Filtered by vendor Zoom
Subscribe
Total
219 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-39820 | 1 Zoom | 1 Workplace Desktop | 2025-08-05 | N/A | 6.6 MEDIUM |
| Uncontrolled search path element in the installer for Zoom Workplace Desktop App for macOS before version 6.0.10 may allow an authenticated user to conduct a denial of service via local access. | |||||
| CVE-2024-39821 | 1 Zoom | 2 Rooms, Workplace Desktop | 2025-08-05 | N/A | 6.6 MEDIUM |
| Race condition in the installer for Zoom Workplace App for Windows and Zoom Rooms App for Windows may allow an authenticated user to conduct a denial of service via local access. | |||||
| CVE-2025-30671 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Rooms Controller and 2 more | 2025-08-01 | N/A | 6.5 MEDIUM |
| Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-30670 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Rooms Controller and 2 more | 2025-08-01 | N/A | 6.5 MEDIUM |
| Null pointer dereference in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-27443 | 1 Zoom | 4 Meeting Software Development Kit, Rooms, Rooms Controller and 1 more | 2025-08-01 | N/A | 2.8 LOW |
| Insecure default variable initialization in some Zoom Workplace Apps for Windows may allow an authenticated user to conduct a loss of integrity via local access. | |||||
| CVE-2025-0150 | 1 Zoom | 2 Meeting Software Development Kit, Workplace | 2025-08-01 | N/A | 7.1 HIGH |
| Incorrect behavior order in some Zoom Workplace Apps for iOS before version 6.3.0 may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2025-0146 | 1 Zoom | 5 Meeting Software Development Kit, Rooms, Rooms Controller and 2 more | 2025-08-01 | N/A | 3.9 LOW |
| Symlink following in the installer for Zoom Workplace App for macOS before 6.2.10 may allow an authenticated user to conduct a denial of service via local access. | |||||
| CVE-2025-0147 | 1 Zoom | 3 Meeting Software Development Kit, Video Software Development Kit, Workplace Desktop | 2025-08-01 | N/A | 8.8 HIGH |
| Type confusion in the Zoom Workplace App for Linux before 6.2.10 may allow an authorized user to conduct an escalation of privilege via network access. | |||||
| CVE-2024-27247 | 1 Zoom | 1 Zoom | 2025-07-31 | N/A | 5.5 MEDIUM |
| Improper privilege management in the installer for Zoom Desktop Client for macOS before version 5.17.10 may allow a privileged user to conduct an escalation of privilege via local access. | |||||
| CVE-2024-27242 | 1 Zoom | 1 Zoom | 2025-07-31 | N/A | 4.1 MEDIUM |
| Cross site scripting in Zoom Desktop Client for Linux before version 5.17.10 may allow an authenticated user to conduct a denial of service via network access. | |||||
| CVE-2024-24694 | 1 Zoom | 1 Zoom | 2025-07-31 | N/A | 5.9 MEDIUM |
| Improper privilege management in the installer for Zoom Desktop Client for Windows before version 5.17.10 may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
| CVE-2025-0143 | 1 Zoom | 3 Meeting Software Development Kit, Video Software Development Kit, Workplace Desktop | 2025-07-31 | N/A | 4.3 MEDIUM |
| Out-of-bounds write in the Zoom Workplace App for Linux before version 6.2.5 may allow an unauthorized user to conduct a denial of service via network access. | |||||
| CVE-2023-43591 | 1 Zoom | 1 Rooms | 2025-06-11 | N/A | 7.8 HIGH |
| Improper privilege management in Zoom Rooms for macOS before version 5.16.0 may allow an authenticated user to conduct an escalation of privilege via local access. | |||||
| CVE-2017-15049 | 1 Zoom | 1 Zoom | 2025-04-20 | 9.3 HIGH | 8.8 HIGH |
| The ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 does not properly sanitize user input when constructing a shell command, which allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | |||||
| CVE-2017-15048 | 1 Zoom | 1 Zoom | 2025-04-20 | 6.8 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the ZoomLauncher binary in the Zoom client for Linux before 2.0.115900.1201 allows remote attackers to execute arbitrary code by leveraging the zoommtg:// scheme handler. | |||||
| CVE-2014-5811 | 1 Zoom | 1 Zoom Cloud Meetings | 2025-04-12 | 5.4 MEDIUM | N/A |
| The ZOOM Cloud Meetings (aka us.zoom.videomeetings) application @7F060008 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
| CVE-2024-45426 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-03-04 | N/A | 4.9 MEDIUM |
| Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. | |||||
| CVE-2024-45418 | 1 Zoom | 4 Meeting Software Development Kit, Rooms, Video Software Development Kit and 1 more | 2025-03-04 | N/A | 5.4 MEDIUM |
| Symlink following in the installer for some Zoom apps for macOS before version 6.1.5 may allow an authenticated user to conduct an escalation of privilege via network access. | |||||
| CVE-2024-45417 | 1 Zoom | 4 Meeting Software Development Kit, Rooms, Video Software Development Kit and 1 more | 2025-03-04 | N/A | 6.0 MEDIUM |
| Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access. | |||||
| CVE-2023-28597 | 2 Microsoft, Zoom | 4 Windows, Rooms, Virtual Desktop Infrastructure and 1 more | 2025-02-19 | N/A | 8.3 HIGH |
| Zoom clients prior to 5.13.5 contain an improper trust boundary implementation vulnerability. If a victim saves a local recording to an SMB location and later opens it using a link from Zoom’s web portal, an attacker positioned on an adjacent network to the victim client could set up a malicious SMB server to respond to client requests, causing the client to execute attacker controlled executables. This could result in an attacker gaining access to a user's device and data, and remote code execution. | |||||