CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28600
https://notcve.org/view.php?id=CVE-2023-28600
Zoom for MacOSclients prior to 5.14.0 contain an improper access control vulnerability. A malicious user may be able to delete/replace Zoom Client files potentially causing a loss of integrity and availability to the Zoom Client. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-284: Improper Access Control CWE-378: Creation of Temporary File With Insecure Permissions •
CVSS: 4.3EPSS: 0%CPEs: 5EXPL: 0CVE-2023-28599
https://notcve.org/view.php?id=CVE-2023-28599
Zoom clients prior to 5.13.10 contain an HTML injection vulnerability. A malicious user could inject HTML into their display name potentially leading a victim to a malicious website during meeting creation. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28598
https://notcve.org/view.php?id=CVE-2023-28598
Zoom for Linux clients prior to 5.13.10 contain an HTML injection vulnerability. If a victim starts a chat with a malicious user it could result in a Zoom application crash. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 12EXPL: 0CVE-2023-28597 – Improper trust boundary implementation for SMB in Zoom Clients
https://notcve.org/view.php?id=CVE-2023-28597
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-501: Trust Boundary Violation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22881 – Denial of Service in Zoom Clients
https://notcve.org/view.php?id=CVE-2023-22881
Zoom clients before version 5.13.5 contain a STUN parsing vulnerability. A malicious actor could send specially crafted UDP traffic to a victim Zoom client to remotely cause the client to crash, causing a denial of service. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •