54
Updated-10 Oct, 2024 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructureroomszoomZoom Clients
CWE ID-CWE-602
Client-Side Enforcement of Server-Side Security
CVE-2023-39216
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-9.6||CRITICAL
EPSS-0.46% / 63.30%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:48
Updated-10 Oct, 2024 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Desktop Client for Windows
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2023-36535
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.1||HIGH
EPSS-0.17% / 39.10%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:39
Updated-08 Oct, 2024 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructureroomszoomZoom Clients
CWE ID-CWE-449
The UI Performs the Wrong Action
CVE-2023-36534
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.62% / 69.11%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:35
Updated-10 Oct, 2024 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Desktop Client for Windows
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-36532
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.9||MEDIUM
EPSS-0.68% / 70.69%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:30
Updated-09 Oct, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-virtual_desktop_infrastructureroomszoomZoom Clients
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-36541
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-8||HIGH
EPSS-0.39% / 59.16%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:27
Updated-10 Oct, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Desktop Client for Windows
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-36540
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.3||HIGH
EPSS-0.03% / 7.83%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 17:05
Updated-04 Oct, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Desktop Client for Windows
CWE ID-CWE-426
Untrusted Search Path
CVE-2023-34116
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.2||HIGH
EPSS-0.40% / 59.91%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 16:56
Updated-22 Oct, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom Desktop Client for Windows
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-36539
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.08%
||
7 Day CHG~0.00%
Published-30 Jun, 2023 | 02:01
Updated-28 Oct, 2024 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-poly_ccx_700yealink_mp56_firmwareyealink_mp54_firmwareyealink_vp59_firmwarevideo_software_development_kitroomsyealink_mp56meetingszoomyealink_mp54poly_ccx_700_firmwarepoly_ccx_600poly_ccx_600_firmwareyealink_vp59Zoom clients
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-325
Missing Cryptographic Step
CWE ID-CWE-326
Inadequate Encryption Strength
CVE-2023-34114
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.4||HIGH
EPSS-0.19% / 41.07%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 18:37
Updated-02 Jan, 2025 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom for MacOS ClientZoom for Windows Client
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2023-34121
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.56% / 67.13%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 17:42
Updated-02 Jan, 2025 | 20:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access.

Action-Not Available
Vendor-Microsoft CorporationZoom Communications, Inc.
Product-windowsvirtual_desktop_infrastructureroomszoomZoom VDI for Windows Meeting ClientsZoom for WindowsZoom Rooms Client for Windows
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-28602
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-2.8||LOW
EPSS-0.10% / 28.56%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 17:30
Updated-02 Jan, 2025 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom for Windows Client
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-28601
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.3||HIGH
EPSS-0.34% / 56.14%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 17:05
Updated-02 Jan, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom for Windows Client
CWE ID-CWE-358
Improperly Implemented Security Check for Standard
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2023-28600
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-5.2||MEDIUM
EPSS-0.06% / 17.43%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 17:00
Updated-02 Jan, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom for macOS Client
CWE ID-CWE-378
Creation of Temporary File With Insecure Permissions
CVE-2023-28599
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.52% / 65.68%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 16:55
Updated-02 Jan, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom for LinuxZoom for WindowsZoom for AndroidZoom for macOSZoom for iOS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2023-28598
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.75%
||
7 Day CHG~0.00%
Published-13 Jun, 2023 | 16:49
Updated-02 Jan, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash.

Action-Not Available
Vendor-Zoom Communications, Inc.
Product-zoomZoom for Linux clients
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2023-28597
Assigner-Zoom Video Communications, Inc.
ShareView Details
Assigner-Zoom Video Communications, Inc.
CVSS Score-8.3||HIGH
EPSS-0.78% / 72.65%
||
7 Day CHG~0.00%
Published-27 Mar, 2023 | 00:00
Updated-19 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper trust boundary implementation for SMB in Zoom Clients

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.

Action-Not Available
Vendor-Zoom Communications, Inc.Microsoft Corporation
Product-virtual_desktop_infrastructureroomszoomwindowsZoom Rooms (for Android, iOS, Linux, macOS, and Windows)Zoom (for Android, iOS, Linux, macOS, and Windows)Zoom VDI for Windows
CWE ID-CWE-501
Trust Boundary Violation
  • Previous
  • 1
  • 2
  • Next