CVSS: 9.8EPSS: 1%CPEs: 51EXPL: 1CVE-2021-34423 – Buffer overflow in Zoom client and other products
https://notcve.org/view.php?id=CVE-2021-34423
24 Nov 2021 — A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS... • https://packetstorm.news/files/id/165417 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2021-34417 – Authenticated remote command execution with root privileges via web console in MMR
https://notcve.org/view.php?id=CVE-2021-34417
11 Nov 2021 — The network proxy page on the web portal for the Zoom On-Premise Meeting Connector Controller before version 4.6.365.20210703, Zoom On-Premise Meeting Connector MMR before version 4.6.365.20210703, Zoom On-Premise Recording Connector before version 3.8.45.20210703, Zoom On-Premise Virtual Room Connector before version 4.4.6868.20210703, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5496.20210703 fails to validate input sent in requests to set the network proxy password. This co... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-20: Improper Input Validation •
CVSS: 5.3EPSS: 0%CPEs: 5EXPL: 0CVE-2021-34418 – Pre-auth Null pointer crash in on-premise web console
https://notcve.org/view.php?id=CVE-2021-34418
11 Nov 2021 — The login routine of the web console in the Zoom On-Premise Meeting Connector before version 4.6.239.20200613, Zoom On-Premise Meeting Connector MMR before version 4.6.239.20200613, Zoom On-Premise Recording Connector before version 3.8.42.20200905, Zoom On-Premise Virtual Room Connector before version 4.4.6344.20200612, and Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5492.20200616 fails to validate that a NULL byte was sent while authenticating. This could lead to a crash of the... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34416
https://notcve.org/view.php?id=CVE-2021-34416
27 Sep 2021 — The network address administrative settings web portal for the Zoom on-premise Meeting Connector before version 4.6.360.20210325, Zoom on-premise Meeting Connector MMR before version 4.6.360.20210325, Zoom on-premise Recording Connector before version 3.8.44.20210326, Zoom on-premise Virtual Room Connector before version 4.4.6752.20210326, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network configuration, wh... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34415
https://notcve.org/view.php?id=CVE-2021-34415
27 Sep 2021 — The Zone Controller service in the Zoom On-Premise Meeting Connector Controller before version 4.6.358.20210205 does not verify the cnt field sent in incoming network packets, which leads to exhaustion of resources and system crash. El servicio Zone Controller del Zoom On-Premise Meeting Connector Controller versiones anteriores a 4.6.358.20210205 no verifica el campo cnt enviado en los paquetes de red entrantes, que conlleva al agotamiento de los recursos y el bloqueo del sistema • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34414
https://notcve.org/view.php?id=CVE-2021-34414
27 Sep 2021 — The network proxy page on the web portal for the Zoom on-premise Meeting Connector Controller before version 4.6.348.20201217, Zoom on-premise Meeting Connector MMR before version 4.6.348.20201217, Zoom on-premise Recording Connector before version 3.8.42.20200905, Zoom on-premise Virtual Room Connector before version 4.4.6620.20201110, and Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5495.20210326 fails to validate input sent in requests to update the network proxy configuration,... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-20: Improper Input Validation •