CVSS: 9.8EPSS: 1%CPEs: 51EXPL: 1CVE-2021-34423 – Buffer overflow in Zoom client and other products
https://notcve.org/view.php?id=CVE-2021-34423
24 Nov 2021 — A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before version 5.8.1, Zoom Client for Meetings for intune (for Android and iOS) before version 5.8.4, Zoom Client for Meetings for Chrome OS before version 5.0.1, Zoom Rooms for Conference Room (for Android, AndroidBali, macOS, and Windows) before version 5.8.3, Controllers for Zoom Rooms (for Android, iOS... • https://packetstorm.news/files/id/165417 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34419 – HTML injection in Zoom Linux client
https://notcve.org/view.php?id=CVE-2021-34419
11 Nov 2021 — In the Zoom Client for Meetings for Ubuntu Linux before version 5.1.0, there is an HTML injection flaw when sending a remote control request to a user in the process of in-meeting screen sharing. This could allow meeting participants to be targeted for social engineering attacks. En Zoom Client for Meetings para Ubuntu Linux versiones anteriores a 5.1.0, se presenta un fallo de inyección de HTML cuando es enviada una petición de control remoto a un usuario en el proceso de compartir la pantalla en una reuni... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-34420 – Zoom Windows installation executable signature bypass
https://notcve.org/view.php?id=CVE-2021-34420
11 Nov 2021 — The Zoom Client for Meetings for Windows installer before version 5.5.4 does not properly verify the signature of files with .msi, .ps1, and .bat extensions. This could lead to a malicious actor installing malicious software on a customer’s computer. El instalador de Zoom Client for Meetings para Windows anterior a la versión 5.5.4 no verifica correctamente la firma de los archivos con extensiones .msi, .ps1 y .bat. Esto podría dar lugar a que un actor malintencionado instalara software malicioso en el orde... • https://explore.zoom.us/en/trust/security/security-bulletin • CWE-347: Improper Verification of Cryptographic Signature •