Approved changes feed: RSS · Atom
cpe:2.3:a:zoom:zoom:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Zoom (f27b522e-dea8-5818-ba42-864516f1d399) |
|---|---|
| Product | Zoom (65336b43-33f0-59ce-95e1-d1d9193f3816) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-27240 |
vulnerable | 2026-06-03 14:55:17.105764 |
Zoom Apps for Windows - Improper Input Validation
HIGH (7.1)
Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access.
Published: 2024-07-15T17:07:42.976Z
Updated: 2024-08-02T00:27:59.850Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22882 |
vulnerable | 2026-06-03 14:49:20.438089 |
Denial of Service in Zoom Clients
MEDIUM (6.5)
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.
Published: 2023-03-16T00:00:00.000Z
Updated: 2025-02-26T20:05:52.120Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-22881 |
vulnerable | 2026-06-03 14:49:20.437624 |
Denial of Service in Zoom Clients
MEDIUM (6.5)
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service.
Published: 2023-03-16T00:00:00.000Z
Updated: 2025-02-26T20:06:35.273Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-28133 |
vulnerable | 2026-06-03 14:44:17.270319 |
Details available
Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. When a user shares a specific application window via the Share Screen functionality, other meeting participants can briefly see contents of other application windows that were explicitly not shared. The contents of these other windows can (for instance) be seen for a short period of time when they overlay the shared window and get into focus. (An attacker can, of course, use a separate screen-recorder application, unsupported by Zoom, to save all such contents for later replays and analysis.) Depending on the unintentionally shared data, this short exposure of screen contents may be a more or less severe security issue.
Published: 2021-03-18T13:59:36.000Z
Updated: 2024-08-03T21:33:17.446Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-15715 |
vulnerable | 2026-06-03 14:38:14.215635 |
Details available
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens.
Published: 2018-11-30T20:00:00.000Z
Updated: 2024-09-16T21:56:33.284Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.