CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-22780 – Zoom Chat Susceptible to Zip Bombing
https://notcve.org/view.php?id=CVE-2022-22780
09 Feb 2022 — The Zoom Client for Meetings chat functionality was susceptible to Zip bombing attacks in the following product versions: Android before version 5.8.6, iOS before version 5.9.0, Linux before version 5.8.6, macOS before version 5.7.3, and Windows before version 5.6.3. This could lead to availability issues on the client host by exhausting system resources. La funcionalidad chat de Zoom Client for Meetings era susceptible de sufrir ataques de bombardeo de Zip en las siguientes versiones del producto: Android ... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 0CVE-2021-34425 – Server Side Request Forgery in Zoom Client for Meetings chat
https://notcve.org/view.php?id=CVE-2021-34425
14 Dec 2021 — The Zoom Client for Meetings before version 5.7.3 (for Android, iOS, Linux, macOS, and Windows) contain a server side request forgery vulnerability in the chat\'s "link preview" functionality. In versions prior to 5.7.3, if a user were to enable the chat\'s "link preview" feature, a malicious actor could trick the user into potentially sending arbitrary HTTP GET requests to URLs that the actor cannot reach directly. Zoom Client for Meetings anterior a la versión 5.7.3 (para Android, iOS, Linux, macOS y Wind... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 1CVE-2021-34424 – Process memory exposure in Zoom Client and other products
https://notcve.org/view.php?id=CVE-2021-34424
24 Nov 2021 — A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Window... • https://packetstorm.news/files/id/165419 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 51EXPL: 1CVE-2021-34423 – Buffer overflow in Zoom client and other products
https://notcve.org/view.php?id=CVE-2021-34423
24 Nov 2021 — A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS... • https://packetstorm.news/files/id/165417 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34412
https://notcve.org/view.php?id=CVE-2021-34412
27 Sep 2021 — During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation. Durante el proceso de instalación de todas las versiones de Zoom Client for Meetings para Windows anteriores a 5.4.0, es posible iniciar Internet Explorer. Si el instalador fue iniciado con privilegios elevados, como por ejemplo por SCCM, es... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-34409 – Zoom Client Installer Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2021-34409
27 Sep 2021 — It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34408
https://notcve.org/view.php?id=CVE-2021-34408
27 Sep 2021 — The Zoom Client for Meetings for Windows in all versions before version 5.3.2 writes log files to a user writable directory as a privileged user during the installation or update of the client. This could allow for potential privilege escalation if a link was created between the user writable directory used and a non-user writable directory. Zoom Client for Meetings para Windows en todas las versiones anteriores a 5.3.2, escribe archivos de registro en un directorio en el que el usuario puede escribir como ... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2021-33907
https://notcve.org/view.php?id=CVE-2021-33907
27 Sep 2021 — The Zoom Client for Meetings for Windows in all versions before 5.3.0 fails to properly validate the certificate information used to sign .msi files when performing an update of the client. This could lead to remote code execution in an elevated privileged context. Zoom Client for Meetings para Windows en todas las versiones anteriores a 5.3.0, no comprueba correctamente la información del certificado usada para firmar los archivos .msi cuando se lleva a cabo una actualización del cliente. Esto podría conll... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11876
https://notcve.org/view.php?id=CVE-2020-11876
17 Apr 2020 — airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash of 0123425234234fsdfsdr3242 for initialization of an OpenSSL EVP AES-256 CBC context. NOTE: the vendor states that this initialization only occurs within unreachable code ** EN DISPUTA ** El archivo airhost.exe en Zoom Client for Meetings versión 4.6.11, usa el hash SHA-256 de 0123425234234fsdfsdr3242 para la inicialización de un contexto EVP AES-256 CBC de OpenSSL. NOTA: el vendedor afirma que esta inicialización sólo se produce dentro de... • https://dev.io/posts/zoomzoo • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11877
https://notcve.org/view.php?id=CVE-2020-11877
17 Apr 2020 — airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 as the Initialization Vector (IV) for AES-256 CBC encryption. NOTE: the vendor states that this IV is used only within unreachable code ** EN DISPUTA ** El archivo airhost.exe en Zoom Client for Meetings versión 4.6.11, usa 3423423432325249 como el Vector de Inicialización (IV) para el cifrado AES-256 CBC. NOTA: el proveedor declara que este IV se usa solo dentro de un código inalcanzable. • https://dev.io/posts/zoomzoo • CWE-330: Use of Insufficiently Random Values •