NotCVE - vendor:"Zoom" product:"Meetings" version:"

36 results (0.004 seconds)

CVSS: 9.0EPSS: 0%CPEs: 16EXPL: 0

CVE-2023-43582

https://notcve.org/view.php?id=CVE-2023-43582

14 Nov 2023 — Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. La autorización inadecuada en algunos clientes de Zoom puede permitir que un usuario autorizado realice una escalada de privilegios a través del acceso a la red. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-287: Improper Authentication CWE-939: Improper Authorization in Handler for Custom URL Scheme •

CVSS: 6.8EPSS: 0%CPEs: 8EXPL: 0

CVE-2023-43588

https://notcve.org/view.php?id=CVE-2023-43588

14 Nov 2023 — Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. La gestión insuficiente del flujo de control en algunos clientes de Zoom puede permitir que un usuario autenticado realice una divulgación de información a través del acceso a la red. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-449: The UI Performs the Wrong Action CWE-691: Insufficient Control Flow Management •

CVSS: 6.8EPSS: 0%CPEs: 16EXPL: 0

CVE-2023-39199

https://notcve.org/view.php?id=CVE-2023-39199

14 Nov 2023 — Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. Los problemas criptográficos con el chat durante la reunión para algunos clientes de Zoom pueden permitir que un usuario privilegiado realice una divulgación de información a través del acceso a la red. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-310: Cryptographic Issues CWE-325: Missing Cryptographic Step •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0

CVE-2023-39206

https://notcve.org/view.php?id=CVE-2023-39206

14 Nov 2023 — Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. El desbordamiento del búfer en algunos clientes de Zoom puede permitir que un usuario no autenticado realice una denegación de servicio a través del acceso a la red. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 0

CVE-2023-39205

https://notcve.org/view.php?id=CVE-2023-39205

14 Nov 2023 — Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. La verificación de condiciones inadecuadas en Zoom Team Chat para clientes de Zoom puede permitir que un usuario autenticado lleve a cabo una denegación de servicio a través del acceso a la red. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-754: Improper Check for Unusual or Exceptional Conditions •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0

CVE-2023-39204

https://notcve.org/view.php?id=CVE-2023-39204

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-28596 – Local Privilege Escalation in Zoom for macOS Installers

https://notcve.org/view.php?id=CVE-2023-28596

27 Mar 2023 — Zoom Client for IT Admin macOS installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to privileges to root. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-427: Uncontrolled Search Path Element •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-22883 – Local Privilege Escalation in Zoom for Windows Installers

https://notcve.org/view.php?id=CVE-2023-22883

16 Mar 2023 — Zoom Client for IT Admin Windows installers before version 5.13.5 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain during the installation process to escalate their privileges to the SYSTEM user. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2022-28766 – DLL injection in Zoom Windows Clients

https://notcve.org/view.php?id=CVE-2022-28766

17 Nov 2022 — Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client. Las versiones de Windows de 32 bits de Zoom Client for Meetings anteriores a 5.12.6 y Zoom Rooms for Meetings anteriores a 5.12.6 son susceptibles a una vulnerabilidad de inyección de DLL. Un usuario local con pocos p... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-427: Uncontrolled Search Path Element •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-28768 – Local Privilege Escalation in Zoom Client Installer for macOS

https://notcve.org/view.php?id=CVE-2022-28768

17 Nov 2022 — The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root. El instalador de Zoom Client for Meetings para macOS (estándar y para administrador de TI) anterior a la versión 5.12.6 contiene una vulnerabilidad de escalada de privilegios local. Un usuario local con pocos privilegios podría aprove... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-689: Permission Race Condition During Resource Copy •

1 2 3 4