GCVE - cpe:2.3:a:zoom:zoom:*:*:*:*:*:mac_os_x:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:zoom:zoom:*:*:*:*:*:mac_os_x:*:*

part: a version: * update: *

Vendor	Zoom (`f27b522e-dea8-5818-ba42-864516f1d399`)
Product	Zoom (`65336b43-33f0-59ce-95e1-d1d9193f3816`)
Edition	*
Language	*
Software edition	*
Target software	mac_os_x
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-13450`	vulnerable	2026-06-03 14:39:37.665066	Details available In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus directory, and creating a ~/.zoomus plain file. Published: 2019-07-09T05:49:07.000Z Updated: 2024-08-04T23:49:25.076Z Open on db.gcve.eu Reference links https://medium.com/%40jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 https://assets.zoom.us/docs/pdf/Zoom+Response+Video-On+Vulnerability.pdf https://news.ycombinator.com/item?id=20387298 https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/ https://twitter.com/moreati/status/1148548799813640193	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-13449`	vulnerable	2026-06-03 14:39:37.663439	Details available In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421. Published: 2019-07-09T05:48:41.000Z Updated: 2024-08-04T23:49:25.032Z Open on db.gcve.eu Reference links https://medium.com/%40jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 https://assets.zoom.us/docs/pdf/Zoom+Response+Video-On+Vulnerability.pdf https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern/ https://twitter.com/zoom_us/status/1148710712241295361 https://bugs.chromium.org/p/chromium/issues/detail?id=951540	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-15715`	vulnerable	2026-06-03 14:38:14.216860	Details available Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens. Published: 2018-11-30T20:00:00.000Z Updated: 2024-09-16T21:56:33.284Z Open on db.gcve.eu Reference links https://www.tenable.com/security/research/tra-2018-40	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.