CVSS: 9.6EPSS: 0%CPEs: 11EXPL: 0CVE-2022-28763 – Improper URL parsing in Zoom Clients
https://notcve.org/view.php?id=CVE-2022-28763
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers. El Zoom Client para Meetings (para Android, iOS, Linux, macOS y Windows) anterior a la versión 5.12.2 es susceptible a una vulnerabilidad de análisis de URL. Si se abre la URL de una reunión de Zoom maliciosa, el enlace malicioso puede dirigir al usuario a conectarse a una dirección de red arbitraria, lo que genera ataques adicionales, incluida la apropiación de sesiones. • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-22782 – Local privilege escalation in Windows Zoom Clients
https://notcve.org/view.php?id=CVE-2022-22782
The Zoom Client for Meetings for Windows prior to version 5.9.7, Zoom Rooms for Conference Room for Windows prior to version 5.10.0, Zoom Plugins for Microsoft Outlook for Windows prior to version 5.10.3, and Zoom VDI Windows Meeting Clients prior to version 5.9.6; was susceptible to a local privilege escalation issue during the installer repair operation. A malicious actor could utilize this to potentially delete system level files or folders, causing integrity or availability issues on the user’s host machine. Zoom Client for Meetings para Windows versiones anteriores a 5.9.7, Zoom Rooms for Conference Room para Windows versiones anteriores a 5.10.0, Zoom Plugins for Microsoft Outlook para Windows versiones anteriores a 5.10.3 y Zoom VDI Windows Meeting Clients versiones anteriores a 5.9.6; eran susceptibles de un problema de escalada de privilegios local durante la operación de reparación del instalador. Un actor malicioso podría usar esto para eliminar potencialmente archivos o carpetas a nivel de sistema, causando problemas de integridad o disponibilidad en la máquina anfitriona del usuario This vulnerability allows local attackers to escalate privileges on affected installations of Zoom Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the installer. • https://explore.zoom.us/en/trust/security/security-bulletin •
CVSS: 7.5EPSS: 0%CPEs: 50EXPL: 0CVE-2021-34424 – Process memory exposure in Zoom Client and other products
https://notcve.org/view.php?id=CVE-2021-34424
A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom on-premise Meeting Connector before version 4.8.12.20211115, Zoom on-premise Meeting Connector MMR before version 4.8.12.20211115, Zoom on-premise Recording Connector before version 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector before version 4.4.7266.20211117, Zoom on-premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64 which potentially allowed for the exposure of the state of process memory. This issue could be used to potentially gain insight into arbitrary areas of the product's memory. Se ha detectado una vulnerabilidad en Zoom Client for Meetings (para Android, iOS, Linux, macOS y Windows) antes de la versión 5.8.4, Zoom Client for Meetings for Blackberry (para Android e iOS) antes de la versión 5.8.1, Zoom Client for Meetings for intune (para Android e iOS) antes de la versión 5.8.4, Zoom Client for Meetings for Chrome OS antes de la versión 5.0.1, Zoom Rooms for Conference Room (para Android, AndroidBali, macOS y Windows) antes de la versión 5.8. 3, Controllers for Zoom Rooms (para Android, iOS y Windows) antes de la versión 5.8.3, Zoom VDI Windows Meeting Client antes de la versión 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (para Windows x86 o x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) antes de la versión 5. 8.4.21112, Zoom VDI Citrix Plugins (para Windows x86 o x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) antes de la versión 5.8.4. 21112, Zoom VDI VMware Plugins (para Windows x86 o x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) antes de la versión 5.8.4.21112, Zoom Meeting SDK para Android antes de la versión 5.7.6. 1922, Zoom Meeting SDK para iOS antes de la versión 5.7.6.1082, Zoom Meeting SDK para macOS antes de la versión 5.7.6.1340, Zoom Meeting SDK para Windows antes de la versión 5.7.6.1081, Zoom Video SDK (para Android, iOS, macOS y Windows) antes de la versión 1.1.2, Zoom on-premise Meeting Connector antes de la versión 4. 8.12.20211115, Zoom on-premise Meeting Connector MMR antes de la versión 4.8.12.20211115, Zoom on-premise Recording Connector antes de la versión 5.1.0.65.20211116, Zoom on-premise Virtual Room Connector antes de la versión 4.4.7266. 20211117, Zoom on-premise Virtual Room Connector Load Balancer antes de la versión 2.5.5692.20211117, Zoom Hybrid Zproxy antes de la versión 1.0.1058.20211116, y Zoom Hybrid MMR antes de la versión 4.6.20211116.131_x86-64 que potencialmente permitía la exposición del estado de la memoria del proceso. Este problema podría ser utilizado para potencialmente obtener información sobre áreas arbitrarias de la memoria del producto Zoom suffers from an information leak vulnerability in the MMR server. • http://packetstormsecurity.com/files/165419/Zoom-MMR-Server-Information-Leak.html https://explore.zoom.us/en/trust/security/security-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 51EXPL: 0CVE-2021-34423 – Buffer overflow in Zoom client and other products
https://notcve.org/view.php?id=CVE-2021-34423
A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS, and Windows) before version 5.8.3, Zoom VDI Windows Meeting Client before version 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (for Windows x86 or x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) before version 5.8.4.21112, Zoom VDI Citrix Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom VDI VMware Plugins (for Windows x86 or x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) before version 5.8.4.21112, Zoom Meeting SDK for Android before version 5.7.6.1922, Zoom Meeting SDK for iOS before version 5.7.6.1082, Zoom Meeting SDK for macOS before version 5.7.6.1340, Zoom Meeting SDK for Windows before version 5.7.6.1081, Zoom Video SDK (for Android, iOS, macOS, and Windows) before version 1.1.2, Zoom On-Premise Meeting Connector Controller before version 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR before version 4.8.12.20211115, Zoom On-Premise Recording Connector before version 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector before version 4.4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer before version 2.5.5692.20211117, Zoom Hybrid Zproxy before version 1.0.1058.20211116, and Zoom Hybrid MMR before version 4.6.20211116.131_x86-64. This can potentially allow a malicious actor to crash the service or application, or leverage this vulnerability to execute arbitrary code. Se ha detectado una vulnerabilidad de desbordamiento de búfer en Zoom Client for Meetings (para Android, iOS, Linux, macOS y Windows) antes de la versión 5.8.4, Zoom Client for Meetings for Blackberry (para Android e iOS) antes de la versión 5.8.1, Zoom Client for Meetings for intune (para Android e iOS) antes de la versión 5.8.4, Zoom Client for Meetings for Chrome OS antes de la versión 5.0.1, Zoom Rooms for Conference Room (para Android, AndroidBali, macOS y Windows) antes de la versión 5. 8.3, Controllers for Zoom Rooms (para Android, iOS y Windows) antes de la versión 5.8.3, Zoom VDI Windows Meeting Client antes de la versión 5.8.4, Zoom VDI Azure Virtual Desktop Plugins (para Windows x86 o x64, IGEL x64, Ubuntu x64, HP ThinPro OS x64) antes de la versión 5. 8.4.21112, Zoom VDI Citrix Plugins (para Windows x86 o x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) antes de la versión 5.8.4. 21112, Zoom VDI VMware Plugins (para Windows x86 o x64, Mac Universal Installer & Uninstaller, IGEL x64, eLux RP6 x64, HP ThinPro OS x64, Ubuntu x64, CentOS x 64, Dell ThinOS) antes de la versión 5.8.4.21112, Zoom Meeting SDK para Android antes de la versión 5. 7.6.1922, Zoom Meeting SDK para iOS antes de la versión 5.7.6.1082, Zoom Meeting SDK para macOS antes de la versión 5.7.6.1340, Zoom Meeting SDK para Windows antes de la versión 5.7.6.1081, Zoom Video SDK (para Android, iOS, macOS y Windows) antes de la versión 1. 1.2, Zoom On-Premise Meeting Connector Controller antes de la versión 4.8.12.20211115, Zoom On-Premise Meeting Connector MMR antes de la versión 4.8.12.20211115, Zoom On-Premise Recording Connector antes de la versión 5.1.0.65.20211116, Zoom On-Premise Virtual Room Connector antes de la versión 4. 4.7266.20211117, Zoom On-Premise Virtual Room Connector Load Balancer antes de la versión 2.5.5692.20211117, Zoom Hybrid Zproxy antes de la versión 1.0.1058.20211116, y Zoom Hybrid MMR antes de la versión 4.6.20211116.131_x86-64. Esto puede permitir potencialmente a un actor malicioso bloquear el servicio o la aplicación, o aprovechar esta vulnerabilidad para ejecutar código arbitrario Zoom suffers from a buffer overflow vulnerability related to the processing of chat message. • http://packetstormsecurity.com/files/165417/Zoom-Chat-Message-Processing-Buffer-Overflow.html https://explore.zoom.us/en/trust/security/security-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •