Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:zoom:rooms:-:*:*:*:*:macos:*:*
- CPE Name Search: true
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2023-43591 |
Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Published: November 14, 2023; 7:15:09 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-43590 |
Link following in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. Published: November 14, 2023; 7:15:09 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2023-43582 |
Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access. Published: November 14, 2023; 7:15:08 PM -0500 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2023-39206 |
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Published: November 14, 2023; 6:15:09 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-39204 |
Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access. Published: November 14, 2023; 6:15:08 PM -0500 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-39199 |
Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access. Published: November 14, 2023; 6:15:08 PM -0500 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-39214 |
Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access. Published: August 08, 2023; 6:15:10 PM -0400 |
V3.1: 8.1 HIGH V2.0:(not available) |
CVE-2023-39218 |
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access. Published: August 08, 2023; 2:15:23 PM -0400 |
V3.1: 4.9 MEDIUM V2.0:(not available) |
CVE-2023-36535 |
Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access. Published: August 08, 2023; 2:15:14 PM -0400 |
V3.1: 6.5 MEDIUM V2.0:(not available) |
CVE-2023-36532 |
Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access. Published: August 08, 2023; 2:15:13 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2023-28597 |
Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution. Published: March 27, 2023; 5:15:12 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-36927 |
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. Published: January 09, 2023; 2:15:11 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-36926 |
Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root. Published: January 09, 2023; 2:15:11 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-36925 |
Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service. Published: January 09, 2023; 2:15:10 PM -0500 |
V3.1: 7.8 HIGH V2.0:(not available) |
CVE-2022-28764 |
The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account. Published: November 14, 2022; 4:15:13 PM -0500 |
V3.1: 3.3 LOW V2.0:(not available) |
CVE-2021-34409 |
It was discovered that the installation packages of the Zoom Client for Meetings for MacOS (Standard and for IT Admin) installation before version 5.2.0, Zoom Client Plugin for Sharing iPhone/iPad before version 5.2.0, and Zoom Rooms for Conference before version 5.1.0, copy pre- and post- installation shell scripts to a user-writable directory. In the affected products listed below, a malicious actor with local access to a user's machine could use this flaw to potentially run arbitrary system commands in a higher privileged context during the installation process. Published: September 27, 2021; 10:15:08 AM -0400 |
V3.1: 7.8 HIGH V2.0: 7.2 HIGH |