CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-22780 – Zoom Chat Susceptible to Zip Bombing
https://notcve.org/view.php?id=CVE-2022-22780
09 Feb 2022 — The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources. La funcionalidad chat de Zoom Client for Meetings era susceptible de sufrir ataques de bombardeo de Zip en las siguientes versiones del producto: Android ... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-34425 – Server Side Request Forgery in Zoom Client for Meetings chat
https://notcve.org/view.php?id=CVE-2021-34425
14 Dec 2021 — The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly. Zoom Client for Meetings anterior a la versión 5.7.3 (para Android, iOS, Linux, macOS y Wind... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 1CVE-2021-34424 – Process memory exposure in Zoom Client and other products
https://notcve.org/view.php?id=CVE-2021-34424
24 Nov 2021 — A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Window... • https://packetstorm.news/files/id/165419 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 51EXPL: 1CVE-2021-34423 – Buffer overflow in Zoom client and other products
https://notcve.org/view.php?id=CVE-2021-34423
24 Nov 2021 — A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS... • https://packetstorm.news/files/id/165417 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34412
https://notcve.org/view.php?id=CVE-2021-34412
27 Sep 2021 — During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. Durante el proceso de instalación de todas las versiones de Zoom Client for Meetings para Windows anteriores a 5.4.0, es posible iniciar Internet Explorer. Si el instalador fue iniciado con privilegios elevados, como por ejemplo por SCCM, es... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34409 – Zoom Client Installer Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-34409
27 Sep 2021 — It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34408
https://notcve.org/view.php?id=CVE-2021-34408
27 Sep 2021 — The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable directory used and a non-user writable directory. Zoom Client for Meetings para Windows en todas las versiones anteriores a 5.3.2, escribe archivos de registro en un directorio en el que el usuario puede escribir como ... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33907
https://notcve.org/view.php?id=CVE-2021-33907
27 Sep 2021 — The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context. Zoom Client for Meetings para Windows en todas las versiones anteriores a 5.3.0, no comprueba correctamente la información del certificado usada para firmar los archivos .msi cuando se lleva a cabo una actualización del cliente. Esto podría conll... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11500
https://notcve.org/view.php?id=CVE-2020-11500
03 Apr 2020 — Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption. Within a meeting, all participants use a single 128-bit key. Zoom Client for Meetings versiones hasta 4.6.9, usa el modo ECB de AES para el cifrado de video y audio. Dentro de una reunión, todos los participantes usan una única clave de 128 bits. • https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11469
https://notcve.org/view.php?id=CVE-2020-11469
01 Apr 2020 — Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot. Zoom Client for Meetings versiones hasta 4.6.8 en macOS, copia runwithroot a un directorio temporal escribible por el usuario durante la instalación, lo cual permite que un proceso local (con los privilegios del usuario) obtenga acceso root mediante el reemplazo de runwithroot. • https://blog.zoom.us/wordpress/2020/04/01/a-message-to-our-users • CWE-552: Files or Directories Accessible to External Parties •