CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34117
https://notcve.org/view.php?id=CVE-2023-34117
11 Jul 2023 — Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-23: Relative Path Traversal •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34116
https://notcve.org/view.php?id=CVE-2023-34116
11 Jul 2023 — Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2023-36539
https://notcve.org/view.php?id=CVE-2023-36539
30 Jun 2023 — Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. La exposición de información destinada a ser cifrada por algunos clientes Zoom puede dar lugar a la divulgación de información sensible. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-325: Missing Cryptographic Step CWE-326: Inadequate Encryption Strength •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34115
https://notcve.org/view.php?id=CVE-2023-34115
13 Jun 2023 — Buffer copy without checking size of input in Zoom Meeting SDK before 5.13.0 may allow an authenticated user to potentially enable a denial of service via local access. This issue may result in the Zoom Meeting SDK to crash and need to be restarted. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34114
https://notcve.org/view.php?id=CVE-2023-34114
13 Jun 2023 — Exposure of resource to wrong sphere in Zoom for Windows and Zoom for MacOS clients before 5.14.10 may allow an authenticated user to potentially enable information disclosure via network access. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-34121
https://notcve.org/view.php?id=CVE-2023-34121
13 Jun 2023 — Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-34120
https://notcve.org/view.php?id=CVE-2023-34120
13 Jun 2023 — Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-269: Improper Privilege Management CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28603
https://notcve.org/view.php?id=CVE-2023-28603
13 Jun 2023 — Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A malicious user may potentially delete local files without proper permissions. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-73: External Control of File Name or Path CWE-284: Improper Access Control •
CVSS: 7.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28602
https://notcve.org/view.php?id=CVE-2023-28602
13 Jun 2023 — Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28601
https://notcve.org/view.php?id=CVE-2023-28601
13 Jun 2023 — Zoom for Windows clients prior to 5.14.0 contain an improper restriction of operations within the bounds of a memory buffer vulnerability. A malicious user may alter protected Zoom Client memory buffer potentially causing integrity issues within the Zoom Client. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-358: Improperly Implemented Security Check for Standard •