CVSS: 8.8EPSS: 23%CPEs: 1EXPL: 1CVE-2019-13567
https://notcve.org/view.php?id=CVE-2019-13567
12 Jul 2019 — The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zoom Client is not installed or can't be opened, an attacker can remotely execute code with a maliciously crafted launch URL. NOTE: ZoomOpener is removed by the Apple Malware Removal Tool (MRT) if this tool is enabled and has the 2019-07-10 MRTConfigData. El Cliente Zoom anterior a versión 4.4.2 en macOS, permite ... • https://gist.github.com/wbowling/13f9f90365c171806b9ffba2c841026b • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 3%CPEs: 2EXPL: 1CVE-2019-13450
https://notcve.org/view.php?id=CVE-2019-13450
09 Jul 2019 — In the Zoom Client through 4.4.4 and RingCentral 7.0.136380.0312 on macOS, remote attackers can force a user to join a video call with the video camera active. This occurs because any web site can interact with the Zoom web server on localhost port 19421 or 19424. NOTE: a machine remains vulnerable if the Zoom Client was installed in the past and then uninstalled. Blocking exploitation requires additional steps, such as the ZDisableVideo preference and/or killing the web server, deleting the ~/.zoomus direc... • http://www.securityfocus.com/bid/109082 • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 1CVE-2019-13449
https://notcve.org/view.php?id=CVE-2019-13449
09 Jul 2019 — In the Zoom Client before 4.4.2 on macOS, remote attackers can cause a denial of service (continual focus grabs) via a sequence of invalid launch?action=join&confno= requests to localhost port 19421. En el Cliente Zoom anterior a versión 4.4.2 en macOS, los atacantes remotos pueden causar una denegación de servicio (captura de enfoque continua) por medio de una secuencia de peticiones invalidas launch?action=join&confno= en el puerto host local 19421. • https://assets.zoom.us/docs/pdf/Zoom+Response+Video-On+Vulnerability.pdf • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-15715
https://notcve.org/view.php?id=CVE-2018-15715
30 Nov 2018 — Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens. Los clientes de Zoom en Windows (antes de la versión 4.1.34814... • https://www.tenable.com/security/research/tra-2018-40 • CWE-20: Improper Input Validation CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.8EPSS: 4%CPEs: 1EXPL: 4CVE-2017-15048 – Zoom Linux Client 2.0.106600.0904 - Stack-Based Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2017-15048
17 Dec 2017 — Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. Desbordamiento de búfer basado en pila en el binario ZoomLauncher del cliente Zoom para Linux en versiones anteriores a la 2.0.115900.1201 permite que atacantes remotos ejecuten código arbitrario aprovechando el controlador de esquemas zoommtg://. The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer ov... • https://packetstorm.news/files/id/145452 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 35%CPEs: 1EXPL: 5CVE-2017-15049 – Zoom Linux Client 2.0.106600.0904 - Command Injection
https://notcve.org/view.php?id=CVE-2017-15049
17 Dec 2017 — The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. El binario ZoomLauncher en el cliente Zoom para Linux en versiones anteriores a la 2.0.115900.1201 no sanea adecuadamente las entradas de usuarios al construir un comando shell, lo que permite que los atacantes remotos ejecuten código arbitrario aprovechando el ... • https://packetstorm.news/files/id/145453 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •