CVSS: 7.5EPSS: 0%CPEs: 21EXPL: 0CVE-2023-39204
https://notcve.org/view.php?id=CVE-2023-39204
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. El desbordamiento del búfer en algunos clientes de Zoom puede permitir que un usuario no autenticado realice una denegación de servicio a través del acceso a la red. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 24EXPL: 0CVE-2023-36539
https://notcve.org/view.php?id=CVE-2023-36539
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. La exposición de información destinada a ser cifrada por algunos clientes Zoom puede dar lugar a la divulgación de información sensible. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-325: Missing Cryptographic Step CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28596 – Local Privilege Escalation in Zoom for macOS Installers
https://notcve.org/view.php?id=CVE-2023-28596
Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43472 – eRoom – Zoom Meetings & Webinar <= 1.4.6 - Missing Authorization via stm_wpcfto_get_settings_callback
https://notcve.org/view.php?id=CVE-2022-43472
The eRoom – Zoom Meetings & Webinar plugin for WordPress is vulnerable to retrieve setting information due to a missing capability check on the stm_wpcfto_get_settings_callback function in versions up to, and including, 1.4.6. This makes it possible for authenticated attackers with subscriber-level access, and above, to retrieve setting information. • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22883 – Local Privilege Escalation in Zoom for Windows Installers
https://notcve.org/view.php?id=CVE-2023-22883
Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •