CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34419 – HTML injection in Zoom Linux client
https://notcve.org/view.php?id=CVE-2021-34419
11 Nov 2021 — In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks. En Zoom Client for Meetings para Ubuntu Linux versiones anteriores a 5.1.0, se presenta un fallo de inyección de HTML cuando es enviada una petición de control remoto a un usuario en el proceso de compartir la pantalla en una reuni... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34420 – Zoom Windows installation executable signature bypass
https://notcve.org/view.php?id=CVE-2021-34420
11 Nov 2021 — The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer. El instalador de Zoom Client for Meetings para Windows anterior a la versión 5.5.4 no verifica correctamente la firma de los archivos con extensiones .msi, .ps1 y .bat. Esto podría dar lugar a que un actor malintencionado instalara software malicioso en el orde... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34413
https://notcve.org/view.php?id=CVE-2021-34413
27 Sep 2021 — All versions of the Zoom Plugin for Microsoft Outlook for MacOS before 5.3.52553.0918 contain a Time-of-check Time-of-use (TOC/TOU) vulnerability during the plugin installation process. This could allow a standard user to write their own malicious application to the plugin directory, allowing the malicious application to execute in a privileged context. Todas las versiones de Zoom Plugin for Microsoft Outlook para MacOS anteriores a 5.3.52553.0918, contienen una vulnerabilidad de tipo Time-of-check Time-of-... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34416
https://notcve.org/view.php?id=CVE-2021-34416
27 Sep 2021 — The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, wh... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34415
https://notcve.org/view.php?id=CVE-2021-34415
27 Sep 2021 — The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash. El servicio Zone Controller del Zoom On-Premise Meeting Connector Controller versiones anteriores a 4.6.358.20210205 no verifica el campo cnt enviado en los paquetes de red entrantes, que conlleva al agotamiento de los recursos y el bloqueo del sistema • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34414
https://notcve.org/view.php?id=CVE-2021-34414
27 Sep 2021 — The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network proxy configuration,... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34412
https://notcve.org/view.php?id=CVE-2021-34412
27 Sep 2021 — During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. Durante el proceso de instalación de todas las versiones de Zoom Client for Meetings para Windows anteriores a 5.4.0, es posible iniciar Internet Explorer. Si el instalador fue iniciado con privilegios elevados, como por ejemplo por SCCM, es... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34411
https://notcve.org/view.php?id=CVE-2021-34411
27 Sep 2021 — During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. Durante el proceso de instalación de Zoom Rooms for Conference Room para Windows versiones anteriores a 5.3.0, es posible iniciar Internet Explorer con privilegios elevados. Si el instalador se lanzó con privilegios elevados... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34410
https://notcve.org/view.php?id=CVE-2021-34410
27 Sep 2021 — A user-writable application bundle unpacked during the install for all versions of the Zoom Plugin for Microsoft Outlook for Mac before 5.0.25611.0521 allows for privilege escalation to root. Un paquete de aplicaciones escribible por el usuario que se desempaqueta durante la instalación para todas las versiones de Zoom Plugin para Microsoft Outlook para Mac versiones anteriores a 5.0.25611.0521, permite una elevación de privilegios a root • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34409 – Zoom Client Installer Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-34409
27 Sep 2021 — It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-732: Incorrect Permission Assignment for Critical Resource •