CVE-2023-34119
https://notcve.org/view.php?id=CVE-2023-34119
Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-377: Insecure Temporary File CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2023-34118
https://notcve.org/view.php?id=CVE-2023-34118
Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-269: Improper Privilege Management •
CVE-2023-36539
https://notcve.org/view.php?id=CVE-2023-36539
Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. La exposición de información destinada a ser cifrada por algunos clientes Zoom puede dar lugar a la divulgación de información sensible. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-325: Missing Cryptographic Step CWE-326: Inadequate Encryption Strength •
CVE-2023-34121
https://notcve.org/view.php?id=CVE-2023-34121
Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via network access. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-20: Improper Input Validation •
CVE-2023-28597 – Improper trust boundary implementation for SMB in Zoom Clients
https://notcve.org/view.php?id=CVE-2023-28597
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-501: Trust Boundary Violation •