Skip to main content

Rooms

89 CVEs product

Monthly

CVE-2025-64739 MEDIUM Monitor

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms Rooms Controller Workplace Desktop +1
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-62483 MEDIUM This Month

Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms Rooms Controller Workplace Desktop +1
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-58135 MEDIUM This Month

Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-58134 MEDIUM Monitor

Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49461 MEDIUM Monitor

Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XSS Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-49460 MEDIUM Monitor

Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms Rooms Controller Workplace +2
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-49458 MEDIUM This Month

Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Meeting Software Development Kit Rooms Rooms Controller +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-49457 CRITICAL Act Now

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
9.6
EPSS
0.1%
CVE-2025-49456 MEDIUM This Month

Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
6.2
EPSS
0.0%
CVE-2025-46786 MEDIUM This Month

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Meeting Software Development Kit Rooms Rooms Controller Workplace +2
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-46785 MEDIUM This Month

Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30668 MEDIUM This Month

Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30667 MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +5
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30666 MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30665 MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30664 MEDIUM This Month

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

XSS Privilege Escalation Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2025-30663 HIGH This Month

Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Meeting Software Development Kit Rooms Rooms Controller Workplace +2
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2025-30671 MEDIUM This Month

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30670 MEDIUM This Month

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-27443 LOW Monitor

Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Meeting Software Development Kit Rooms Rooms Controller +2
NVD
CVSS 3.1
2.8
EPSS
0.1%
CVE-2024-27246 MEDIUM This Month

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service Meeting Software Development Kit Rooms +3
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-27245 MEDIUM This Month

Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Denial Of Service Meeting Software Development Kit Rooms +3
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-27239 MEDIUM This Month

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service Meeting Software Development Kit Rooms +3
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-45426 MEDIUM This Month

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms Rooms Controller Workplace +2
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-45425 MEDIUM This Month

Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms Rooms Controller Workplace +2
NVD
CVSS 3.1
4.9
EPSS
0.1%
CVE-2024-45424 MEDIUM This Month

Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms Rooms Controller Workplace +2
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-45421 HIGH This Week

Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation Meeting Software Development Kit Rooms +5
NVD
CVSS 3.1
8.5
EPSS
0.7%
CVE-2024-45418 MEDIUM This Month

Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Meeting Software Development Kit Rooms Video Software Development Kit +2
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-45417 MEDIUM This Month

Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Meeting Software Development Kit Rooms Video Software Development Kit +2
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-0146 LOW Monitor

Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
3.9
EPSS
0.1%
CVE-2025-0145 MEDIUM Monitor

Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meeting Software Development Kit Rooms Rooms Controller +4
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2025-0144 LOW Monitor

Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow Meeting Software Development Kit Rooms Rooms Controller +4
NVD
CVSS 3.1
3.1
EPSS
0.1%
CVE-2024-45422 HIGH This Week

Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms Rooms Controller Video Software Development Kit +2
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-45420 MEDIUM This Month

Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms Rooms Controller Video Software Development Kit +2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2024-45419 HIGH This Week

Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms Rooms Controller Video Software Development Kit +3
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2024-42441 MEDIUM This Month

Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit Rooms Workplace Desktop
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-42440 MEDIUM This Month

Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit Rooms Workplace Desktop
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-42438 MEDIUM This Month

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-42437 MEDIUM This Month

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-42436 MEDIUM This Month

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service Meeting Software Development Kit Rooms +4
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-42435 MEDIUM This Month

Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms Rooms Controller Workplace +2
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-42434 MEDIUM This Month

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-39825 HIGH This Week

Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation Rooms Workplace +2
NVD
CVSS 3.1
8.5
EPSS
0.6%
CVE-2024-39824 MEDIUM This Month

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-39823 MEDIUM This Month

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Meeting Software Development Kit Rooms Rooms Controller +3
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2024-39822 MEDIUM This Month

Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms Rooms Controller Workplace +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2024-39818 MEDIUM This Month

Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Workplace Workplace Desktop Workplace Virtual Desktop Infrastructure
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2024-39821 MEDIUM This Month

Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 4.4). No vendor patch available.

Denial Of Service Microsoft Rooms Workplace Desktop
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-39819 HIGH This Week

Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit Rooms Workplace Desktop
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2024-27241 HIGH This Week

Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms Workplace Workplace Desktop +1
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-27240 HIGH This Week

Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms Workplace Desktop Workplace Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-27238 MEDIUM This Month

Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit Rooms Workplace Desktop
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-24693 MEDIUM This Month

Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Rooms
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-24692 MEDIUM This Month

Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Microsoft Rooms
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2024-24699 MEDIUM This Month

Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meeting Sdk Rooms Vdi Windows Meeting Clients Zoom
NVD
CVSS 3.1
6.5
EPSS
1.7%
CVE-2024-24698 MEDIUM This Month

Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Meeting Software Development Kit Rooms Vdi Windows Meeting Clients Zoom
NVD
CVSS 3.1
4.4
EPSS
0.5%
CVE-2024-24697 HIGH This Week

Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit Rooms Vdi Windows Meeting Clients +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2024-24691 CRITICAL Act Now

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit Rooms Vdi Windows Meeting Clients +1
NVD
CVSS 3.1
9.8
EPSS
1.7%
CVE-2024-24690 MEDIUM This Month

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms Vdi Windows Meeting Clients Video Software Development Kit +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-43591 HIGH This Week

Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43590 HIGH This Week

Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-43582 HIGH This Week

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Meetings Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39206 HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings Rooms Video Software Development Kit +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-39204 HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings Rooms Video Software Development Kit +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-39202 MEDIUM This Month

Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Rooms Virtual Desktop Infrastructure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-39199 MEDIUM This Month

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-39214 HIGH This Week

Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms Zoom
NVD
CVSS 3.1
8.1
EPSS
0.8%
CVE-2023-39212 MEDIUM This Month

Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Rooms
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-39211 HIGH This Week

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Microsoft Rooms Zoom
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-39218 MEDIUM This Month

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2023-36535 MEDIUM This Month

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-36532 HIGH This Week

Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Rooms Virtual Desktop Infrastructure +1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-36538 HIGH This Week

Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36537 HIGH This Week

Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-36536 HIGH This Week

Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34119 HIGH This Week

Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-34118 HIGH This Week

Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-36539 HIGH This Week

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms Video Software Development Kit Zoom +5
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-34121 HIGH This Week

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Microsoft Rooms Zoom +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-28597 HIGH This Week

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

RCE Rooms Zoom Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-22880 HIGH This Week

Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-36924 HIGH This Week

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-28766 HIGH This Week

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Code Injection Meetings Rooms
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2022-28764 LOW Monitor

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft Google Meetings +2
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2022-28752 HIGH This Week

Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Jwt Attack Privilege Escalation Rooms
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2022-22788 HIGH This Week

The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Meetings Rooms
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2022-22786 HIGH This Week

The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Meetings Rooms
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2021-34411 HIGH This Week

During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Rooms
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-34409 HIGH This Week

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Meetings Rooms Screen Sharing
NVD
CVSS 3.1
7.8
EPSS
0.2%
EPSS 0% CVSS 4.3
MEDIUM Monitor

External control of file name or path in certain Zoom Clients may allow an unauthenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper removal of sensitive information in certain Zoom Clients before version 6.5.10 may allow an unauthenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper action enforcement in certain Zoom Workplace Clients for Windows may allow an unauthenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Microsoft Information Disclosure Meeting Software Development Kit +5
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Incorrect authorization in certain Zoom Workplace Clients for Windows may allow an authenticated user to conduct an impact to integrity via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Meeting Software Development Kit +5
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Cross-site scripting in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service XSS Meeting Software Development Kit +5
NVD
EPSS 0% CVSS 4.3
MEDIUM Monitor

Uncontrolled resource consumption in certain Zoom Workplace Clients may allow an unauthenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Buffer overflow in certain Zoom Workplace Clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Meeting Software Development Kit +4
NVD
EPSS 0% CVSS 9.6
CRITICAL Act Now

Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meeting Software Development Kit +5
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Race condition in the installer for certain Zoom Clients for Windows may allow an unauthenticated user to impact application integrity via local access. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Meeting Software Development Kit +5
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to impact app integrity via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Meeting Software Development Kit Rooms +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Buffer over-read in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Buffer Overflow Denial Of Service +6
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Integer underflow in some Zoom Workplace Apps may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Meeting Software Development Kit +5
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service +7
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service +6
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

NULL pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service +6
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

Cross-site scripting in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 6.6), this vulnerability is low attack complexity. No vendor patch available.

XSS Privilege Escalation Meeting Software Development Kit +5
NVD
EPSS 0% CVSS 8.8
HIGH This Month

Time-of-check time-of-use race condition in some Zoom Workplace Apps may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Meeting Software Development Kit Rooms +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service +6
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Null Pointer Dereference Denial Of Service +6
NVD
EPSS 0% CVSS 2.8
LOW Monitor

Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Information Disclosure Meeting Software Development Kit +4
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service +5
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Buffer overflow in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Heap Overflow Denial Of Service +5
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Use after free in some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Use After Free Memory Corruption Denial Of Service +5
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms +4
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Incorrect user management in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms +4
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Business logic error in some Zoom Workplace Apps may allow an unauthenticated user to conduct a disclosure of information via network access. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms +4
NVD
EPSS 1% CVSS 8.5
HIGH This Week

Buffer overflow in some Zoom Apps may allow an authenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Heap Overflow Privilege Escalation +7
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apple Privilege Escalation Meeting Software Development Kit +4
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Meeting Software Development Kit +4
NVD
EPSS 0% CVSS 3.9
LOW Monitor

Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity. No vendor patch available.

Apple Denial Of Service Meeting Software Development Kit +5
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

Untrusted search path in the installer for some Zoom Workplace Apps for Windows may allow an authorized user to conduct an escalation of privilege via local access. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meeting Software Development Kit +6
NVD
EPSS 0% CVSS 3.1
LOW Monitor

Out-of-bounds write in some Zoom Workplace Apps may allow an authorized user to conduct a loss of integrity via network access. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Memory Corruption Buffer Overflow Meeting Software Development Kit +6
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms +5
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Incorrect privilege assignment in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

Improper privilege management in the installer for Zoom Workplace Desktop App for macOS, Zoom Meeting SDK for macOS and Zoom Rooms Client for macOS before 6.1.5 may allow a privileged user to conduct. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Meeting Software Development Kit +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service +6
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Buffer overflow in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Denial Of Service +6
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Sensitive information disclosure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms +4
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Meeting Software Development Kit +5
NVD
EPSS 1% CVSS 8.5
HIGH This Week

Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation +4
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Meeting Software Development Kit +5
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Missing authorization in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Meeting Software Development Kit +5
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meeting Software Development Kit Rooms +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Protection mechanism failure for some Zoom Workplace Apps and SDKs may allow an authenticated user to conduct information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Workplace +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 4.4). No vendor patch available.

Denial Of Service Microsoft Rooms +1
NVD
EPSS 0% CVSS 7.3
HIGH This Week

Integrity check in the installer for some Zoom Workplace Apps and SDKs for Windows may allow an authenticated user to conduct a privilege escalation via local access. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper input validation in some Zoom Apps and SDKs may allow an authenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper input validation in the installer for some Zoom Apps for Windows may allow an authenticated user to conduct a privilege escalation via local access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms +2
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

Race condition in the installer for some Zoom Apps and SDKs for Windows before version 6.0.0 may allow an authenticated user to conduct a privilege escalation via local access. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Rooms
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Microsoft Rooms
NVD
EPSS 2% CVSS 6.5
MEDIUM This Month

Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meeting Sdk Rooms +2
NVD
EPSS 1% CVSS 4.4
MEDIUM This Month

Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Meeting Software Development Kit Rooms +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit +3
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Meeting Software Development Kit +3
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Rooms
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Apple Rooms
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Meetings Rooms +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings +4
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Rooms +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms +2
NVD
EPSS 1% CVSS 8.1
HIGH This Week

Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meeting Software Development Kit Rooms +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Untrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Rooms
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Jwt Attack Microsoft +2
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Virtual Desktop Infrastructure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Virtual Desktop Infrastructure +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Rooms
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms +7
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Microsoft +3
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

RCE Rooms Zoom +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Rooms +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Rooms
NVD
EPSS 1% CVSS 7.3
HIGH This Week

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Code Injection +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Apple Microsoft +4
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Jwt Attack Privilege Escalation +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

The Zoom Opener installer is downloaded by a user from the Launch meeting page, when attempting to join a meeting without having the Zoom Meeting Client installed. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Microsoft Meetings +1
NVD
EPSS 2% CVSS 8.8
HIGH This Week

The Zoom Client for Meetings for Windows before version 5.10.0 and Zoom Rooms for Conference Room for Windows before version 5.10.0, fails to properly check the installation version during the update. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Meetings +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Rooms
NVD
EPSS 0% CVSS 7.8
HIGH This Week

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Meetings +2
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy