U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:zoom:rooms:-:*:*:*:*:iphone_os:*:*
  • CPE Name Search: true
There are 6 matching records.
Displaying matches 1 through 6.
Vuln ID Summary CVSS Severity
CVE-2024-24699

Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.

Published: February 13, 2024; 7:15:48 PM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2024-24697

Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.

Published: February 13, 2024; 7:15:47 PM -0500
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2024-24690

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Published: February 13, 2024; 7:15:47 PM -0500
V4.0:(not available)
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2023-28597

Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution.

Published: March 27, 2023; 5:15:12 PM -0400
V4.0:(not available)
V3.1: 7.5 HIGH
V2.0:(not available)
CVE-2022-28764

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.

Published: November 14, 2022; 4:15:13 PM -0500
V4.0:(not available)
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2021-34409

It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process.

Published: September 27, 2021; 10:15:08 AM -0400
V4.0:(not available)
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH