CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2019-13449
https://notcve.org/view.php?id=CVE-2019-13449
In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421. En el Cliente Zoom anterior a versión 4.4.2 en macOS, los atacantes remotos pueden causar una denegación de servicio (captura de enfoque continua) por medio de una secuencia de peticiones invalidas launch?action=join&confno= en el puerto host local 19421. • https://assets.zoom.us/docs/pdf/Zoom+Response+Video-On+Vulnerability.pdf https://blog.zoom.us/wordpress/2019/07/08/response-to-video-on-concern https://bugs.chromium.org/p/chromium/issues/detail?id=951540 https://medium.com/%40jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5 https://twitter.com/zoom_us/status/1148710712241295361 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-15715
https://notcve.org/view.php?id=CVE-2018-15715
Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens. Los clientes de Zoom en Windows (antes de la versión 4.1.34814.1119), Mac OS (antes de la versión 4.1.34801.1116) y Linux (2.4.129780.0915 y anteriores) son vulnerables al procesamiento no autorizado de imágenes. Un atacante remoto no autenticado puede suplantar los mensajes UDP de un asistente a la reunión o de un servidor de Zoom para invocar funcionalidades en el cliente objetivo. • https://www.tenable.com/security/research/tra-2018-40 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •
CVSS: 9.3EPSS: 8%CPEs: 1EXPL: 4CVE-2017-15049 – Zoom Linux Client 2.0.106600.0904 - Command Injection
https://notcve.org/view.php?id=CVE-2017-15049
The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. El binario ZoomLauncher en el cliente Zoom para Linux en versiones anteriores a la 2.0.115900.1201 no sanea adecuadamente las entradas de usuarios al construir un comando shell, lo que permite que los atacantes remotos ejecuten código arbitrario aprovechando el controlador de esquemas zoommtg://. The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is affected. • https://www.exploit-db.com/exploits/43354 http://packetstormsecurity.com/files/145453/Zoom-Linux-Client-2.0.106600.0904-Command-Injection.html http://seclists.org/fulldisclosure/2017/Dec/47 https://github.com/convisoappsec/advisories/blob/master/2017/CONVISO-17-003.txt • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 3CVE-2017-15048 – Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-15048
Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. Desbordamiento de búfer basado en pila en el binario ZoomLauncher del cliente Zoom para Linux en versiones anteriores a la 2.0.115900.1201 permite que atacantes remotos ejecuten código arbitrario aprovechando el controlador de esquemas zoommtg://. The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client registers a scheme handler (zoommtg://) and this makes possible to trigger the vulnerability remotely. • https://www.exploit-db.com/exploits/43355 http://packetstormsecurity.com/files/145452/Zoom-Linux-Client-2.0.106600.0904-Buffer-Overflow.html http://seclists.org/fulldisclosure/2017/Dec/46 https://github.com/convisoappsec/advisories/blob/master/2017/CONVISO-17-002.txt • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-5811
https://notcve.org/view.php?id=CVE-2014-5811
The ZOOM Cloud Meetings (aka us.zoom.videomeetings) application @7F060008 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. La aplicación ZOOM Cloud Meetings @7F060008 (también conocida como us.zoom.videomeetings) para Android no verifica los certificados X.509 de los servidores SSL, lo que permite a atacantes man-in-the-middle falsificar servidores y obtener información sensible a través de un certificado manipulado. • http://www.kb.cert.org/vuls/id/297641 http://www.kb.cert.org/vuls/id/582497 https://docs.google.com/spreadsheets/d/1t5GXwjw82SyunALVJb2w0zi3FoLRIkfGPc7AMjRF0r4/edit?usp=sharing • CWE-310: Cryptographic Issues •