Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access.

Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access.

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Improper authentication in some Zoom clients before version 5.16.5 may allow an authenticated user to conduct a denial of service via network access.

Insufficient control flow management in some Zoom clients may allow an authenticated user to conduct an information disclosure via network access.

Improper authorization in some Zoom clients may allow an authorized user to conduct an escalation of privilege via network access.

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

Improper conditions check in Zoom Team Chat for Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Buffer overflow in some Zoom clients may allow an unauthenticated user to conduct a denial of service via network access.

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.

Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.

Exposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.

Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.

Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.

Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.

Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.

Exposure of information intended to be encrypted by some Zoom clients may lead to disclosure of sensitive information.

Improper privilege management in Zoom for Windows, Zoom Rooms for Windows, and Zoom VDI for Windows clients before 5.14.0 may allow an authenticated user to potentially enable an escalation of privilege via local access. Users may potentially utilize higher level system privileges maintained by the Zoom client to spawn processes with escalated privileges.

Zoom for Windows clients prior to 5.13.5 contain an improper verification of cryptographic signature vulnerability. A malicious user may potentially downgrade Zoom Client components to previous versions.