Skip to main content

Virtual Desktop Infrastructure

26 CVEs product

Monthly

CVE-2023-49647 HIGH This Week

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meeting Software Development Kit Video Software Development Kit Zoom +2
NVD
CVSS 3.1
8.8
EPSS
0.0%
CVE-2023-49646 MEDIUM This Month

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Authentication Bypass Meeting Software Development Kit Video Software Development Kit +2
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-43586 HIGH This Week

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Microsoft Meeting Software Development Kit Video Software Development Kit +2
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-43588 MEDIUM This Month

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2023-43582 HIGH This Week

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Meetings Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
8.8
EPSS
0.7%
CVE-2023-39206 HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings Rooms Video Software Development Kit +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-39205 MEDIUM This Month

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meetings Video Software Development Kit Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-39204 HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings Rooms Video Software Development Kit +2
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-39203 HIGH This Week

Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-39202 MEDIUM This Month

Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Rooms Virtual Desktop Infrastructure
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-39199 MEDIUM This Month

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-39215 MEDIUM This Month

Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Meeting Software Development Kit Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2023-39213 CRITICAL Act Now

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2023-39218 MEDIUM This Month

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2023-36535 MEDIUM This Month

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2023-36532 HIGH This Week

Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow Rooms Virtual Desktop Infrastructure +1
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2023-34121 HIGH This Week

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Microsoft Rooms Zoom +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2023-34120 HIGH This Week

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Microsoft Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2023-28603 HIGH This Week

Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-28597 HIGH This Week

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

RCE Rooms Zoom Virtual Desktop Infrastructure
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-22880 HIGH This Week

Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Rooms Virtual Desktop Infrastructure Zoom
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2022-28763 CRITICAL Act Now

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Google Apple Meetings +2
NVD
CVSS 3.1
9.6
EPSS
1.1%
CVE-2022-28755 MEDIUM This Month

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Apple RCE Virtual Desktop Infrastructure +1
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-34424 HIGH This Week

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google HP Apple Microsoft +30
NVD
CVSS 3.1
7.5
EPSS
1.7%
CVE-2021-34423 CRITICAL Act Now

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE HP Apple +31
NVD
CVSS 3.1
9.8
EPSS
3.2%
CVE-2015-7940 Maven MEDIUM PATCH This Month

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Java Leap Opensuse Bouncy Castle Crypto Package +4
NVD
CVSS 2.0
5.0
EPSS
1.0%
EPSS 0% CVSS 8.8
HIGH This Week

Improper access control in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows before version 5.16.10 may allow an authenticated user to conduct an escalation of. Rated high severity (CVSS 8.8), this vulnerability is low attack complexity. No vendor patch available.

Microsoft Privilege Escalation Meeting Software Development Kit +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Jwt Attack Authentication Bypass +4
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Path traversal in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom SDKs for Windows may allow an authenticated user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Path Traversal Microsoft +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Virtual Desktop Infrastructure +1
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Meetings Rooms +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings +4
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Meetings Video Software Development Kit +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Meetings +4
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Uncontrolled resource consumption in Zoom Team Chat for Zoom Desktop Client for Windows and Zoom VDI Client may allow an unauthenticated user to conduct a disclosure of information via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Virtual Desktop Infrastructure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Untrusted search path in Zoom Rooms Client for Windows and Zoom VDI Client may allow a privileged user to conduct a denial of service via local access. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Rooms +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Meetings Rooms +2
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Authentication Bypass Meeting Software Development Kit +2
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Improper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Virtual Desktop Infrastructure +1
NVD
EPSS 1% CVSS 4.9
MEDIUM This Month

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Virtual Desktop Infrastructure +1
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Rooms Virtual Desktop Infrastructure +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Heap Overflow +3
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Improper input validation in the Zoom for Windows, Zoom Rooms, Zoom VDI Windows Meeting clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation XSS Microsoft +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Jwt Attack Microsoft +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Virtual Desktop Infrastructure
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. Rated high severity (CVSS 7.5), this vulnerability is no authentication required. No vendor patch available.

RCE Rooms Zoom +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Rooms +2
NVD
EPSS 1% CVSS 9.6
CRITICAL Act Now

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Google +4
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.11.0 are susceptible to a URL parsing vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Google Apple +3
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability was discovered in the Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and iOS) before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google HP +32
NVD
EPSS 3% CVSS 9.8
CRITICAL Act Now

A buffer overflow vulnerability was discovered in Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.8.4, Zoom Client for Meetings for Blackberry (for Android and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Google RCE +33
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Java Leap +6
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy