CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0CVE-2023-43582
https://notcve.org/view.php?id=CVE-2023-43582
14 Nov 2023 — Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. La autorización inadecuada en algunos clientes de Zoom puede permitir que un usuario autorizado realice una escalada de privilegios a través del acceso a la red. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-287: Improper Authentication CWE-939: Improper Authorization in Handler for Custom URL Scheme •
CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0CVE-2023-43588
https://notcve.org/view.php?id=CVE-2023-43588
14 Nov 2023 — Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. La gestión insuficiente del flujo de control en algunos clientes de Zoom puede permitir que un usuario autenticado realice una divulgación de información a través del acceso a la red. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-449: The UI Performs the Wrong Action CWE-691: Insufficient Control Flow Management •
CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0CVE-2023-39199
https://notcve.org/view.php?id=CVE-2023-39199
14 Nov 2023 — Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. Los problemas criptográficos con el chat durante la reunión para algunos clientes de Zoom pueden permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-310: Cryptographic Issues CWE-325: Missing Cryptographic Step •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2023-39206
https://notcve.org/view.php?id=CVE-2023-39206
14 Nov 2023 — Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. El desbordamiento del búfer en algunos clientes de Zoom puede permitir que un usuario no autenticado realice una denegación de servicio a través del acceso a la red. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0CVE-2023-39205
https://notcve.org/view.php?id=CVE-2023-39205
14 Nov 2023 — Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. La verificación de condiciones inadecuadas en Zoom Team Chat para clientes de Zoom puede permitir que un usuario autenticado lleve a cabo una denegación de servicio a través del acceso a la red. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2023-39204
https://notcve.org/view.php?id=CVE-2023-39204
14 Nov 2023 — Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. El desbordamiento del búfer en algunos clientes de Zoom puede permitir que un usuario no autenticado realice una denegación de servicio a través del acceso a la red. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 24EXPL: 0CVE-2023-36539
https://notcve.org/view.php?id=CVE-2023-36539
30 Jun 2023 — Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. La exposición de información destinada a ser cifrada por algunos clientes Zoom puede dar lugar a la divulgación de información sensible. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-325: Missing Cryptographic Step CWE-326: Inadequate Encryption Strength •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28596 – Local Privilege Escalation in Zoom for macOS Installers
https://notcve.org/view.php?id=CVE-2023-28596
27 Mar 2023 — Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-427: Uncontrolled Search Path Element •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43472 – WordPress eRoom plugin <= 1.4.6 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2022-43472
22 Mar 2023 — Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings & Webinar: from n/a through 1.4.6. The eRoom – Zoom Meetings & Webinar plugin for WordPress is vulnerable to retrieve setting information due to a missing capability check on the stm_wpcfto_get_settings_callback function in versions up to, and including, 1.4.6. This makes it possible for authenticated attackers ... • https://patchstack.com/database/wordpress/plugin/eroom-zoom-meetings-webinar/vulnerability/wordpress-eroom-plugin-1-4-6-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22883 – Local Privilege Escalation in Zoom for Windows Installers
https://notcve.org/view.php?id=CVE-2023-22883
16 Mar 2023 — Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •