Approved changes feed: RSS · Atom
cpe:2.3:a:zoom:rooms:*:*:*:*:*:macos:*:*
part: a version: * update: *
| Vendor | Zoom (f27b522e-dea8-5818-ba42-864516f1d399) |
|---|---|
| Product | Rooms (894ebd39-3d92-555f-83c4-48fdb7c82fc8) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | macos |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-67461 |
vulnerable | 2026-06-03 15:11:01.577988 |
Zoom Rooms for macOS - External Control of File Name or Path
MEDIUM (5)
External control of file name or path in Zoom Rooms for macOS before version 6.6.0 may allow an authenticated user to conduct a disclosure of information via local access.
Published: 2025-12-10T20:29:36.221Z
Updated: 2025-12-10T21:27:08.795Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-64739 |
vulnerable | 2026-06-03 15:09:39.736859 |
Zoom Clients - External Control of File Name or Path
MEDIUM (4.3)
External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access.
Published: 2025-11-13T14:28:58.527Z
Updated: 2025-11-14T16:51:41.747Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-62483 |
vulnerable | 2026-06-03 15:07:58.911983 |
Zoom Clients - Improper Removal of Sensitive Information
MEDIUM (5.3)
Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access.
Published: 2025-11-13T15:03:07.612Z
Updated: 2025-11-13T15:15:51.024Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-58133 |
vulnerable | 2026-06-03 15:06:20.754899 |
Zoom Rooms Clients - Authentication Bypass
MEDIUM (5.3)
Authentication bypass in some Zoom Rooms Clients before version 6.5.1 may allow an unauthenticated user to conduct a disclosure of information via network access.
Published: 2025-10-15T16:13:28.273Z
Updated: 2025-11-13T14:01:37.953Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-49461 |
vulnerable | 2026-06-03 15:01:44.822638 |
Zoom Workplace Clients - Cross-site Scripting
MEDIUM (4.3)
Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
Published: 2025-09-09T21:42:05.838Z
Updated: 2025-09-10T20:24:36.497Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-49460 |
vulnerable | 2026-06-03 15:01:44.819075 |
Zoom Workplace Clients - Argument Injection
MEDIUM (4.3)
Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access.
Published: 2025-09-09T21:38:40.910Z
Updated: 2025-09-10T20:25:08.077Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-49458 |
vulnerable | 2026-06-03 15:01:44.808730 |
Zoom Workplace Clients - Buffer Overflow
MEDIUM (6.5)
Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access.
Published: 2025-09-09T21:25:52.133Z
Updated: 2025-09-10T19:34:03.844Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-46786 |
vulnerable | 2026-06-03 15:01:28.025712 |
Zoom Workplace Apps - Cross-site Scripting
MEDIUM (4.3)
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access.
Published: 2025-05-14T17:42:30.374Z
Updated: 2025-10-02T20:59:29.011Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30668 |
vulnerable | 2026-06-03 15:00:29.242306 |
Zoom Workplace Apps - NULL Pointer Dereference
MEDIUM (6.5)
Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access.
Published: 2025-05-14T17:39:55.588Z
Updated: 2025-10-02T20:44:44.793Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30667 |
vulnerable | 2026-06-03 15:00:29.240944 |
Zoom Workplace Apps - NULL Pointer Dereference
MEDIUM (6.5)
NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access.
Published: 2025-05-14T17:36:19.136Z
Updated: 2025-05-14T19:00:20.154Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30664 |
vulnerable | 2026-06-03 15:00:29.235530 |
Zoom Workplace Apps - Cross-site Scripting
MEDIUM (6.6)
Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
Published: 2025-05-14T17:33:18.777Z
Updated: 2026-02-26T18:28:08.837Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-30663 |
vulnerable | 2026-06-03 15:00:29.228132 |
Zoom Workplace Apps - Time-of-check Time-of-use
HIGH (8.8)
Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access.
Published: 2025-05-14T17:31:03.695Z
Updated: 2026-02-26T18:28:09.221Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-27442 |
vulnerable | 2026-06-03 15:00:12.479745 |
Zoom Workplace Apps - Cross Site Scripting
MEDIUM (4.6)
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
Published: 2025-04-08T16:14:53.396Z
Updated: 2026-05-15T18:15:47.314Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-27441 |
vulnerable | 2026-06-03 15:00:12.478041 |
Zoom Workplace Apps - Cross Site Scripting
MEDIUM (4.6)
Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
Published: 2025-04-08T16:14:40.782Z
Updated: 2026-05-15T18:15:16.837Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-27440 |
vulnerable | 2026-06-03 15:00:12.476459 |
Zoom Apps - Heap-based Buffer Overflow
HIGH (8.5)
Heap overflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
Published: 2025-03-11T17:11:16.928Z
Updated: 2025-03-11T17:40:56.534Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-27439 |
vulnerable | 2026-06-03 15:00:12.466775 |
Zoom Apps - Buffer Underflow
HIGH (8.5)
Buffer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
Published: 2025-03-11T17:10:28.524Z
Updated: 2025-03-11T18:58:55.987Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0151 |
vulnerable | 2026-06-03 14:58:23.833216 |
Zoom Apps - Use After Free
HIGH (8.5)
Use after free in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via network access.
Published: 2025-03-11T17:08:50.327Z
Updated: 2025-03-11T17:44:08.820Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0149 |
vulnerable | 2026-06-03 14:58:23.828519 |
Zoom Apps - Insufficient Verification of Data Authenticity
MEDIUM (6.5)
Insufficient verification of data authenticity in some Zoom Workplace Apps may allow an unprivileged user to conduct a denial of service via network access.
Published: 2025-03-11T17:04:02.453Z
Updated: 2025-03-11T19:18:34.860Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0146 |
vulnerable | 2026-06-03 14:58:23.817603 |
Zoom Workplace app for macOS - Symlink Following
LOW (3.9)
Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access.
Published: 2025-01-30T19:47:26.128Z
Updated: 2025-01-30T21:22:42.397Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-0144 |
vulnerable | 2026-06-03 14:58:23.802243 |
Zoom Workplace Apps - Out-of-bounds Write
LOW (3.1)
Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access.
Published: 2025-01-30T19:44:06.908Z
Updated: 2025-01-30T21:29:47.382Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45424 |
vulnerable | 2026-06-03 14:56:56.561185 |
Zoom Workplace Apps - Business Logic Error
MEDIUM (5.3)
Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
Published: 2025-02-25T19:34:24.811Z
Updated: 2025-02-25T19:39:53.249Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45422 |
vulnerable | 2026-06-03 14:56:56.555734 |
Zoom Apps - Improper Input Validation
MEDIUM (6.5)
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access.
Published: 2024-11-19T19:45:25.914Z
Updated: 2024-11-20T15:42:40.830Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45421 |
vulnerable | 2026-06-03 14:56:56.550966 |
Zoom Apps - Buffer Overflow
HIGH (8.5)
Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access.
Published: 2025-02-25T19:55:02.666Z
Updated: 2025-02-25T20:09:12.193Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45420 |
vulnerable | 2026-06-03 14:56:56.544081 |
Zoom Apps - Uncontrolled Resource Consumption
MEDIUM (4.3)
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access.
Published: 2024-11-19T19:32:02.656Z
Updated: 2024-11-20T15:16:27.856Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45419 |
vulnerable | 2026-06-03 14:56:56.534306 |
Zoom Apps - Improper Input Validation
HIGH (8.1)
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access.
Published: 2024-11-19T19:28:48.335Z
Updated: 2024-11-19T21:46:16.379Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45418 |
vulnerable | 2026-06-03 14:56:56.529100 |
Zoom Apps for macOS - Symbolic Link Following
MEDIUM (5.4)
Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access.
Published: 2025-02-25T19:52:25.471Z
Updated: 2025-02-25T20:07:09.959Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-45417 |
vulnerable | 2026-06-03 14:56:56.526931 |
Zoom Apps for macOS - Uncontrolled Resource Consumption
MEDIUM (6)
Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access.
Published: 2025-02-25T19:49:22.296Z
Updated: 2025-02-26T16:42:11.552Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42441 |
vulnerable | 2026-06-03 14:56:36.862071 |
Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Incorrect Privilege Assignment
MEDIUM (6.2)
Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
Published: 2024-08-14T16:46:17.936Z
Updated: 2025-10-07T13:17:05.280Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42440 |
vulnerable | 2026-06-03 14:56:36.858570 |
Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS, Zoom Rooms Client for macOS - Improper Privilege Management
MEDIUM (6.2)
Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct an escalation of privilege via local access.
Published: 2024-08-14T16:44:46.080Z
Updated: 2024-08-14T18:06:25.844Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42438 |
vulnerable | 2026-06-03 14:56:36.847308 |
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow
MEDIUM (6.5)
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
Published: 2024-08-14T16:41:18.732Z
Updated: 2024-08-16T20:05:07.811Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42437 |
vulnerable | 2026-06-03 14:56:36.846184 |
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow
MEDIUM (6.5)
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
Published: 2024-08-14T16:41:12.866Z
Updated: 2024-08-14T17:44:29.139Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42436 |
vulnerable | 2026-06-03 14:56:36.845478 |
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Buffer Overflow
MEDIUM (6.5)
Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access.
Published: 2024-08-14T16:41:03.844Z
Updated: 2024-08-14T18:25:52.686Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42435 |
vulnerable | 2026-06-03 14:56:36.844605 |
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure
MEDIUM (4.9)
Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Published: 2024-08-14T16:39:46.183Z
Updated: 2024-08-15T13:58:02.205Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-42434 |
vulnerable | 2026-06-03 14:56:36.837944 |
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization
MEDIUM (4.9)
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Published: 2024-08-14T16:39:38.167Z
Updated: 2025-10-07T13:15:09.341Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39825 |
vulnerable | 2026-06-03 14:56:22.531581 |
Zoom Workplace Apps and Rooms Clients - Buffer Overflow
HIGH (8.5)
Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.
Published: 2024-08-14T16:34:53.595Z
Updated: 2024-08-16T13:28:41.388Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39824 |
vulnerable | 2026-06-03 14:56:22.524111 |
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization
MEDIUM (4.9)
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Published: 2024-08-14T16:39:26.880Z
Updated: 2025-10-02T20:51:37.705Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39823 |
vulnerable | 2026-06-03 14:56:22.523204 |
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Missing Authorization
MEDIUM (4.9)
Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access.
Published: 2024-08-14T16:39:13.132Z
Updated: 2025-10-02T20:49:49.959Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39822 |
vulnerable | 2026-06-03 14:56:22.516729 |
Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure
MEDIUM (6.5)
Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access.
Published: 2024-08-14T16:38:03.416Z
Updated: 2024-08-16T19:18:44.815Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-39818 |
vulnerable | 2026-06-03 14:56:22.497376 |
Zoom Workplace Apps and SDKs - Protection Mechanism Failure
HIGH (7.5)
Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access.
Published: 2024-08-14T16:36:37.347Z
Updated: 2024-08-16T13:26:38.801Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27246 |
vulnerable | 2026-06-03 14:55:17.125296 |
Zoom Workplace Apps and SDKs - Use After Free
MEDIUM (4.3)
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
Published: 2025-02-25T20:32:33.638Z
Updated: 2025-02-25T21:08:59.293Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27245 |
vulnerable | 2026-06-03 14:55:17.124531 |
Zoom Workplace Apps and SDKs - Buffer Overflow
MEDIUM (4.3)
Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
Published: 2025-02-25T20:31:28.555Z
Updated: 2025-02-25T21:08:19.978Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27241 |
vulnerable | 2026-06-03 14:55:17.114271 |
Zoom Apps and SDKs - Improper Input Validation
MEDIUM (5.3)
Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
Published: 2024-07-15T17:17:01.679Z
Updated: 2024-08-02T00:27:59.870Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-27239 |
vulnerable | 2026-06-03 14:55:17.097138 |
Zoom Workplace Apps and SDKs - Divide By Zero
MEDIUM (4.3)
Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access.
Published: 2025-02-25T20:33:42.787Z
Updated: 2025-10-01T22:45:02.250Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-43591 |
vulnerable | 2026-06-03 14:53:04.334269 |
Details available
HIGH (7.8)
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
Published: 2023-11-14T23:16:55.146Z
Updated: 2025-06-11T14:19:18.235Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-43590 |
vulnerable | 2026-06-03 14:53:04.333789 |
Details available
HIGH (7.8)
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access.
Published: 2023-11-14T23:15:12.437Z
Updated: 2024-08-29T17:23:41.033Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-43582 |
vulnerable | 2026-06-03 14:53:04.314759 |
Details available
MEDIUM (5.5)
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.
Published: 2023-11-14T23:12:32.799Z
Updated: 2024-09-19T13:52:36.217Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39218 |
vulnerable | 2026-06-03 14:52:37.944931 |
Details available
MEDIUM (6.1)
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.
Published: 2023-08-08T17:54:59.577Z
Updated: 2024-10-10T16:20:58.392Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39214 |
vulnerable | 2026-06-03 14:52:37.938851 |
Details available
HIGH (7.6)
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.
Published: 2023-08-08T21:38:25.554Z
Updated: 2024-09-27T19:07:24.020Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39206 |
vulnerable | 2026-06-03 14:52:37.922146 |
Details available
LOW (3.7)
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
Published: 2023-11-14T23:02:41.332Z
Updated: 2024-08-29T15:45:07.488Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39204 |
vulnerable | 2026-06-03 14:52:37.916341 |
Details available
MEDIUM (4.3)
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.
Published: 2023-11-14T22:28:44.622Z
Updated: 2024-08-29T15:20:45.432Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-39199 |
vulnerable | 2026-06-03 14:52:37.905951 |
Details available
MEDIUM (4.9)
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.
Published: 2023-11-14T23:06:21.805Z
Updated: 2024-09-19T13:50:58.529Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-36535 |
vulnerable | 2026-06-03 14:52:26.596233 |
Details available
HIGH (7.1)
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.
Published: 2023-08-08T17:39:51.259Z
Updated: 2024-10-08T15:03:49.453Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-36532 |
vulnerable | 2026-06-03 14:52:26.579613 |
Details available
MEDIUM (5.9)
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.
Published: 2023-08-08T17:30:58.217Z
Updated: 2024-10-09T16:25:28.757Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-28597 |
vulnerable | 2026-06-03 14:51:13.085803 |
Improper trust boundary implementation for SMB in Zoom Clients
HIGH (8.3)
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.
Published: 2023-03-27T00:00:00.000Z
Updated: 2025-02-19T15:27:48.810Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36927 |
vulnerable | 2026-06-03 14:47:41.060159 |
Local Privilege Escalation in Zoom Rooms for macOS Clients
HIGH (8.8)
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
Published: 2023-01-09T00:00:00.000Z
Updated: 2025-04-09T14:31:47.826Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36926 |
vulnerable | 2026-06-03 14:47:41.059780 |
Local Privilege Escalation in Zoom Rooms for macOS Clients
HIGH (8.8)
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.
Published: 2023-01-09T00:00:00.000Z
Updated: 2025-04-09T14:31:27.018Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-36925 |
vulnerable | 2026-06-03 14:47:41.059336 |
Insecure key generation for Zoom Rooms for macOS Clients
MEDIUM (4.4)
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.
Published: 2023-01-09T00:00:00.000Z
Updated: 2025-04-09T14:33:28.921Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28764 |
vulnerable | 2026-06-03 14:46:55.987506 |
Local information exposure in Zoom Clients
LOW (3.3)
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.
Published: 2022-11-14T20:17:59.455Z
Updated: 2025-04-29T19:19:29.673Z Reference links |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.