U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • CPE Vendor: cpe:/:zoom
There are 70 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2022-36930

Zoom Rooms for Windows installers before version 5.13.0 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability in an attack chain to escalate their privileges to the SYSTEM user.

Published: January 09, 2023; 2:15:11 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-36929

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.

Published: January 09, 2023; 2:15:11 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-36928

Zoom for Android clients before version 5.13.0 contain a path traversal vulnerability. A third party app could exploit this vulnerability to read and write to the Zoom application data directory.

Published: January 09, 2023; 2:15:11 PM -0500
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2022-36927

Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.

Published: January 09, 2023; 2:15:11 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-36926

Zoom Rooms for macOS clients before version 5.11.3 contain a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.

Published: January 09, 2023; 2:15:11 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-36925

Zoom Rooms for macOS clients before version 5.11.4 contain an insecure key generation mechanism. The encryption key used for IPC between the Zoom Rooms daemon service and the Zoom Rooms client was generated using parameters that could be obtained by a local low-privileged application. That key can then be used to interact with the daemon service to execute privileged functions and cause a local denial of service.

Published: January 09, 2023; 2:15:10 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-36924

The Zoom Rooms Installer for Windows prior to 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to the SYSTEM user.

Published: November 17, 2022; 6:15:17 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-28768

The Zoom Client for Meetings Installer for macOS (Standard and for IT Admin) before version 5.12.6 contains a local privilege escalation vulnerability. A local low-privileged user could exploit this vulnerability during the install process to escalate their privileges to root.

Published: November 17, 2022; 6:15:15 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-28766

Windows 32-bit versions of the Zoom Client for Meetings before 5.12.6 and Zoom Rooms for Conference Room before version 5.12.6 are susceptible to a DLL injection vulnerability. A local low-privileged user could exploit this vulnerability to run arbitrary code in the context of the Zoom client.

Published: November 17, 2022; 6:15:15 PM -0500
V3.1: 7.3 HIGH
V2.0:(not available)
CVE-2022-28764

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.6 is susceptible to a local information exposure vulnerability. A failure to clear data from a local SQL database after a meeting ends and the usage of an insufficiently secure per-device key encrypting that database results in a local malicious user being able to obtain meeting information such as in-meeting chat for the previous meeting attended from that local user account.

Published: November 14, 2022; 4:15:13 PM -0500
V3.1: 3.3 LOW
V2.0:(not available)
CVE-2022-28763

The Zoom Client for Meetings (for Android, iOS, Linux, macOS, and Windows) before version 5.12.2 is susceptible to a URL parsing vulnerability. If a malicious Zoom meeting URL is opened, the malicious link may direct the user to connect to an arbitrary network address, leading to additional attacks including session takeovers.

Published: October 31, 2022; 4:15:12 PM -0400
V3.1: 9.6 CRITICAL
V2.0:(not available)
CVE-2022-28762

Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with 5.10.6 and prior to 5.12.0 contains a debugging port misconfiguration. When camera mode rendering context is enabled as part of the Zoom App Layers API by running certain Zoom Apps, a local debugging port is opened by the Zoom client. A local malicious user could use this debugging port to connect to and control the Zoom Apps running in the Zoom client.

Published: October 14, 2022; 11:15:17 AM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-28761

Zoom On-Premise Meeting Connector MMR before version 4.8.20220916.131 contains an improper access control vulnerability. As a result, a malicious actor in a meeting or webinar they are authorized to join could prevent participants from receiving audio and video causing meeting disruptions.

Published: October 14, 2022; 11:15:16 AM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-28760

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.

Published: October 14, 2022; 11:15:16 AM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2022-28759

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.

Published: October 14, 2022; 11:15:15 AM -0400
V3.1: 8.6 HIGH
V2.0:(not available)
CVE-2022-28758

Zoom On-Premise Meeting Connector MMR before version 4.8.20220815.130 contains an improper access control vulnerability. As a result, a malicious actor could obtain the audio and video feed of a meeting they were not authorized to join and cause other meeting disruptions.

Published: September 16, 2022; 6:15:10 PM -0400
V3.1: 8.2 HIGH
V2.0:(not available)
CVE-2022-28757

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.6 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.

Published: August 18, 2022; 4:15:11 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-28752

Zoom Rooms for Conference Rooms for Windows versions before 5.11.0 are susceptible to a Local Privilege Escalation vulnerability. A local low-privileged malicious user could exploit this vulnerability to escalate their privileges to the SYSTEM user.

Published: August 17, 2022; 6:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-28751

The Zoom Client for Meetings for MacOS (Standard and for IT Admin) before version 5.11.3 contains a vulnerability in the package signature validation during the update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.

Published: August 17, 2022; 6:15:08 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-28756

The Zoom Client for Meetings for macOS (Standard and for IT Admin) starting with version 5.7.3 and before 5.11.5 contains a vulnerability in the auto update process. A local low-privileged user could exploit this vulnerability to escalate their privileges to root.

Published: August 15, 2022; 7:15:07 PM -0400
V3.1: 7.8 HIGH
V2.0:(not available)