CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 1CVE-2020-6110
https://notcve.org/view.php?id=CVE-2020-6110
08 Jun 2020 — An exploitable partial path traversal vulnerability exists in the way Zoom Client version 4.6.10 processes messages including shared code snippets. A specially crafted chat message can cause an arbitrary binary planting which could be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to trigger this vulnerability. For the most severe effect, target user interaction is required. Se presenta una vulnerabilidad de salto de ruta parcial... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1056 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-6109
https://notcve.org/view.php?id=CVE-2020-6109
08 Jun 2020 — An exploitable path traversal vulnerability exists in the Zoom client, version 4.6.10 processes messages including animated GIFs. A specially crafted chat message can cause an arbitrary file write, which could potentially be abused to achieve arbitrary code execution. An attacker needs to send a specially crafted message to a target user or a group to exploit this vulnerability. Se presenta una vulnerabilidad de salto de ruta explotable en Zoom Client, la versión 4.6.10 procesa mensajes que incluyen GIF ani... • https://talosintelligence.com/vulnerability_reports/TALOS-2020-1055 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •